Pkcs7用证书和私钥在.Net中签名?
Pkcs7用证书和私钥在.Net中签名?
提问于 2022-03-23 22:11:31
我在pkcs7中有一个有效的Node.js密码算法。
var forge = require('node-forge');
var fs = require('fs');
var privateKeyAssociatedWithCert = fs.readFileSync("certs\\confpack.key", 'binary');
const payload = fs.readFileSync("certs\\confpack.cert", 'binary');
const certOrCertPem = forge.pki.certificateFromPem(payload);
// create PKCS#7 signed data with authenticatedAttributes
// attributes include: PKCS#9 content-type, message-digest, and signing-time
var p7 = forge.pkcs7.createSignedData();
p7.content = forge.util.createBuffer('ABCD123');
p7.addCertificate(certOrCertPem);
p7.addSigner({
key: privateKeyAssociatedWithCert,
certificate: certOrCertPem,
digestAlgorithm: forge.pki.oids.sha256,
authenticatedAttributes: [
]
});
// PKCS#7 Sign in detached mode.
// Includes the signature and certificate without the signed data.
p7.sign({ detached: true });
console.log(forge.asn1.toDer(p7.toAsn1()).toHex());我使用.Net和Org.BouncyCastle Nuget实现的结果不同。
X509CertificateParser certParser = new X509CertificateParser();
Org.BouncyCastle.X509.X509Certificate rootCert = certParser.ReadCertificate(File.ReadAllBytes("cert\\confpack.cert"));
AsymmetricKeyParameter signatureKey;
using (var reader = File.OpenText("cert\\confpack.key"))
signatureKey = (AsymmetricKeyParameter)new PemReader(reader).ReadObject();
byte[] signedMessage = null;
CmsProcessable cmsData = new CmsProcessableByteArray(Encoding.ASCII.GetBytes("ABCD123"));
var allCerts = new List<Org.BouncyCastle.X509.X509Certificate>();
allCerts.Add(rootCert);
var storeParams = new X509CollectionStoreParameters(allCerts);
var certStore = X509StoreFactory.Create("Certificate/Collection", storeParams);
CmsSignedDataGenerator cmsGenerator = new CmsSignedDataGenerator();
cmsGenerator.AddSigner(signatureKey, rootCert, NistObjectIdentifiers.IdSha256.Id);
cmsGenerator.AddCertificates(certStore);
CmsSignedData cms = cmsGenerator.Generate(cmsData, true);
signedMessage = cms.GetEncoded();
Debug.WriteLine(Hex.ToHexString(signedMessage));结果:“3082055406092a864886f70”
.Net结果:“308006092a864886f70”
我在.net代码中遗漏了什么?我真的需要得到同样的结果。
回答 1
Stack Overflow用户
发布于 2022-04-02 14:15:00
Node版本生成一个独立的签名,.net生成一个封装的签名。对于分离签名,请使用:
cmsGenerator.Generate(cmsData,false)
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/71594678
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号