/// <summary> /// Sign the content using the specified signer. /// </summary> /// <remarks> /// Sign the content using the specified signer. /// </remarks> /// <returns>A new <see cref="MimeKit.MimePart"/> instance /// containing the detached signature data.</returns> /// <param name="signer">The signer.</param> /// <param name="digestAlgo">The digest algorithm to use for signing.</param> /// <param name="content">The content.</param> /// <exception cref="System.ArgumentNullException"> /// <para><paramref name="signer"/> is <c>null</c>.</para> /// <para>-or-</para> /// <para><paramref name="content"/> is <c>null</c>.</para> /// </exception> /// <exception cref="System.ArgumentOutOfRangeException"> /// <paramref name="digestAlgo"/> is out of range. /// </exception> /// <exception cref="System.NotSupportedException"> /// The specified <see cref="DigestAlgorithm"/> is not supported by this context. /// </exception> /// <exception cref="CertificateNotFoundException"> /// A signing certificate could not be found for <paramref name="signer"/>. /// </exception> /// <exception cref="System.Security.Cryptography.CryptographicException"> /// An error occurred in the cryptographic message syntax subsystem. /// </exception> public override MimePart Sign(MailboxAddress signer, DigestAlgorithm digestAlgo, Stream content) { if (signer == null) { throw new ArgumentNullException("signer"); } if (content == null) { throw new ArgumentNullException("content"); } var contentInfo = new ContentInfo(ReadAllBytes(content)); var cmsSigner = GetRealCmsSigner(signer, digestAlgo); var signed = new SignedCms(contentInfo, true); signed.ComputeSignature(cmsSigner); var signedData = signed.Encode(); return(new ApplicationPkcs7Signature(new MemoryStream(signedData, false))); }
private static byte[] GenerateSignatureBlock(SignerConfig signerConfig, byte[] signatureFileBytes) { var signerCert = signerConfig.Certificate; var digestAlgorithm = signerConfig.SignatureDigestAlgorithm; var digestAlgorithmId = digestAlgorithm.Oid; var content = new ContentInfo(DataOid, signatureFileBytes); var signedCms = new SignedCms(content, true); var signer = new CmsSigner(signerCert) { DigestAlgorithm = digestAlgorithmId }; signedCms.ComputeSignature(signer); var encoded = signedCms.Encode(); return(encoded); }
public static void BuildFromSignerInfo() { ContentInfo content = new ContentInfo(new byte[] { 1, 2, 3, 4 }); SignedCms cms = new SignedCms(content, false); using (X509Certificate2 signerCert = Certificates.RSAKeyTransferCapi1.TryGetCertificateWithPrivateKey()) { CmsSigner signer = new CmsSigner(SubjectIdentifierType.SubjectKeyIdentifier, signerCert); signer.SignedAttributes.Add(new Pkcs9SigningTime()); cms.ComputeSignature(signer); } SignerInfo signerInfo = cms.SignerInfos[0]; byte[] sig = signerInfo.GetSignature(); Rfc3161TimestampRequest fromSigner = Rfc3161TimestampRequest.CreateFromSignerInfo(signerInfo, HashAlgorithmName.SHA256); Rfc3161TimestampRequest fromData = Rfc3161TimestampRequest.CreateFromData(sig, HashAlgorithmName.SHA256); Assert.Equal(fromData.Encode().ByteArrayToHex(), fromSigner.Encode().ByteArrayToHex()); }
public byte[] GetSignedCms(Stream stream) { var range = new byte[stream.Length]; stream.Position = 0; stream.Read(range, 0, range.Length); var contentInfo = new ContentInfo(range); SignedCms signedCms = new SignedCms(contentInfo, true); CmsSigner signer = new CmsSigner(Certificate); signer.UnsignedAttributes.Add(new Pkcs9SigningTime()); signedCms.ComputeSignature(signer, true); var bytes = signedCms.Encode(); return(bytes); }
/// <summary> /// Sign and encapsulate the content using the specified signer. /// </summary> /// <remarks> /// Sign and encapsulate the content using the specified signer. /// </remarks> /// <returns>A new <see cref="MimeKit.Cryptography.ApplicationPkcs7Mime"/> instance /// containing the detached signature data.</returns> /// <param name="signer">The signer.</param> /// <param name="digestAlgo">The digest algorithm to use for signing.</param> /// <param name="content">The content.</param> /// <exception cref="System.ArgumentNullException"> /// <para><paramref name="signer"/> is <c>null</c>.</para> /// <para>-or-</para> /// <para><paramref name="content"/> is <c>null</c>.</para> /// </exception> /// <exception cref="System.ArgumentOutOfRangeException"> /// <paramref name="digestAlgo"/> is out of range. /// </exception> /// <exception cref="System.NotSupportedException"> /// The specified <see cref="DigestAlgorithm"/> is not supported by this context. /// </exception> /// <exception cref="CertificateNotFoundException"> /// A signing certificate could not be found for <paramref name="signer"/>. /// </exception> /// <exception cref="System.Security.Cryptography.CryptographicException"> /// An error occurred in the cryptographic message syntax subsystem. /// </exception> public override ApplicationPkcs7Mime EncapsulatedSign(MailboxAddress signer, DigestAlgorithm digestAlgo, Stream content) { if (signer == null) { throw new ArgumentNullException(nameof(signer)); } if (content == null) { throw new ArgumentNullException(nameof(content)); } var contentInfo = new ContentInfo(ReadAllBytes(content)); var cmsSigner = GetRealCmsSigner(signer, digestAlgo); var signed = new SignedCms(contentInfo, false); signed.ComputeSignature(cmsSigner); var signedData = signed.Encode(); return(new ApplicationPkcs7Mime(SecureMimeType.SignedData, new MemoryStream(signedData, false))); }
private static PrimarySignature CreatePrimarySignature(CmsSigner cmsSigner, SignPackageRequest request, byte[] signingData) { var contentInfo = new ContentInfo(signingData); var cms = new SignedCms(contentInfo); try { cms.ComputeSignature(cmsSigner); } catch (CryptographicException ex) when(ex.HResult == INVALID_PROVIDER_TYPE_HRESULT) { var exceptionBuilder = new StringBuilder(); exceptionBuilder.AppendLine(Strings.SignFailureCertificateInvalidProviderType); exceptionBuilder.AppendLine(CertificateUtility.X509Certificate2ToString(request.Certificate, Common.HashAlgorithmName.SHA256)); throw new SignatureException(NuGetLogCode.NU3001, exceptionBuilder.ToString()); } return(PrimarySignature.Load(cms)); }
public void ComputeSignatureCmsSignerSubjectKeyIdentifier() { ContentInfo ci = new ContentInfo(asnNull); SignedCms sp = new SignedCms(ci); CmsSigner signer = new CmsSigner(SubjectIdentifierType.SubjectKeyIdentifier, GetCertificate(true)); signer.Certificates.Add(new X509Certificate2(intca_cer)); signer.Certificates.Add(new X509Certificate2(root_cer)); sp.ComputeSignature(signer); byte[] encoded = sp.Encode(); string s = BitConverter.ToString(encoded); #if DEBUG FileStream fs = File.OpenWrite("ComputeSignaturePkcs7SignerSubjectKeyIdentifier.der"); fs.Write(encoded, 0, encoded.Length); fs.Close(); #endif RoundTrip(encoded); }
static void Example4() { // If using Professional version, put your serial key below. ComponentInfo.SetLicense("FREE-LIMITED-KEY"); using (var document = PdfDocument.Load("Reading.pdf")) { // Add an invisible signature field to the PDF document. var signatureField = document.Form.Fields.AddSignature(); // Initiate signing of a PDF file with the specified signer delegate. signatureField.Sign(pdfFileStream => { // Create a signed CMS object using the content that should be signed, // but not included in the signed CMS object (detached: true). var content = new byte[pdfFileStream.Length]; pdfFileStream.Read(content, 0, content.Length); var signedCms = new SignedCms(new ContentInfo(content), detached: true); X509Certificate2 certificate = null; try { // Compute the signature using the specified digital ID file and the password. certificate = new X509Certificate2("GemBoxExampleExplorer.pfx", "GemBoxPassword"); signedCms.ComputeSignature(new CmsSigner(certificate)); } finally { // Starting with the .NET Framework 4.6, this type implements the IDisposable interface. (certificate as IDisposable)?.Dispose(); } // Return the signature encoded into a CMS/PKCS #7 message. return(signedCms.Encode()); }, PdfSignatureFormat.PKCS7, 2199); // Finish signing of a PDF file. document.Save("External Digital Signature.pdf"); } }
public static void SignerInfo_AddRemoveUnsignedAttributes_JoinCounterSignaturesAttributesIntoOne() { byte[] message = { 1, 2, 3, 4, 5 }; ContentInfo content = new ContentInfo(message); SignedCms cms = new SignedCms(content); using (X509Certificate2 signerCert = Certificates.RSA2048SignatureOnly.TryGetCertificateWithPrivateKey()) { CmsSigner signer = new CmsSigner(SubjectIdentifierType.IssuerAndSerialNumber, signerCert); cms.ComputeSignature(signer); } using (X509Certificate2 counterSigner1cert = Certificates.Dsa1024.TryGetCertificateWithPrivateKey()) { CmsSigner counterSigner = new CmsSigner(SubjectIdentifierType.IssuerAndSerialNumber, counterSigner1cert); counterSigner.IncludeOption = X509IncludeOption.EndCertOnly; counterSigner.DigestAlgorithm = new Oid(Oids.Sha1, Oids.Sha1); cms.SignerInfos[0].ComputeCounterSignature(counterSigner); } using (X509Certificate2 counterSigner2cert = Certificates.ECDsaP256Win.TryGetCertificateWithPrivateKey()) { CmsSigner counterSigner = new CmsSigner(SubjectIdentifierType.IssuerAndSerialNumber, counterSigner2cert); cms.SignerInfos[0].ComputeCounterSignature(counterSigner); } Assert.Equal(2, cms.SignerInfos[0].UnsignedAttributes.Count); Assert.Equal(1, cms.SignerInfos[0].UnsignedAttributes[0].Values.Count); Assert.Equal(1, cms.SignerInfos[0].UnsignedAttributes[1].Values.Count); cms.CheckSignature(true); AsnEncodedData counterSignature = cms.SignerInfos[0].UnsignedAttributes[0].Values[0]; cms.SignerInfos[0].RemoveUnsignedAttribute(counterSignature); cms.SignerInfos[0].AddUnsignedAttribute(counterSignature); Assert.Equal(1, cms.SignerInfos[0].UnsignedAttributes.Count); Assert.Equal(2, cms.SignerInfos[0].UnsignedAttributes[0].Values.Count); cms.CheckSignature(true); }
public byte[] GetSignature(byte[] content) { if (content == null) { throw new ArgumentNullException(nameof(content)); } var certificate = _CertificateProvider.GetCertificate(); if (!certificate.HasPrivateKey) { throw new InvalidOperationException($"Certificate does not have a private key - Subject:{certificate.Subject} Thumbprint:{certificate.Thumbprint}."); } var contentInfo = new ContentInfo(content); var signedCms = new SignedCms(contentInfo, true); var signer = new CmsSigner(SubjectIdentifierType.IssuerAndSerialNumber, certificate) { IncludeOption = X509IncludeOption.EndCertOnly }; try { signedCms.ComputeSignature(signer); } catch (Exception e) { //NB. Cannot catch the internal exception type (cross-platform design of .NET Core) if (e.GetType().Name == "WindowsCryptographicException" && e.Message == "Keyset does not exist" && !WindowsIdentityQueries.CurrentUserIsAdministrator()) { throw new InvalidOperationException("Failed to sign with certificate when current user does not have UAC elevated permissions.", e); } throw; } return(signedCms.Encode()); }
private static byte[] CreateSignedDataPkcs7(byte[] encryptedMessageData, X509Certificate2 localPrivateKey) { // Create the outer envelope, signed with the local private key var signer = new CmsSigner(localPrivateKey) { DigestAlgorithm = Oids.Pkcs.MD5 }; // Message Type (messageType): https://tools.ietf.org/html/draft-nourse-scep-23#section-3.1.1.2 // PKCS#10 request = PKCSReq (19) var messageType = new AsnEncodedData(Oids.Scep.MessageType, DerEncoding.EncodePrintableString("19")); signer.SignedAttributes.Add(messageType); // Tranaction ID (transId): https://tools.ietf.org/html/draft-nourse-scep-23#section-3.1.1.1 var sha = new SHA512Managed(); var hashedKey = sha.ComputeHash(localPrivateKey.GetPublicKey()); var hashedKeyString = Convert.ToBase64String(hashedKey); var transactionId = new Pkcs9AttributeObject(Oids.Scep.TransactionId, DerEncoding.EncodePrintableString(hashedKeyString)); signer.SignedAttributes.Add(transactionId); // Sender Nonce (senderNonce): https://tools.ietf.org/html/draft-nourse-scep-23#section-3.1.1.5 lastSenderNonce = new byte[16]; RNGCryptoServiceProvider.Create().GetBytes(lastSenderNonce); var nonce = new Pkcs9AttributeObject(Oids.Scep.SenderNonce, DerEncoding.EncodeOctet(lastSenderNonce)); signer.SignedAttributes.Add(nonce); // Seems that the oid is not needed for this envelope var signedContent = new ContentInfo(encryptedMessageData); //new Oid("1.2.840.113549.1.7.1", "data"), encryptedMessageData); var signedMessage = new SignedCms(signedContent); signedMessage.ComputeSignature(signer); var encodedMessage = signedMessage.Encode(); return(encodedMessage); }
/// <summary> /// Creates <see cref="SignedCms"/> for raw content and a collection of signing certificate /// </summary> /// <param name="content">The <c>byte</c> array to sign</param> /// <param name="signingCertificates">The certificates with which to sign.</param> /// <returns>An instance of <see cref="SignedCms"/> holdling the signatures</returns> public SignedCms CreateSignature(byte[] content, X509Certificate2Collection signingCertificates) { if (content == null) { throw new SignatureException(SignatureError.NullContent); } if (signingCertificates == null) { throw new SignatureException(SignatureError.NoCertificates); } SignedCms signature = new SignedCms(CreateDataContainer(content), true); // true: Detached Signature for (int i = 0, count = signingCertificates.Count; i < count; ++i) { CmsSigner signer = CreateSigner(signingCertificates[i]); signature.ComputeSignature(signer, true); // true: don't prompt the user } return(signature); }
/// <summary> /// Crea la firma CMS/PKCS #7 /// </summary> private static byte[] SignMsg(byte[] Message, SysX509.X509Certificate2 SignerCertificate, bool Detached) { //Creamos el contenedor ContentInfo contentInfo = new ContentInfo(Message); //Instanciamos el objeto SignedCms con el contenedor SignedCms objSignedCms = new SignedCms(contentInfo, Detached); //Creamos el "firmante" CmsSigner objCmsSigner = new CmsSigner(SignerCertificate); // Include the following line if the top certificate in the // smartcard is not in the trusted list. objCmsSigner.IncludeOption = SysX509.X509IncludeOption.EndCertOnly; // Sign the CMS/PKCS #7 message. The second argument is // needed to ask for the pin. objSignedCms.ComputeSignature(objCmsSigner, false); //Encodeamos el mensaje CMS/PKCS #7 return(objSignedCms.Encode()); }
public static byte[] SignFile(X509Certificate2 cert, byte[] data) { try { ContentInfo content = new ContentInfo(data); SignedCms signedCms = new SignedCms(content, false); if (VerifySign(data)) { signedCms.Decode(data); } CmsSigner signer = new CmsSigner(cert); signer.IncludeOption = X509IncludeOption.WholeChain; signedCms.ComputeSignature(signer); return(signedCms.Encode()); } catch (Exception ex) { throw new Exception("Erro ao assinar arquivo. A mensagem retornada foi: " + ex.Message); } }
// This generates a package with a basic signed CMS. // The signature MUST NOT have any signed or unsigned attributes. public static async Task <FileInfo> SignPackageFileWithBasicSignedCmsAsync( TestDirectory directory, FileInfo packageFile, X509Certificate2 certificate) { SignatureContent signatureContent; using (var stream = packageFile.OpenRead()) using (var hashAlgorithm = HashAlgorithmName.SHA256.GetHashProvider()) { var hash = hashAlgorithm.ComputeHash(stream, leaveStreamOpen: false); signatureContent = new SignatureContent(SigningSpecifications.V1, HashAlgorithmName.SHA256, Convert.ToBase64String(hash)); } var signedPackageFile = new FileInfo(Path.Combine(directory, Guid.NewGuid().ToString())); var cmsSigner = new CmsSigner(certificate) { DigestAlgorithm = HashAlgorithmName.SHA256.ConvertToOid(), IncludeOption = X509IncludeOption.WholeChain }; var contentInfo = new ContentInfo(signatureContent.GetBytes()); var signature = new SignedCms(contentInfo); signature.ComputeSignature(cmsSigner); Assert.Empty(signature.SignerInfos[0].SignedAttributes); Assert.Empty(signature.SignerInfos[0].UnsignedAttributes); using (var packageReadStream = packageFile.OpenRead()) using (var packageWriteStream = signedPackageFile.OpenWrite()) using (var package = new SignedPackageArchive(packageReadStream, packageWriteStream)) using (var signatureStream = new MemoryStream(signature.Encode())) { await package.AddSignatureAsync(signatureStream, CancellationToken.None); } return(signedPackageFile); }
public static void SignWithImplicitSubjectKeyIdentifier() { byte[] contentBytes = { 9, 8, 7, 6, 5 }; ContentInfo contentInfo = new ContentInfo(contentBytes); SignedCms cms = new SignedCms(contentInfo, false); using (X509Certificate2 signerCert = Certificates.RSAKeyTransferCapi1.TryGetCertificateWithPrivateKey()) { // This cert has no Subject Key Identifier extension. Assert.Null(signerCert.Extensions[Oids.SubjectKeyIdentifier]); CmsSigner signer = new CmsSigner(SubjectIdentifierType.SubjectKeyIdentifier, signerCert); cms.ComputeSignature(signer); } Assert.Equal( "6B4A6B92FDED07EE0119F3674A96D1A70D2A588D", (string)cms.SignerInfos[0].SignerIdentifier.Value); // Assert.NoThrow cms.CheckSignature(true); }
/// <summary> /// Encodes the specified ar message. THIS IS FOR THE TEST CHANNEL /// </summary> /// <param name="arMessage">The ar message.</param> /// <param name="signerCert">The signer cert.</param> /// <param name="signerPassword">The signer password.</param> /// <returns></returns> internal static byte[] EncodeMDN(byte[] arMessage, string signerCert, string signerPassword) { byte[] signature = null; try { X509Certificate2 cert = new X509Certificate2(signerCert, signerPassword); ContentInfo contentInfo = new ContentInfo(arMessage); SignedCms signedCms = new SignedCms(contentInfo, true); CmsSigner cmsSigner = new CmsSigner(cert); signedCms.ComputeSignature(cmsSigner); signature = signedCms.Encode(); } catch (Exception ex) { Log.Error($"Encoding Exception occured : {ex.Message}"); } return(signature); }
static void Main(string[] args) { var data = Encoding.ASCII.GetBytes("Hi!"); var hash = HashAlgorithm.Create("SHA256").ComputeHash(data); var certificate = new X509Certificate2(Convert.FromBase64String(cert), pwd); // So since I've no idea how you got p7s, i improvised here: var cms = new SignedCms(new ContentInfo(hash), true); // true -> Detached var signer = new CmsSigner(SubjectIdentifierType.SubjectKeyIdentifier, certificate); cms.ComputeSignature(signer); var data2 = cms.Encode(); // assuming this was in p7s file var xx = Convert.ToBase64String(data2); // this passes, this is the .Net validation from OP var cms2 = new SignedCms(new ContentInfo(hash), true); cms2.Decode(Convert.FromBase64String(xx)); cms2.CheckSignature(true); // Same in bouncy castle: BCUtil.Validate(certificate, hash, xx); }
/// <summary> /// Firma mensaje /// </summary> /// <param name="argBytesMsg">Bytes del mensaje</param> /// <param name="argCertFirmante">Certificado usado para firmar</param> /// <returns>Bytes del mensaje firmado</returns> /// <remarks></remarks> public static byte[] FirmaBytesMensaje(byte[] argBytesMsg, X509Certificate2 argCertFirmante) { const string ID_FNC = "[FirmaBytesMensaje]"; try { // Pongo el mensaje en un objeto ContentInfo (requerido para construir el obj SignedCms) var infoContenido = new ContentInfo(argBytesMsg); var cmsFirmado = new SignedCms(infoContenido); // Creo objeto CmsSigner que tiene las caracteristicas del firmante var cmsFirmante = new CmsSigner(argCertFirmante) { IncludeOption = X509IncludeOption.EndCertOnly }; if (VerboseMode) { Console.WriteLine($@"{ID_FNC}***Firmando bytes del mensaje..."); } // Firmo el mensaje PKCS #7 cmsFirmado.ComputeSignature(cmsFirmante); if (VerboseMode) { Console.WriteLine($@"{ID_FNC}***OK mensaje firmado"); } // Encodeo el mensaje PKCS #7. return(cmsFirmado.Encode()); } catch (Exception excepcionAlFirmar) { throw new Exception($"{ID_FNC}***Error al firmar: {excepcionAlFirmar.Message}"); } }
private static void VerifyWithExplicitPrivateKey(X509Certificate2 cert, AsymmetricAlgorithm key) { using (var pubCert = new X509Certificate2(cert.RawData)) { Assert.False(pubCert.HasPrivateKey); byte[] content = { 9, 8, 7, 6, 5 }; ContentInfo contentInfo = new ContentInfo(content); SignedCms cms = new SignedCms(contentInfo); CmsSigner signer = new CmsSigner(SubjectIdentifierType.SubjectKeyIdentifier, pubCert, key) { IncludeOption = X509IncludeOption.EndCertOnly, DigestAlgorithm = new Oid(Oids.Sha1, Oids.Sha1) }; cms.ComputeSignature(signer); cms.CheckSignature(true); Assert.Equal(1, cms.SignerInfos.Count); Assert.Equal(pubCert, cms.SignerInfos[0].Certificate); } }
public async Task <byte[]> Handle(Stream file) { var data = await ReadFully(file); var envelopedCms = new EnvelopedCms(new ContentInfo(data)); envelopedCms.Encrypt(new CmsRecipient(cert)); var encryptedMessage = envelopedCms.Encode(); var signedCms = new SignedCms(new ContentInfo(encryptedMessage)); var signer = new CmsSigner(cert) { IncludeOption = X509IncludeOption.EndCertOnly }; signedCms.ComputeSignature(signer); var result = signedCms.Encode(); return(result); }
public byte[] signMessage(byte[] data, X509Certificate2 privateCert) { byte[] numArray; try { if (data == null) { throw new ArgumentNullException("data"); } if (privateCert == null) { throw new ArgumentNullException("privateCertificate"); } SignedCms signedCm = new SignedCms(new ContentInfo(data)); signedCm.ComputeSignature(new CmsSigner(SubjectIdentifierType.IssuerAndSerialNumber, privateCert)); numArray = signedCm.Encode(); } catch (Exception exception) { numArray = null; } return(numArray); }
public static void CreateSignature_RsaPadding_DefaultToPkcs1() { ContentInfo content = new ContentInfo(new byte[] { 1, 2, 3 }); SignedCms cms = new SignedCms(content); byte[] cmsBytes; using (X509Certificate2 cert = Certificates.RSA2048SignatureOnly.TryGetCertificateWithPrivateKey()) { CmsSigner signer = new CmsSigner(SubjectIdentifierType.IssuerAndSerialNumber, cert, null, null); cms.ComputeSignature(signer); cmsBytes = cms.Encode(); } cms = new SignedCms(); cms.Decode(cmsBytes); cms.CheckSignature(true); // Assert.NoThrow Assert.Single(cms.SignerInfos); SignerInfo signerInfo = cms.SignerInfos[0]; Assert.Equal(Oids.Rsa, signerInfo.SignatureAlgorithm.Value); }
/// <summary> /// Generates a cryptographic signature for a given message /// </summary> /// <param name="message">The message to sign</param> /// <param name="signingCertificate">The certificate to sign the message with</param> /// <param name="encryptionCertificate">An optional encryption certificate to include along with the signature</param> /// <returns>The signature for the specified message</returns> internal static byte[] GetSignature(string message, X509Certificate2 signingCertificate, X509Certificate2 encryptionCertificate) { byte[] messageBytes = Encoding.ASCII.GetBytes(message); SignedCms signedCms = new SignedCms(new ContentInfo(messageBytes), true); CmsSigner cmsSigner = new CmsSigner(SubjectIdentifierType.IssuerAndSerialNumber, signingCertificate); cmsSigner.IncludeOption = X509IncludeOption.WholeChain; if (encryptionCertificate != null) { cmsSigner.Certificates.Add(encryptionCertificate); } Pkcs9SigningTime signingTime = new Pkcs9SigningTime(); cmsSigner.SignedAttributes.Add(signingTime); signedCms.ComputeSignature(cmsSigner, false); return(signedCms.Encode()); }
public AsnElt Encode() { SignedCms signed = new SignedCms( new ContentInfo( IdPkInitAuthData, AuthPack.Encode().Encode() ) ); var signer = new CmsSigner(PKCert); if (!VerifyCerts) { signer.IncludeOption = X509IncludeOption.EndCertOnly; // only the end certificate is included in the X.509 chain information. } signed.ComputeSignature(signer, silent: false); return(AsnElt.Make(AsnElt.SEQUENCE, new AsnElt[] { AsnElt.Make(AsnElt.CONTEXT, 0, new AsnElt[] { AsnElt.MakeBlob(signed.Encode()) }) })); }
public static void TryDecode_Fails_MalformedToken() { ContentInfo contentInfo = new ContentInfo( new Oid(Oids.TstInfo, Oids.TstInfo), new byte[] { 1 }); SignedCms cms = new SignedCms(contentInfo); using (X509Certificate2 cert = Certificates.RSAKeyTransferCapi1.TryGetCertificateWithPrivateKey()) { cms.ComputeSignature(new CmsSigner(SubjectIdentifierType.IssuerAndSerialNumber, cert)); } Assert.False( Rfc3161TimestampToken.TryDecode( cms.Encode(), out Rfc3161TimestampToken token, out int bytesRead), "Rfc3161TimestampToken.TryDecode"); Assert.Equal(0, bytesRead); Assert.Null(token); }
//http://stackoverflow.com/questions/11526572/openssl-smime-in-c-sharp public static void Sign(string basePath) { var cert = new X509Certificate2(yourCertFile, yourCertFilePassword); var buffer = File.ReadAllBytes(Path.Combine(basePath, "manifest.json")); ContentInfo cont = new ContentInfo(buffer); var cms = new SignedCms(cont, true); var signer = new CmsSigner(SubjectIdentifierType.SubjectKeyIdentifier, cert); signer.IncludeOption = X509IncludeOption.ExcludeRoot; // TODO: You MUST visit this URL and download/install Apple's certificates // http://www.apple.com/certificateauthority/ // Apple Inc. Root Certificate // Apple Computer, Inc. Root Certificate // Worldwide Developer Relations cms.ComputeSignature(signer); var myCmsMessage = cms.Encode(); File.WriteAllBytes(Path.Combine(basePath, "signature"), myCmsMessage); }
private byte[] Sign(byte[] data, X509Certificate2 signingCert) { // create ContentInfo ContentInfo content = new ContentInfo(data); // SignedCms represents signed data SignedCms signedMessage = new SignedCms(content); // create a signer CmsSigner signer = new CmsSigner(signingCert); // sign the data //Orig:signedMessage.ComputeSignature(signer); signedMessage.ComputeSignature(signer, false); // create PKCS #7 byte array byte[] signedBytes = signedMessage.Encode(); // return signed data return(signedBytes); }
public byte[] Sign(string certificateThumbprint, byte[] data, bool detached) { var store = new X509Store(StoreLocation.CurrentUser); store.Open(OpenFlags.ReadOnly); var certificates = store.Certificates.Find(X509FindType.FindByThumbprint, certificateThumbprint, false); if (certificates.Count == 0) { throw new Exception("Сертификат с отпечатком " + certificateThumbprint + " не найден в хранилище " + store.Location + ". Пользователь " + Environment.UserName); } var contentInfo = new ContentInfo(data); var signedCms = new SignedCms(contentInfo, detached); var cmsSigner = new CmsSigner(SubjectIdentifierType.IssuerAndSerialNumber, certificates[0]); cmsSigner.SignedAttributes.Add(new Pkcs9SigningTime(DateTime.Now)); signedCms.ComputeSignature(cmsSigner, true); return(signedCms.Encode()); }
/// <summary> /// Firma mensaje /// </summary> /// <param name="messageBytes">Bytes del mensaje</param> /// <param name="signerCertificate">Certificado usado para firmar</param> /// <returns>Bytes del mensaje firmado</returns> /// <remarks></remarks> public static byte[] SignMessageBytes(byte[] messageBytes, X509Certificate2 signerCertificate) { const string ID_FNC = "[FirmaBytesMensaje]"; try { // Pongo el mensaje en un objeto ContentInfo (requerido para construir el obj SignedCms) var contentInfo = new ContentInfo(messageBytes); var signedCms = new SignedCms(contentInfo); // Creo objeto CmsSigner que tiene las caracteristicas del firmante var cmsSigner = new CmsSigner(signerCertificate) { IncludeOption = X509IncludeOption.EndCertOnly }; if (VerboseMode) { Console.WriteLine(ID_FNC + "***Firmando bytes del mensaje..."); } // Firmo el mensaje PKCS #7 signedCms.ComputeSignature(cmsSigner); if (VerboseMode) { Console.WriteLine(ID_FNC + "***OK mensaje firmado"); } // Encodeo el mensaje PKCS #7. return(signedCms.Encode()); } catch (Exception ex) { throw new Exception(ID_FNC + "***Error al firmar: " + ex.Message); } }
private bool signFile(string file, string outFile, string algoritmus, bool detached) { try { string saveTo = Path.GetDirectoryName(file); string tmpDir = FastZep.FastZepFolder + "tmp"; if (lbValue == "") { return false; } if (Directory.Exists(tmpDir)) { Directory.Delete(tmpDir, true); } Directory.CreateDirectory(tmpDir); string date = DateTime.Now.Subtract(TimeSpan.FromHours(1)).ToString("yyyyMMddHHmmss") + "Z"; Directory.CreateDirectory(tmpDir + "\\D" + date + "\\Policy\\"); string certFile = tmpDir + "\\D" + date + "\\Policy\\P" + date + ".der"; string sigFile = tmpDir + "\\D" + date + "\\S" + date + ".p7s"; string emlFile = tmpDir + "\\D" + date + "\\M" + date + ".eml"; Directory.CreateDirectory(tmpDir + "\\D" + date + "\\"); TextWriter eml = new StreamWriter(emlFile); eml.WriteLine("MIME-Version: 1.0"); eml.WriteLine("Content-Type: " + MimeType(file)); eml.WriteLine("Content-Transfer-Encoding: base64"); eml.WriteLine("Content-Disposition: filename=\"" + Path.GetFileName(file) + "\""); eml.WriteLine(); FileStream fs = new FileStream(file, FileMode.Open); byte[] filebytes = new byte[fs.Length]; fs.Read(filebytes, 0, Convert.ToInt32(fs.Length)); string encodedData = Convert.ToBase64String(filebytes, Base64FormattingOptions.InsertLineBreaks); eml.Write(encodedData); eml.Close(); fs.Close(); byte[] buffer = File.ReadAllBytes(emlFile); ContentInfo contentInfo = new ContentInfo(buffer); X509Store store = new X509Store(); store.Open(OpenFlags.ReadOnly); X509Certificate2Collection certs = store.Certificates.Find(X509FindType.FindBySerialNumber, lbValue, false); int i = 0; foreach (X509Certificate2 cert in certs) { i++; SignedCms signedCms = new SignedCms(SubjectIdentifierType.IssuerAndSerialNumber, contentInfo, !detached); CmsSigner cmsSigner = new CmsSigner(SubjectIdentifierType.IssuerAndSerialNumber, cert); cmsSigner.SignedAttributes.Add(new Pkcs9SigningTime()); cmsSigner.IncludeOption = X509IncludeOption.WholeChain; ESSCertIDv2 cer2 = new ESSCertIDv2(cert); X509Chain chain = new X509Chain(); chain.Build(cert); /* /**/ //cmsSigner.UnsignedAttributes.Add(new AsnEncodedData("1.2.840.113549.1.9.16.2.21", CertRefs.get(chain))); //cmsSigner.UnsignedAttributes.Add(new AsnEncodedData("1.2.840.113549.1.9.16.2.22", CertCrls.get(chain))); //cmsSigner.UnsignedAttributes.Add(new AsnEncodedData("1.2.840.113549.1.9.16.2.23", OtherCerts.get(chain))); //cmsSigner.UnsignedAttributes.Add(new AsnEncodedData("1.2.840.113549.1.9.16.2.24", OtherCrls.get(chain))); /**/ //cmsSigner.SignedAttributes.Add(new AsnEncodedData("1.2.840.113549.1.9.16.2.47", cer2.get())); //cmsSigner.SignedAttributes.Add(new AsnEncodedData("1.2.840.113549.1.9.16.2.15", getPolicy(false))); /**/ signedCms.ComputeSignature(cmsSigner, false); File.WriteAllBytes(certFile, getPolicy(true)); File.WriteAllBytes(sigFile, signedCms.Encode()); } if (i == 0) { throw new Exception("Failed" + Marshal.GetLastWin32Error().ToString()); } SignedCms signedCms2 = new SignedCms(); byte[] encodedMessage = File.ReadAllBytes(sigFile); signedCms2.Decode(encodedMessage); BHI.Rats.RatsCompressionManager.Zip(tmpDir, outFile); Directory.Delete(tmpDir, true); return true; } catch (CryptographicException e) { var error = e.Message.ToString(); if (error == "Unknown error \"-1073741275\".") { error = "Nepodarilo sa načítať certifikát. odpojte a pripojte čítačku."; } if (error == "An internal error occurred.\r\n") { error = "Došlo ku chybe pri podpisovaní. Pravdepodobne nemáte pripojený USB kľúč alebo čítačku kariet."; } Console.WriteLine("Signing failed: " + error.ToString()); if (e.InnerException != null) { Console.WriteLine("Inner Exception: " + e.InnerException.ToString()); } MessageBox.Show(error, "Chyba pri podpisovaní", MessageBoxButtons.OK, MessageBoxIcon.Error); }catch (Exception exc) { MessageBox.Show(exc.Message + "\n" + Marshal.GetLastWin32Error().ToString(), "Chyba pri podpisovaní", MessageBoxButtons.OK, MessageBoxIcon.Error); } return false; }
/// <summary> /// Construye un Login Ticket obtenido del WSAA /// </summary> /// <param name="argServicio">Servicio al que se desea acceder</param> /// <param name="argUrlWsaa">URL del WSAA</param> /// <param name="argRutaCertX509Firmante">Ruta del certificado X509 (con clave privada) usado para firmar</param> /// <param name="argVerbose">Nivel detallado de descripcion? true/false</param> /// <remarks></remarks> public void Obtener(string argServicio, string argUrlWsaa, string argRutaCertX509Firmante, bool argVerbose) { RutaDelCertificadoFirmante = argRutaCertX509Firmante; string cmsFirmadoBase64; string respuesta; XmlNode xmlNodoUniqueId; XmlNode xmlNodoGenerationTime; XmlNode xmlNodoExpirationTime; XmlNode xmlNodoService; // PASO 1: Genero el Login Ticket Request try { solicitudXML = new XmlDocument (); solicitudXML.LoadXml (solicitudPlantillaXML); xmlNodoUniqueId = solicitudXML.SelectSingleNode ("//uniqueId"); xmlNodoGenerationTime = solicitudXML.SelectSingleNode ("//generationTime"); xmlNodoExpirationTime = solicitudXML.SelectSingleNode ("//expirationTime"); xmlNodoService = solicitudXML.SelectSingleNode ("//service"); var now = DateTime.Now; xmlNodoGenerationTime.InnerText = now.ToString ("s"); xmlNodoExpirationTime.InnerText = now.AddHours (12).ToString ("s"); xmlNodoUniqueId.InnerText = Convert.ToString (_globalUniqueID); xmlNodoService.InnerText = Servicio; _globalUniqueID += 1; } catch (Exception ex) { throw new Exception ("Error GENERANDO el Ticket de acceso : " + ex.Message); } // PASO 2: Firmo el Login Ticket Request try { // Convierto el login ticket request a bytes, para firmar Encoding EncodedMsg = Encoding.UTF8; byte[] msgBytes = EncodedMsg.GetBytes (solicitudXML.OuterXml); byte[] encodedSignedCms; // Firmo el msg y paso a Base64 try { var certList = new ArrayList (); CMSTypedData msg = new CMSProcessableByteArray ("Hello world!".getBytes ()); certList.add (signCert); Store certs = new JcaCertStore (certList); var gen = new CMSSignedDataGenerator (); ContentSigner sha1Signer = new JcaContentSignerBuilder ("SHA1withRSA").setProvider ("BC").build (signKP.getPrivate ()); gen.addSignerInfoGenerator ( new JcaSignerInfoGeneratorBuilder ( new JcaDigestCalculatorProviderBuilder ().setProvider ("BC").build ()) .build (sha1Signer, signCert)); gen.addCertificates (certs); CMSSignedData sigData = gen.generate (msg, false); cmsFirmadoBase64 = Convert.ToBase64String (encodedSignedCms); // Pongo el mensaje en un objeto ContentInfo (requerido para construir el obj SignedCms) var infoContenido = new System.Security.Cryptography.Pkcs.ContentInfo (msgBytes); var cmsFirmado = new SignedCms (infoContenido); // Creo objeto CmsSigner que tiene las caracteristicas del firmante var cmsFirmante = new CmsSigner (certificadoFirmante); cmsFirmante.IncludeOption = X509IncludeOption.EndCertOnly; // Firmo el mensaje PKCS #7 cmsFirmado.ComputeSignature (cmsFirmante); // Encodeo el mensaje PKCS #7. encodedSignedCms = cmsFirmado.Encode (); } catch (Exception excepcionAlFirmar) { throw new Exception ("***Error al firmar: " + excepcionAlFirmar.Message); } } catch (Exception excepcionAlFirmar) { throw new Exception ("***Error FIRMANDO el LoginTicketRequest : " + excepcionAlFirmar.Message); } // PASO 3: Invoco al WSAA para obtener el Login Ticket Response try { var wsaa = new WSAA.LoginCMSService (); respuesta = wsaa.loginCms (cmsFirmadoBase64); } catch (Exception ex) { throw new Exception ("Error INVOCANDO al servicio WSAA : " + ex.Message); } // PASO 4: Analizo el Login Ticket Response recibido del WSAA try { respuestaXML = new XmlDocument (); respuestaXML.LoadXml (respuesta); id = UInt32.Parse (respuestaXML.SelectSingleNode ("//uniqueId").InnerText); generacion = DateTime.Parse (respuestaXML.SelectSingleNode ("//generationTime").InnerText); expiracion = DateTime.Parse (respuestaXML.SelectSingleNode ("//expirationTime").InnerText); firma = respuestaXML.SelectSingleNode ("//sign").InnerText; token = respuestaXML.SelectSingleNode ("//token").InnerText; } catch (Exception ex) { throw new Exception ("Error ANALIZANDO el LoginTicketResponse : " + ex.Message); } }