//INFO: метод для тестирования
public string SignN3Gost(string data)
{
var storeCurrentUser = new X509Store(StoreName.My, StoreLocation.CurrentUser);
storeCurrentUser.Open(OpenFlags.ReadOnly);
var coll = storeCurrentUser.Certificates
.Find(X509FindType.FindByThumbprint, "4d 19 79 84 52 9a 80 4a c4 86 3a 82 6a 8d ab 85 3f 95 e5 01", false)[0];
//b8 be f8 22 e8 63 2a 74 d4 2e 58 df 91 9c 2f e3 75 ea e1 e4 просрочен
//4d 19 79 84 52 9a 80 4a c4 86 3a 82 6a 8d ab 85 3f 95 e5 01
var gost = (Gost3410CryptoServiceProvider) coll.PrivateKey;
var base64Blob = Convert.ToBase64String(coll.Export(X509ContentType.Cert));
var gostSignatureFormatter = new GostSignatureFormatter(gost);
gostSignatureFormatter.SetHashAlgorithm("Gost3411");
var hash = Md5Helper.GetGost3411Hash(data);
var base64Hash = Convert.ToBase64String(hash);
var sign = gostSignatureFormatter.CreateSignature(hash);
var base64Sign = Convert.ToBase64String(sign);
var signData = new SignData
{
data = data,
public_key = base64Blob,
hash = base64Hash,
sign = base64Sign
};
return JsonConvert.SerializeObject(signData);
}
//INFO: метод для тестирования
public string SignN3Gost(string data, string mimeType)
{
var storeCurrentUser = new X509Store(StoreName.My, StoreLocation.CurrentUser);
storeCurrentUser.Open(OpenFlags.ReadOnly);
var coll = storeCurrentUser.Certificates
.Find(X509FindType.FindByThumbprint, "4d 19 79 84 52 9a 80 4a c4 86 3a 82 6a 8d ab 85 3f 95 e5 01", false)[0];
//b8 be f8 22 e8 63 2a 74 d4 2e 58 df 91 9c 2f e3 75 ea e1 e4 просрочен
//4d 19 79 84 52 9a 80 4a c4 86 3a 82 6a 8d ab 85 3f 95 e5 01
var gost = (Gost3410CryptoServiceProvider)coll.PrivateKey;
var base64Blob = Convert.ToBase64String(coll.Export(X509ContentType.Cert));
var gostSignatureFormatter = new GostSignatureFormatter(gost);
gostSignatureFormatter.SetHashAlgorithm("Gost3411");
var hash = Md5Helper.GetGost3411Hash(data);
var base64Hash = Convert.ToBase64String(hash);
var sign = gostSignatureFormatter.CreateSignature(hash);
var base64Sign = Convert.ToBase64String(sign);
var signData = new SignData
{
Data = data,
MIMEType = mimeType,
PublicKey = base64Blob,
Hash = base64Hash,
Sign = base64Sign
};
return(new SerializationHelper <SignData>().Serialize(signData));
}
private static byte[] CreateSignature(Gost3410AsymmetricAlgorithmBase privateKey, Stream dataStream)
{
byte[] hash;
using (var hashAlg = new Gost3411HashAlgorithm())
{
hash = hashAlg.ComputeHash(dataStream);
}
var formatter = new GostSignatureFormatter(privateKey);
return(formatter.CreateSignature(hash));
}
private static string SignData(string data)
{
var cert = GetMyX509Certificate();
// String msg, X509Certificate2 cert
using (var gost = new Gost3411CryptoServiceProvider())
{
var sign = new GostSignatureFormatter(cert.PrivateKey);
var buff = Encoding.UTF8.GetBytes(data);
var hash = gost.ComputeHash(buff);
return(Convert.ToBase64String(sign.CreateSignature(hash)));
}
}
static void PKCS7()
{
GostCryptoConfig.ProviderType = ProviderTypes.VipNet;
Config.InitCommon();
BCX509.X509Certificate bcCert = null;
using (var g = GostCryptoConfig.CreateGost3410AsymmetricAlgorithm())
{
bool detached = false;
byte[] data = File.ReadAllBytes("test.xml");
var certBytes = g.ContainerCertificateRaw;
BCX509.X509CertificateParser _x509CertificateParser = new BCX509.X509CertificateParser();
bcCert = _x509CertificateParser.ReadCertificate(certBytes);
ICollection <BCX509.X509Certificate> certPath = new List <BCX509.X509Certificate>();
certPath.Add(bcCert);
IDigest digest = new Gost3411Digest();
string hashOid = GostCryptoConfig.DefaultHashOid;
byte[] dataHash = ComputeDigest(digest, data);
// Construct SignerInfo.signedAttrs
Asn1EncodableVector signedAttributesVector = new Asn1EncodableVector();
// Add PKCS#9 contentType signed attribute
signedAttributesVector.Add(
new Org.BouncyCastle.Asn1.Cms.Attribute(
new DerObjectIdentifier("1.2.840.113549.1.9.3"),
new DerSet(new DerObjectIdentifier("1.2.840.113549.1.7.1"))));
// Add PKCS#9 messageDigest signed attribute
signedAttributesVector.Add(
new Org.BouncyCastle.Asn1.Cms.Attribute(
new DerObjectIdentifier("1.2.840.113549.1.9.4"),
new DerSet(new DerOctetString(dataHash))));
// Add PKCS#9 signingTime signed attribute
signedAttributesVector.Add(
new Org.BouncyCastle.Asn1.Cms.Attribute(
new DerObjectIdentifier("1.2.840.113549.1.9.5"),
new DerSet(new Org.BouncyCastle.Asn1.Cms.Time(new DerUtcTime(DateTime.UtcNow)))));
DerSet signedAttributes = new DerSet(signedAttributesVector);
byte[] pkcs1Digest = ComputeDigest(digest, signedAttributes.GetDerEncoded());
byte[] pkcs1DigestInfo = CreateDigestInfo(pkcs1Digest, hashOid);
// hash
//var signature = g.CreateSignature(hash);
var formatter = new GostSignatureFormatter(g);
var signature = formatter.CreateSignature(pkcs1Digest);
// Construct SignerInfo
SignerInfo signerInfo = new SignerInfo(
new SignerIdentifier(new IssuerAndSerialNumber(bcCert.IssuerDN, bcCert.SerialNumber)),
new AlgorithmIdentifier(new DerObjectIdentifier(hashOid), null),
signedAttributes,
new AlgorithmIdentifier(new DerObjectIdentifier(GostCryptoConfig.DefaultSignOid), null),
new DerOctetString(signature),
null);
// Construct SignedData.digestAlgorithms
Asn1EncodableVector digestAlgorithmsVector = new Asn1EncodableVector();
digestAlgorithmsVector.Add(new AlgorithmIdentifier(new DerObjectIdentifier(hashOid), null));
// Construct SignedData.encapContentInfo
ContentInfo encapContentInfo = new ContentInfo(
new DerObjectIdentifier("1.2.840.113549.1.7.1"),
(detached) ? null : new DerOctetString(data));
// Construct SignedData.certificates
Asn1EncodableVector certificatesVector = new Asn1EncodableVector();
foreach (BCX509.X509Certificate cert in certPath)
{
certificatesVector.Add(X509CertificateStructure.GetInstance(Asn1Object.FromByteArray(cert.GetEncoded())));
}
// Construct SignedData.signerInfos
Asn1EncodableVector signerInfosVector = new Asn1EncodableVector();
signerInfosVector.Add(signerInfo.ToAsn1Object());
// Construct SignedData
SignedData signedData = new SignedData(
new DerSet(digestAlgorithmsVector),
encapContentInfo,
new BerSet(certificatesVector),
null,
new DerSet(signerInfosVector));
// Construct top level ContentInfo
ContentInfo contentInfo = new ContentInfo(
new DerObjectIdentifier("1.2.840.113549.1.7.2"),
signedData);
var res = contentInfo.GetDerEncoded();
File.WriteAllBytes("test.p7", res);
CmsSignedData cms = new CmsSignedData(res);
var certStore = cms.GetCertificates("Collection");
SignerInformationStore signers = cms.GetSignerInfos();
var it = signers.GetSigners().GetEnumerator();
it.MoveNext();
var signer = it.Current as SignerInformation;
var b = signer.Verify(bcCert);
}
}
/// <summary>
/// Формирование сигнатуры для серверной подписи
/// </summary>
/// <param name="alg"></param>
/// <param name="data"></param>
/// <param name="detached"></param>
/// <returns></returns>
public static byte[] ComputeSignature(Gost3410 alg, byte[] data, bool detached = true)
{
var certBytes = alg.ContainerCertificateRaw;
var _x509CertificateParser = new BCX509.X509CertificateParser();
var bcCert = _x509CertificateParser.ReadCertificate(certBytes);
ICollection <BCX509.X509Certificate> certPath = new List <BCX509.X509Certificate>();
certPath.Add(bcCert);
IDigest digest;
string hashOid;
string signOid;
if (GostCryptoConfig.ProviderType == ProviderTypes.CryptoPro256)
{
digest = new GOST3411_2012_256Digest();
signOid = Constants.OID_GR3410_12_256;
hashOid = Constants.OID_GR3411_12_256;
}
else if (GostCryptoConfig.ProviderType == ProviderTypes.CryptoPro512)
{
digest = new GOST3411_2012_512Digest();
signOid = Constants.OID_GR3410_12_512;
hashOid = Constants.OID_GR3411_12_512;
}
else
{
digest = new Gost3411Digest();
signOid = Constants.OID_GR3410_2001;
hashOid = Constants.OID_GR3411_2001;
}
byte[] dataHash = ComputeDigest(digest, data);
// Construct SignerInfo.signedAttrs
Asn1EncodableVector signedAttributesVector = new Asn1EncodableVector();
// Add PKCS#9 contentType signed attribute
signedAttributesVector.Add(
new Org.BouncyCastle.Asn1.Cms.Attribute(
new DerObjectIdentifier(Constants.szOID_RSA_contentType),
new DerSet(new DerObjectIdentifier(Constants.szOID_RSA_data))));
// Add PKCS#9 messageDigest signed attribute
signedAttributesVector.Add(
new Org.BouncyCastle.Asn1.Cms.Attribute(
new DerObjectIdentifier(Constants.szOID_RSA_messageDigest),
new DerSet(new DerOctetString(dataHash))));
// Add PKCS#9 signingTime signed attribute
signedAttributesVector.Add(
new Org.BouncyCastle.Asn1.Cms.Attribute(
new DerObjectIdentifier(Constants.szOID_RSA_signingTime),
new DerSet(new Org.BouncyCastle.Asn1.Cms.Time(new DerUtcTime(DateTime.UtcNow)))));
DerSet signedAttributes = new DerSet(signedAttributesVector);
byte[] pkcs1Digest = ComputeDigest(digest, signedAttributes.GetDerEncoded());
//byte[] pkcs1DigestInfo = CreateDigestInfo(pkcs1Digest, hashOid);
var formatter = new GostSignatureFormatter(alg);
var signature = formatter.CreateSignature(pkcs1Digest);
// Construct SignerInfo
SignerInfo signerInfo = new SignerInfo(
new SignerIdentifier(new IssuerAndSerialNumber(bcCert.IssuerDN, bcCert.SerialNumber)),
new AlgorithmIdentifier(new DerObjectIdentifier(hashOid), null),
signedAttributes,
new AlgorithmIdentifier(new DerObjectIdentifier(signOid), null),
new DerOctetString(signature),
null);
// Construct SignedData.digestAlgorithms
Asn1EncodableVector digestAlgorithmsVector = new Asn1EncodableVector();
digestAlgorithmsVector.Add(new AlgorithmIdentifier(new DerObjectIdentifier(hashOid), null));
// Construct SignedData.encapContentInfo
ContentInfo encapContentInfo = new ContentInfo(
new DerObjectIdentifier(Constants.szOID_RSA_data),
(detached) ? null : new DerOctetString(data));
// Construct SignedData.certificates
Asn1EncodableVector certificatesVector = new Asn1EncodableVector();
foreach (BCX509.X509Certificate cert in certPath)
{
certificatesVector.Add(X509CertificateStructure.GetInstance(Asn1Object.FromByteArray(cert.GetEncoded())));
}
// Construct SignedData.signerInfos
Asn1EncodableVector signerInfosVector = new Asn1EncodableVector();
signerInfosVector.Add(signerInfo.ToAsn1Object());
// Construct SignedData
SignedData signedData = new SignedData(
new DerSet(digestAlgorithmsVector),
encapContentInfo,
new BerSet(certificatesVector),
null,
new DerSet(signerInfosVector));
// Construct top level ContentInfo
ContentInfo contentInfo = new ContentInfo(
new DerObjectIdentifier(Constants.szOID_RSA_signedData),
signedData);
return(contentInfo.GetDerEncoded());
}
