Exemple #1
1
        protected string CheckSig()
        {
            var formData = Request.Form;
            var text = formData["txtSign"];
            var sig = formData["txtSig"];

            string output = "INVALID!";

            if (!string.IsNullOrEmpty(sig))
            {
                try
                {
                    ContentInfo contentInfo = new ContentInfo(Encoding.UTF8.GetBytes(text));

                    SignedCms signedCms = new SignedCms(contentInfo, true);

                    signedCms.Decode(Convert.FromBase64String(sig));

                    // This checks if the signature is valid, but doensn't actually verify the cert (TODO)
                    signedCms.CheckSignature(true);

                    output = "Signature valid.";

                    signedCms.CheckSignature(false);

                    output += "<br>Cert valid";
                }
                catch (Exception e)
                {
                    output += "<br>" + e.ToString();
                }
            }

            return output;
        }
Exemple #2
0
		public EnvelopedCms (ContentInfo contentInfo) : this ()
		{
			if (contentInfo == null)
				throw new ArgumentNullException ("contentInfo");

			_content = contentInfo;
		}
        public sealed override byte[] Encrypt(CmsRecipientCollection recipients, ContentInfo contentInfo, AlgorithmIdentifier contentEncryptionAlgorithm, X509Certificate2Collection originatorCerts, CryptographicAttributeObjectCollection unprotectedAttributes)
        {
            using (SafeCryptMsgHandle hCryptMsg = EncodeHelpers.CreateCryptMsgHandleToEncode(recipients, contentInfo.ContentType, contentEncryptionAlgorithm, originatorCerts, unprotectedAttributes))
            {
                byte[] encodedContent;
                if (contentInfo.ContentType.Value.Equals(Oids.Pkcs7Data, StringComparison.OrdinalIgnoreCase))
                {
                    unsafe
                    {
                        byte[] content = contentInfo.Content;
                        fixed (byte* pContent = content)
                        {
                            DATA_BLOB blob = new DATA_BLOB((IntPtr)pContent, (uint)(content.Length));
                            encodedContent = Interop.Crypt32.CryptEncodeObjectToByteArray(CryptDecodeObjectStructType.X509_OCTET_STRING, &blob);
                        }
                    }
                }
                else
                {
                    encodedContent = contentInfo.Content;
                }

                if (encodedContent.Length > 0)
                {
                    if (!Interop.Crypt32.CryptMsgUpdate(hCryptMsg, encodedContent, encodedContent.Length, fFinal: true))
                        throw Marshal.GetLastWin32Error().ToCryptographicException();
                }

                byte[] encodedMessage = hCryptMsg.GetMsgParamAsByteArray(CryptMsgParamType.CMSG_CONTENT_PARAM);
                return encodedMessage;
            }
        }
        /// <summary> 
        /// Firma el mensaje PKCS #7 con el certificado del firmante
        /// </summary> 
        /// <param name="pMensaje">Mensaje (como cadena de bytes)</param> 
        /// <param name="pCertificadoFirmante">Certificado usado para firmar</param> 
        /// <returns>Mensaje Firmado (como cadena de bytes)</returns> 
        /// <remarks></remarks> 
        public static byte[] FirmarMensaje(byte[] pMensaje, X509Certificate2 pCertificadoFirmante)
        {
            byte[] msjFirmado;

            try
            {
                // Se pone el Mensaje recibido en un objeto ContentInfo                 
                ContentInfo infoContenidoMsj    = new ContentInfo(pMensaje);
                // Se instancia el CMS Firmado con el ContentInfo
                SignedCms cmsFirmado            = new SignedCms(infoContenidoMsj);
                // Se instancia el objeto CmsSigner con las caracteristicas del firmante 
                CmsSigner cmsFirmante = new CmsSigner(pCertificadoFirmante);

                cmsFirmante.IncludeOption = X509IncludeOption.EndCertOnly;

                // Se firma el mensaje PKCS #7 con el certificado
                cmsFirmado.ComputeSignature(cmsFirmante);

                msjFirmado = cmsFirmado.Encode();

                // Retorno el mensaje PKCS #7 firmado . 
                return msjFirmado;
            }
            catch (Exception excepcionAlFirmar)
            {
                throw new Exception("ERROR: Procedimiento: FirmarMensaje. Al intentar firmar el mensaje con el certificado del firmante: " + excepcionAlFirmar.Message);
            }
        }
Exemple #5
0
		public void ConstructorNonPkcs7Oid ()
		{
			Oid o = new Oid ("1.2.3.4");
			ContentInfo ci = new ContentInfo (o, asnNull);
			Assert.AreEqual (asnNull, ci.Content, "Content");
			Assert.AreEqual ("1.2.3.4", ci.ContentType.Value, "ContentType.Value");
		}
        /// <summary> 
        /// Firma mensaje 
        /// </summary> 
        /// <param name="argBytesMsg">Bytes del mensaje</param> 
        /// <param name="argCertFirmante">Certificado usado para firmar</param> 
        /// <returns>Bytes del mensaje firmado</returns> 
        /// <remarks></remarks> 
        public static byte[] FirmaBytesMensaje(byte[] argBytesMsg, X509Certificate2 argCertFirmante)
        {
            try
            {
                // Pongo el mensaje en un objeto ContentInfo (requerido para construir el obj SignedCms)
                ContentInfo infoContenido = new ContentInfo(argBytesMsg);
                SignedCms cmsFirmado = new SignedCms(infoContenido);

                // Creo objeto CmsSigner que tiene las caracteristicas del firmante
                CmsSigner cmsFirmante = new CmsSigner(argCertFirmante);
                cmsFirmante.IncludeOption = X509IncludeOption.EndCertOnly;

                if (VerboseMode)
                {
                    Console.WriteLine("***Firmando bytes del mensaje...");
                }
                // Firmo el mensaje PKCS #7
                cmsFirmado.ComputeSignature(cmsFirmante);

                if (VerboseMode)
                {
                    Console.WriteLine("***OK mensaje firmado");
                }

                // Encodeo el mensaje PKCS #7.
                return cmsFirmado.Encode();
            }
            catch (Exception excepcionAlFirmar)
            {
                throw new Exception("***Error al firmar: " + excepcionAlFirmar.Message);
            }
        }
Exemple #7
0
		public void ConstructorContent () 
		{
			ContentInfo ci = new ContentInfo (asnNull);
			Assert.AreEqual (asnNull, ci.Content, "Content");
			Assert.AreEqual (defaultName, ci.ContentType.FriendlyName, "ContentType.FriendlyName");
			Assert.AreEqual (defaultOid, ci.ContentType.Value, "ContentType.Value");
		}
Exemple #8
0
		public EnvelopedCms (SubjectIdentifierType recipientIdentifierType, ContentInfo contentInfo) 
			: this (contentInfo) 
		{
			_idType = recipientIdentifierType;
			if (_idType == SubjectIdentifierType.SubjectKeyIdentifier)
				_version = 2;
		}
Exemple #9
0
		public EnvelopedCms (ContentInfo contentInfo, AlgorithmIdentifier encryptionAlgorithm)
			: this (contentInfo) 
		{
			if (encryptionAlgorithm == null)
				throw new ArgumentNullException ("encryptionAlgorithm");

			_identifier = encryptionAlgorithm;
		}
Exemple #10
0
 private byte[] Sign(byte[] messageBytes)
 {
     Pkcs.ContentInfo content = new Pkcs.ContentInfo(messageBytes);
     Pkcs.SignedCms   signed  = new Pkcs.SignedCms(content);
     Pkcs.CmsSigner   signer  = new Pkcs.CmsSigner(_signerCert);
     signed.ComputeSignature(signer);
     byte[] signedBytes = signed.Encode();
     return(signedBytes);
 }
Exemple #11
0
        public byte[] encrypt(byte[] plainTest)
        {
            envelopedContentInfo = new ContentInfo(plainTest);
            envelopedCms = new EnvelopedCms(envelopedContentInfo);
            envelopeCmsResipient = new CmsRecipient(SubjectIdentifierType.IssuerAndSerialNumber, cryptographyClientCert);

            envelopedCms.Encrypt(envelopeCmsResipient);
            return envelopedCms.Encode();
        }
 public byte[] Sign(byte[] data)
 {
     ContentInfo contentInfo = new ContentInfo(_md5.ComputeHash(data));
     SignedCms signedCms = new SignedCms(contentInfo);
     CmsSigner cmsSigner = new CmsSigner(_cert);
     cmsSigner.IncludeOption = X509IncludeOption.WholeChain;
     signedCms.ComputeSignature(cmsSigner);
     return signedCms.Encode();
 }
		public SignedCms (ContentInfo content, bool detached) 
			: this ()
		{
			if (content == null)
				throw new ArgumentNullException ("content");

			_content = content;
			_detached = detached;
		}
 private byte[] EncryptedBytes(byte[] bytes)
 {
     var contentInfo = new ContentInfo(bytes);
     var encryptAlgoOid = new Oid("2.16.840.1.101.3.4.1.42"); // AES-256-CBC            
     var envelopedCms = new EnvelopedCms(contentInfo, new AlgorithmIdentifier(encryptAlgoOid));
     var recipient = new CmsRecipient(CryptographicCertificate);
     envelopedCms.Encrypt(recipient);
     return envelopedCms.Encode();
 }
        /// <summary>
        /// Encrypts the specified string.
        /// </summary>
        /// <param name="plaintext">The plaintext to be encrypted.</param>
        /// <param name="certificate">The certificate to be used for encryption.</param>
        /// <returns>The encrypted text.</returns>
        public static string Encrypt(this string plaintext, X509Certificate2 certificate)
        {
            var contentInfo = new ContentInfo(Encoding.UTF8.GetBytes(plaintext));
            var envelopedCms = new EnvelopedCms(contentInfo);

            var cmsRecipient = new CmsRecipient(certificate);
            envelopedCms.Encrypt(cmsRecipient);

            return Convert.ToBase64String(envelopedCms.Encode());
        }
Exemple #16
0
    private byte[] Envelope(byte[] contentBytes)
    {
        Pkcs.ContentInfo  content   = new Pkcs.ContentInfo(contentBytes);
        Pkcs.EnvelopedCms envMsg    = new Pkcs.EnvelopedCms(content);
        Pkcs.CmsRecipient recipient = new Pkcs.CmsRecipient(Pkcs.SubjectIdentifierType.IssuerAndSerialNumber, _recipientCert);
        envMsg.Encrypt(recipient);
        byte[] encryptedBytes = envMsg.Encode();

        return(encryptedBytes);
    }
Exemple #17
0
        public static byte[] Encode(byte[] arMessage, object signerCert, string signerPassword)
        {
            X509Certificate2 cert        = signerCert is X509Certificate2 ? (X509Certificate2)signerCert : new X509Certificate2((string)signerCert, signerPassword);
            ContentInfo      contentInfo = new ContentInfo(arMessage);

            SignedCms signedCms = new SignedCms(contentInfo, true); // <- true detaches the signature
            CmsSigner cmsSigner = new CmsSigner(cert);

            signedCms.ComputeSignature(cmsSigner);
            byte[] signature = signedCms.Encode();

            return(signature);
        }
 public static void DecodeAlgorithmDes_RoundTrip()
 {
     AlgorithmIdentifier algorithm = new AlgorithmIdentifier(new Oid(Oids.Des));
     ContentInfo contentInfo = new ContentInfo(new byte[] { 1, 2, 3 });
     EnvelopedCms ecms = new EnvelopedCms(contentInfo, algorithm);
     using (X509Certificate2 cert = Certificates.RSAKeyTransfer1.GetCertificate())
     {
         CmsRecipient cmsRecipient = new CmsRecipient(cert);
         ecms.Encrypt(cmsRecipient);
     }
     byte[] encodedMessage = ecms.Encode();
     VerifyAlgorithmDes(encodedMessage);
 }
Exemple #19
0
        public static void CheckSig(byte[] sig, byte[] data)
        {
            ContentInfo contentInfo = new ContentInfo(data);

            SignedCms signedCms = new SignedCms(contentInfo, true);

            signedCms.Decode(sig);

            // This checks if the signature is valid, but doensn't actually verify the cert (TODO)
            signedCms.CheckSignature(true);

            signedCms.CheckSignature(false);
        }
Exemple #20
0
        public static void DecodeCertificates0_RoundTrip()
        {
            ContentInfo contentInfo = new ContentInfo(new byte[] { 1, 2, 3 });
            EnvelopedCms ecms = new EnvelopedCms(contentInfo);
            using (X509Certificate2 cert = Certificates.RSAKeyTransfer1.GetCertificate())
            {
                CmsRecipient cmsRecipient = new CmsRecipient(cert);
                ecms.Encrypt(cmsRecipient);
            }
            byte[] encodedMessage = ecms.Encode();

            VerifyCertificates0(encodedMessage);
        }
Exemple #21
0
        public static void DecodeRecipients3_RoundTrip()
        {
            ContentInfo contentInfo = new ContentInfo(new byte[] { 1, 2, 3 });
            EnvelopedCms ecms = new EnvelopedCms(contentInfo);
            CmsRecipientCollection recipients = new CmsRecipientCollection();
            foreach (X509Certificate2 cert in s_certs)
            {
                recipients.Add(new CmsRecipient(cert));
            }
            ecms.Encrypt(recipients);
            byte[] encodedMessage = ecms.Encode();

            VerifyRecipients3(encodedMessage);
        }
Exemple #22
0
        public EnvelopedCms(ContentInfo contentInfo, AlgorithmIdentifier encryptionAlgorithm)
        {
            if (contentInfo == null)
                throw new ArgumentNullException(nameof(contentInfo));
            if (encryptionAlgorithm == null)
                throw new ArgumentNullException(nameof(encryptionAlgorithm));

            Version = 0;  // It makes little sense to ask for a version before you've decoded, but since the desktop returns 0 in that case, we will too.
            ContentInfo = contentInfo;
            ContentEncryptionAlgorithm = encryptionAlgorithm;
            Certificates = new X509Certificate2Collection();
            UnprotectedAttributes = new CryptographicAttributeObjectCollection();
            _decryptorPal = null;
            _lastCall = LastCall.Ctor;
        }
        public static String CheckFileSignature(ContentInfo content, byte[] signature)
        {
            var verifyCms = new SignedCms(content, true);
            verifyCms.Decode(signature);

            var cert = verifyCms.SignerInfos[0].Certificate;

            try
            {
                verifyCms.CheckSignature(new X509Certificate2Collection(cert), false);
                return @"Signature is valid";
            }
            catch (CryptographicException)
            {
                return @"Signature is not valid for content";
            }
        }
        private byte[] FirmaBytesMensaje( byte[] argBytesMsg, X509Certificate2 argCertFirmante )
        {
            ContentInfo infoContenido = new ContentInfo( argBytesMsg );
            SignedCms cmsFirmado = new SignedCms( infoContenido );
            CmsSigner cmsFirmante = new CmsSigner( argCertFirmante );

            try
            {
                cmsFirmante.IncludeOption = X509IncludeOption.EndCertOnly;
                cmsFirmado.ComputeSignature( cmsFirmante );

            }
            catch ( Exception error )
            {
                this.manejadorErrores.ManejarError( error, "FirmaBytesMensaje", error.Message );
            }
            return cmsFirmado.Encode();
        }
Exemple #25
0
        private MailMessage GenerateHtmlMessage(string from, string to, string subject, string content, string[] attachmentFilepaths)
        {
            MailMessage mail = new MailMessage();
            mail.From = new MailAddress(from);
            mail.To.Add(to);
            mail.Subject = subject;
            string body = null;
            if (attachmentFilepaths != null && attachmentFilepaths.Length > 0)
            {
                StringBuilder sb = new StringBuilder();
                sb.Append("MIME-Version: 1.0\r\n");
                sb.Append("Content-Type: multipart/mixed; boundary=unique-boundary-1\r\n");
                sb.Append("\r\n");
                sb.Append("This is a multi-part message in MIME format.\r\n");
                sb.Append("--unique-boundary-1\r\n");
                sb.Append("Content-Type: text/html\r\n");  //could use text/plain as well here if you want a plaintext message
                sb.Append("Content-Transfer-Encoding: 7Bit\r\n\r\n");
                sb.Append(content);
                if (!content.EndsWith("\r\n"))
                    sb.Append("\r\n");
                sb.Append("\r\n\r\n");
                foreach (string filepath in attachmentFilepaths)
                {
                    sb.Append(GenerateRawAttachement(filepath));
                }
                body = sb.ToString();
            }
            else
            {
                body = "Content-Type: text/html\r\nContent-Transfer-Encoding: 7Bit\r\n\r\n" + content;
            }
            //input your certification and private key.
            X509Certificate2 cert = new X509Certificate2("emailcertification.pfx", "6522626", X509KeyStorageFlags.Exportable | X509KeyStorageFlags.PersistKeySet);
            ContentInfo contentInfo = new ContentInfo(Encoding.UTF8.GetBytes(body));
            SignedCms signedCms = new SignedCms(contentInfo, false);
            CmsSigner Signer = new CmsSigner(SubjectIdentifierType.IssuerAndSerialNumber, cert);
            signedCms.ComputeSignature(Signer);
            byte[] signedBytes = signedCms.Encode();
            MemoryStream stream = new MemoryStream(signedBytes);
            AlternateView view = new AlternateView(stream, "application/pkcs7-mime; smime-type=signed-data;name=smime.p7m");
            mail.AlternateViews.Add(view);

            return mail;
        }
 public static void ZeroLengthContent_RoundTrip()
 {
     ContentInfo contentInfo = new ContentInfo(Array.Empty<byte>());
     EnvelopedCms ecms = new EnvelopedCms(contentInfo);
     using (X509Certificate2 cert = Certificates.RSAKeyTransfer1.GetCertificate())
     {
         CmsRecipient cmsRecipient = new CmsRecipient(cert);
         try
         {
             ecms.Encrypt(cmsRecipient);
         }
         catch (CryptographicException e)
         {
             throw new Exception("ecms.Encrypt() threw " + e.Message + ".\nIf you're running on the desktop CLR, this is actually an expected result.");
         }
     }
     byte[] encodedMessage = ecms.Encode();
     ValidateZeroLengthContent(encodedMessage);
 }
Exemple #27
0
        public SignedCms (SubjectIdentifierType signerIdentifierType, ContentInfo contentInfo, bool detached) {
            if (contentInfo == null)
                throw new ArgumentNullException("contentInfo");

            if (contentInfo.Content == null)
                throw new ArgumentNullException("contentInfo.Content");

            // Reset all states.
            if (signerIdentifierType != SubjectIdentifierType.SubjectKeyIdentifier && 
                signerIdentifierType != SubjectIdentifierType.IssuerAndSerialNumber &&
                signerIdentifierType != SubjectIdentifierType.NoSignature) {
                signerIdentifierType = SubjectIdentifierType.IssuerAndSerialNumber;
            }

            m_safeCryptMsgHandle = SafeCryptMsgHandle.InvalidHandle;
            m_signerIdentifierType =  signerIdentifierType;
            m_version = 0;
            m_contentInfo = contentInfo;
            m_detached = detached;
        }
Exemple #28
0
        public static byte[] FirmaFileBouncy(byte[] data, X509Certificate2 cert)
        {
            try
            {
                SHA256Managed        hashSha256 = new SHA256Managed();
                byte[]               certHash   = hashSha256.ComputeHash(cert.RawData);
                EssCertIDv2          essCert1   = new EssCertIDv2(new Org.BouncyCastle.Asn1.X509.AlgorithmIdentifier("2.16.840.1.101.3.4.2.1"), certHash);
                SigningCertificateV2 scv2       = new SigningCertificateV2(new EssCertIDv2[] { essCert1 });
                Org.BouncyCastle.Asn1.Cms.Attribute CertHAttribute = new Org.BouncyCastle.Asn1.Cms.Attribute(Org.BouncyCastle.Asn1.Pkcs.PkcsObjectIdentifiers.IdAASigningCertificateV2, new DerSet(scv2));
                Asn1EncodableVector v = new Asn1EncodableVector();
                v.Add(CertHAttribute);
                Org.BouncyCastle.Asn1.Cms.AttributeTable AT = new Org.BouncyCastle.Asn1.Cms.AttributeTable(v);

                CmsSignedDataGenWithRsaCsp cms = new CmsSignedDataGenWithRsaCsp();

                var rsa = (RSACryptoServiceProvider)cert.PrivateKey;
                Org.BouncyCastle.X509.X509Certificate certCopy = DotNetUtilities.FromX509Certificate(cert);
                cms.MyAddSigner(rsa, certCopy, "1.2.840.113549.1.1.1", "2.16.840.1.101.3.4.2.1", AT, null);
                ArrayList certList = new ArrayList();
                certList.Add(certCopy);
                Org.BouncyCastle.X509.Store.X509CollectionStoreParameters PP = new Org.BouncyCastle.X509.Store.X509CollectionStoreParameters(certList);
                Org.BouncyCastle.X509.Store.IX509Store st1 = Org.BouncyCastle.X509.Store.X509StoreFactory.Create("CERTIFICATE/COLLECTION", PP);
                cms.AddCertificates(st1);
                //mi ricavo il file da firmare
                CmsSignedData Firmato = cms.Generate(new CmsProcessableByteArray(data), false);

                CmsSigner cmsSigner = new CmsSigner(cert);
                cmsSigner.IncludeOption = X509IncludeOption.EndCertOnly;

                System.Security.Cryptography.Pkcs.ContentInfo contentInfo = new System.Security.Cryptography.Pkcs.ContentInfo(Firmato.GetEncoded());
                SignedCms signedCms = new SignedCms();
                signedCms.Decode(Firmato.GetEncoded());
                byte[] ret = signedCms.Encode();
                return(ret);
            }
            catch
            {
                return(null);
            }
        }
Exemple #29
0
        public static SignatureResponse Sign(byte[] data)
        {
            // TODO:
            // padding configuration
            // algorithm configuration
            // encoding configuration
            /*
            SHA1Managed sha1 = new SHA1Managed();
            byte[] hash = sha1.ComputeHash(data);

            var sig = csp.SignHash(hash, CryptoConfig.MapNameToOID("SHA1"));
            //sig = csp.SignData(Encoding.UTF8.GetBytes(text), CryptoConfig.MapNameToOID("SHA1"));

            MessageBox.Show("SignData");
            */

            var content = new ContentInfo(data);
            var cms = new SignedCms(content, true); // TODO detached config
            var signer = new CmsSigner();
            signer.IncludeOption = X509IncludeOption.EndCertOnly;

            cms.ComputeSignature(signer, false);
            var sig = cms.Encode();

            //ensure my signature is correct before continuing.
            cms.CheckSignature(true);

            var newCMS = new SignedCms(content, false);
            newCMS.Decode(sig);
            newCMS.CheckSignature(true);

            var cert = cms.Certificates[0];
            CheckSig(sig, data);
            return new SignatureResponse
            {
                publicKey = Convert.ToBase64String(cert.PublicKey.EncodedKeyValue.RawData),
                signature = Convert.ToBase64String(sig),
                fullSig = null // TODO
            };
        }
Exemple #30
0
        public static byte[] Encrypt(byte[] message, object recipientCert, string encryptionAlgorithm)
        {
            if (!string.Equals(encryptionAlgorithm, EncryptionAlgorithm.DES3) && !string.Equals(encryptionAlgorithm, EncryptionAlgorithm.RC2))
            {
                throw new ArgumentException("encryptionAlgorithm argument must be 3DES or RC2 - value specified was:" + encryptionAlgorithm);
            }

            X509Certificate2 cert = recipientCert is X509Certificate2 ? (X509Certificate2)recipientCert : new X509Certificate2((string)recipientCert);

            ContentInfo contentInfo = new ContentInfo(message);

            EnvelopedCms envelopedCms = new EnvelopedCms(contentInfo,
                                                         new AlgorithmIdentifier(new System.Security.Cryptography.Oid(encryptionAlgorithm))); // should be 3DES or RC2

            CmsRecipient recipient = new CmsRecipient(SubjectIdentifierType.IssuerAndSerialNumber, cert);

            envelopedCms.Encrypt(recipient);

            byte[] encoded = envelopedCms.Encode();

            return(encoded);
        }
        public static byte[] SignFile(X509Certificate2 cert, byte[] data)
        {
            try
            {
                ContentInfo content = new ContentInfo(data);
                SignedCms signedCms = new SignedCms(content, false);
                if (VerifySign(data))
                {
                    signedCms.Decode(data);
                }

                CmsSigner signer = new CmsSigner(cert);
                signer.IncludeOption = X509IncludeOption.WholeChain;
                signedCms.ComputeSignature(signer);

                return signedCms.Encode();
            }
            catch (Exception ex)
            {
                throw new Exception("Erro ao assinar arquivo. A mensagem retornada foi: " + ex.Message);
            }
        }
        internal static DecryptorPalWindows Decode(
            byte[] encodedMessage,
            out int version,
            out ContentInfo contentInfo,
            out AlgorithmIdentifier contentEncryptionAlgorithm,
            out X509Certificate2Collection originatorCerts,
            out CryptographicAttributeObjectCollection unprotectedAttributes
            )
        {
            SafeCryptMsgHandle hCryptMsg = Interop.Crypt32.CryptMsgOpenToDecode(MsgEncodingType.All, 0, 0, IntPtr.Zero, IntPtr.Zero, IntPtr.Zero);
            if (hCryptMsg == null || hCryptMsg.IsInvalid)
                throw Marshal.GetLastWin32Error().ToCryptographicException();

            if (!Interop.Crypt32.CryptMsgUpdate(hCryptMsg, encodedMessage, encodedMessage.Length, fFinal: true))
                throw Marshal.GetLastWin32Error().ToCryptographicException();

            CryptMsgType cryptMsgType = hCryptMsg.GetMessageType();
            if (cryptMsgType != CryptMsgType.CMSG_ENVELOPED)
                throw ErrorCode.CRYPT_E_INVALID_MSG_TYPE.ToCryptographicException();

            version = hCryptMsg.GetVersion();

            contentInfo = hCryptMsg.GetContentInfo();

            using (SafeHandle sh = hCryptMsg.GetMsgParamAsMemory(CryptMsgParamType.CMSG_ENVELOPE_ALGORITHM_PARAM))
            {
                unsafe
                {
                    CRYPT_ALGORITHM_IDENTIFIER* pCryptAlgorithmIdentifier = (CRYPT_ALGORITHM_IDENTIFIER*)(sh.DangerousGetHandle());
                    contentEncryptionAlgorithm = (*pCryptAlgorithmIdentifier).ToAlgorithmIdentifier();
                }
            }

            originatorCerts = hCryptMsg.GetOriginatorCerts();
            unprotectedAttributes = hCryptMsg.GetUnprotectedAttributes();

            RecipientInfoCollection recipientInfos = CreateRecipientInfos(hCryptMsg);
            return new DecryptorPalWindows(hCryptMsg, recipientInfos);
        }
        /// <summary>
        /// Подписание данных (файла) с помощью сертификата ЭП 
        /// </summary>
        /// <param name="certificate">Сертификат Электронной Подписи, которым будет подписан файл</param>
        /// <returns>Файл с подписью (в случае прикрепленной подписи будет файл с данными и подписью) </returns>
        public byte[] Sign(ICertificate certificate)
        {
            //создаем контейнер с данными, которые будут подписываться
            var content = new ContentInfo(this.Original);

            //создаем пакет, в который помещаем контейнер с данными и параметры подписи
            //это основной объект, в рамках которого формируются проверки и преобразования подписи
            var cms = new SignedCms(content, this.Detached);

            //создаем подписанта (объект на основе сертификата, который будет подписывать)
            var signer = new CmsSigner(certificate.CertificateX509);

            //с помощью подписанта подписываем пакет так,
            //что теперь в пакете находятся не сами данные,
            //а именно подписанные данные, то есть:
            //  - сама подпись в случае отсоединенной подписи
            //  - подпись с оригинальными данными в случае присоединенной подписи
            cms.ComputeSignature(signer, false);

            // сохраняем подписанный пакет
            byte[] result = cms.Encode();

            return result;
        }
Exemple #34
0
 public SignedCms(ContentInfo content)
     : this(content, false)
 {
 }
Exemple #35
0
 public SignedCms(SubjectIdentifierType signerIdentifierType, ContentInfo content)
     : this(content, false)
 {
     _type = signerIdentifierType;
 }
Exemple #36
0
 public SignedCms(SubjectIdentifierType signerIdentifierType, ContentInfo content, bool detached)
     : this(content, detached)
 {
     _type = signerIdentifierType;
 }
Exemple #37
0
 public SignedCms(ContentInfo contentInfo, bool detached)
     : this(SubjectIdentifierType.IssuerAndSerialNumber, contentInfo, detached)
 {
 }
        public static byte[] SignDetached(byte[] data, X509Certificate2 signingCert)
        {
            ContentInfo content = new ContentInfo(data);

            SignedCms signedMessage = new SignedCms(content, true);

            CmsSigner signer = new CmsSigner(signingCert);

            signedMessage.ComputeSignature(signer);

            byte[] signedBytes = signedMessage.Encode();
            return signedBytes;
        }
Exemple #39
0
        public void Decode(byte[] encodedMessage)
        {
            PKCS7.ContentInfo ci = new PKCS7.ContentInfo(encodedMessage);
            if (ci.ContentType != PKCS7.Oid.signedData)
            {
                throw new Exception("");
            }

            PKCS7.SignedData      sd   = new PKCS7.SignedData(ci.Content);
            SubjectIdentifierType type = SubjectIdentifierType.Unknown;
            object o = null;

            X509Certificate2 x509 = null;

            if (sd.SignerInfo.Certificate != null)
            {
                x509 = new X509Certificate2(sd.SignerInfo.Certificate.RawData);
            }
            else if ((sd.SignerInfo.IssuerName != null) && (sd.SignerInfo.SerialNumber != null))
            {
                byte[] serial = sd.SignerInfo.SerialNumber;
                Array.Reverse(serial);                  // ???
                type = SubjectIdentifierType.IssuerAndSerialNumber;
                X509IssuerSerial xis = new X509IssuerSerial();
                xis.IssuerName   = sd.SignerInfo.IssuerName;
                xis.SerialNumber = ToString(serial, true);
                o = xis;
                // TODO: move to a FindCertificate (issuer, serial, collection)
                foreach (Mono.Security.X509.X509Certificate x in sd.Certificates)
                {
                    if (x.IssuerName == sd.SignerInfo.IssuerName)
                    {
                        if (ToString(x.SerialNumber, true) == xis.SerialNumber)
                        {
                            x509 = new X509Certificate2(x.RawData);
                            break;
                        }
                    }
                }
            }
            else if (sd.SignerInfo.SubjectKeyIdentifier != null)
            {
                string ski = ToString(sd.SignerInfo.SubjectKeyIdentifier, false);
                type = SubjectIdentifierType.SubjectKeyIdentifier;
                o    = (object)ski;
                // TODO: move to a FindCertificate (ski, collection)
                foreach (Mono.Security.X509.X509Certificate x in sd.Certificates)
                {
                    if (ToString(GetKeyIdentifier(x), false) == ski)
                    {
                        x509 = new X509Certificate2(x.RawData);
                        break;
                    }
                }
            }

            SignerInfo si = new SignerInfo(sd.SignerInfo.HashName, x509, type, o, sd.SignerInfo.Version);

            // si.AuthenticatedAttributes
            // si.UnauthenticatedAttributes
            _info.Add(si);

            ASN1 content = sd.ContentInfo.Content;
            Oid  oid     = new Oid(sd.ContentInfo.ContentType);

            if (!_detached || _content == null)
            {
                if (content[0] == null)
                {
                    throw new ArgumentException("ContentInfo has no content. Detached signature ?");
                }

                _content = new ContentInfo(oid, content[0].Value);
            }

            foreach (Mono.Security.X509.X509Certificate x in sd.Certificates)
            {
                _certs.Add(new X509Certificate2(x.RawData));
            }

            _version = sd.Version;
        }
 public EnvelopedCms(ContentInfo contentInfo)
     : this(contentInfo, new AlgorithmIdentifier(Oid.FromOidValue(Oids.TripleDesCbc, OidGroup.EncryptionAlgorithm)))
 {
 }
Exemple #41
0
 public EnvelopedCms(ContentInfo contentInfo)
     : this(contentInfo, new AlgorithmIdentifier(Oids.Aes256CbcOid.CopyOid()))
 {
 }
Exemple #42
0
 public SignedCms(SubjectIdentifierType signerIdentifierType, ContentInfo contentInfo)
     : this(signerIdentifierType, contentInfo, false)
 {
 }
        public static bool VerifyDetached(byte[] data, byte[] signature)
        {
            ContentInfo content = new ContentInfo(data);

            SignedCms signedMessage = new SignedCms(content, true);

            signedMessage.Decode(signature);

            try
            {
                signedMessage.CheckSignature(false);
                return true;
            }
            catch
            {
                return false;
            }
        }
Exemple #44
0
 public SignedCms(ContentInfo contentInfo)
     : this(SubjectIdentifierType.IssuerAndSerialNumber, contentInfo, false)
 {
 }