protected string CheckSig() { var formData = Request.Form; var text = formData["txtSign"]; var sig = formData["txtSig"]; string output = "INVALID!"; if (!string.IsNullOrEmpty(sig)) { try { ContentInfo contentInfo = new ContentInfo(Encoding.UTF8.GetBytes(text)); SignedCms signedCms = new SignedCms(contentInfo, true); signedCms.Decode(Convert.FromBase64String(sig)); // This checks if the signature is valid, but doensn't actually verify the cert (TODO) signedCms.CheckSignature(true); output = "Signature valid."; signedCms.CheckSignature(false); output += "<br>Cert valid"; } catch (Exception e) { output += "<br>" + e.ToString(); } } return output; }
public static void CheckSig(byte[] sig, byte[] data) { ContentInfo contentInfo = new ContentInfo(data); SignedCms signedCms = new SignedCms(contentInfo, true); signedCms.Decode(sig); // This checks if the signature is valid, but doensn't actually verify the cert (TODO) signedCms.CheckSignature(true); signedCms.CheckSignature(false); }
public bool Verify(byte[] data, byte[] signature) { var signedCms = new SignedCms(); signedCms.Decode(signature); try { signedCms.CheckSignature(_certificate2Collection, false); } catch(Exception e) { return false; } return signedCms.ContentInfo.Content.SequenceEqual(_md5.ComputeHash(data)); }
public static String CheckFileSignature(ContentInfo content, byte[] signature) { var verifyCms = new SignedCms(content, true); verifyCms.Decode(signature); var cert = verifyCms.SignerInfos[0].Certificate; try { verifyCms.CheckSignature(new X509Certificate2Collection(cert), false); return @"Signature is valid"; } catch (CryptographicException) { return @"Signature is not valid for content"; } }
public static SignatureResponse Sign(byte[] data) { // TODO: // padding configuration // algorithm configuration // encoding configuration /* SHA1Managed sha1 = new SHA1Managed(); byte[] hash = sha1.ComputeHash(data); var sig = csp.SignHash(hash, CryptoConfig.MapNameToOID("SHA1")); //sig = csp.SignData(Encoding.UTF8.GetBytes(text), CryptoConfig.MapNameToOID("SHA1")); MessageBox.Show("SignData"); */ var content = new ContentInfo(data); var cms = new SignedCms(content, true); // TODO detached config var signer = new CmsSigner(); signer.IncludeOption = X509IncludeOption.EndCertOnly; cms.ComputeSignature(signer, false); var sig = cms.Encode(); //ensure my signature is correct before continuing. cms.CheckSignature(true); var newCMS = new SignedCms(content, false); newCMS.Decode(sig); newCMS.CheckSignature(true); var cert = cms.Certificates[0]; CheckSig(sig, data); return new SignatureResponse { publicKey = Convert.ToBase64String(cert.PublicKey.EncodedKeyValue.RawData), signature = Convert.ToBase64String(sig), fullSig = null // TODO }; }
private TimestampInformation GetTimestampInformation(X509Native.AXL_AUTHENTICODE_TIMESTAMPER_INFO timestamper, XmlElement licenseNode) { Debug.Assert(licenseNode != null, "licenseNode != null"); TimestampInformation timestamp = null; // If the timestamper is a trusted publisher, then CAPI has done the work for us; // If the leaf certificate is not explicitly a trusted publisher, CAPI will not process // the timestamp information so we will verify it ourselves. In any other case, we will // return no timestamp information. if (timestamper.dwError == (int)SignatureVerificationResult.Valid) { timestamp = new TimestampInformation(timestamper); } else if (timestamper.dwError == (int)SignatureVerificationResult.CertificateNotExplicitlyTrusted || timestamper.dwError == (int)SignatureVerificationResult.MissingSignature) { XmlElement timestampElement = licenseNode.SelectSingleNode("r:issuer/ds:Signature/ds:Object/as:Timestamp", m_namespaceManager) as XmlElement; if (timestampElement != null) { // The timestamp is held as a parameter of a base64 encoded PKCS7 message in the signature byte[] timestampBlob = Convert.FromBase64String(timestampElement.InnerText); try { SignedCms timestampCms = new SignedCms(); timestampCms.Decode(timestampBlob); timestampCms.CheckSignature(true); // The SignedCms class does not expose a way to read arbitrary properties from the // message, nor does it expose the HCRYPTMSG to P/Invoke with. We cannot access the // actual timestamp because of this, so for signatures which are not created by a // trusted publisher, we will return a null timestamp. This should be corrected in // v3 of the CLR, as we can extend SignedCms to have the properties we need to // pull all of this information. timestamp = null; } catch (CryptographicException e) { timestamp = new TimestampInformation((SignatureVerificationResult)Marshal.GetHRForException(e)); } } } else { timestamp = null; } return timestamp; }
/// <summary> /// Stores MIME entity body to the specified stream. /// </summary> /// <param name="stream">Stream where to store body data.</param> /// <param name="headerWordEncoder">Header 8-bit words ecnoder. Value null means that words are not encoded.</param> /// <param name="headerParmetersCharset">Charset to use to encode 8-bit header parameters. Value null means parameters not encoded.</param> /// <param name="headerReencode">If true always specified encoding is used for header. If false and header field value not modified, /// original encoding is kept.</param> /// <exception cref="ArgumentNullException">Is raised when <b>stream</b> is null reference.</exception> internal protected override void ToStream(Stream stream,MIME_Encoding_EncodedWord headerWordEncoder,Encoding headerParmetersCharset,bool headerReencode) { // We have signer certificate, sign this entity. if(this.BodyParts.Count > 0 && m_pSignerCert != null){ // Remove old signature if there is any. if(this.BodyParts.Count > 1){ this.BodyParts.Remove(1); } // Store entity to tmp stream. MemoryStream tmpDataEntityStream = new MemoryStream(); this.BodyParts[0].ToStream(tmpDataEntityStream,null,null,false); // Compute PKCS #7 message. SignedCms signedCms = new SignedCms(new ContentInfo(tmpDataEntityStream.ToArray()),true); signedCms.ComputeSignature(new CmsSigner(m_pSignerCert)); byte[] pkcs7 = signedCms.Encode(); // Create PKCS 7 entity. MIME_Entity entity_application_pkcs7 = new MIME_Entity(); MIME_b_Application application_pkcs7 = new MIME_b_Application(MIME_MediaTypes.Application.x_pkcs7_signature); entity_application_pkcs7.Body = application_pkcs7; application_pkcs7.SetData(new MemoryStream(pkcs7),MIME_TransferEncodings.Base64); entity_application_pkcs7.ContentType.Param_Name = "smime.p7s"; entity_application_pkcs7.ContentDescription = "S/MIME Cryptographic Signature"; this.BodyParts.Add(entity_application_pkcs7); signedCms.Decode(application_pkcs7.Data); signedCms.CheckSignature(true); } base.ToStream(stream,headerWordEncoder,headerParmetersCharset,headerReencode); }
private X509Certificate2 CheckSignAndGetCertificate(FullDocumentInfo documentInfo, Sign sign) { var document = documentInfo.Document; if (document.NeedReceipt && IsNoticeRequired(documentInfo)) { UserInput.Warning("Не удалось проверить подпись документа т.к. на него запрошено УОП"); return null; } var contentInfo = new ContentInfo(GetDocumentContent(document)); var signedCms = new SignedCms(contentInfo, true); try { // проверям подпись (действительность сервтификата не проверям для простоты) signedCms.Decode(sign.Raw); signedCms.CheckSignature(true); } catch (CryptographicException) { UserInput.Error("Подпись на документ {0} недействительна", document.Id); return null; } var certificate = signedCms.Certificates[0]; return certificate; }
public static byte[] VerifyAndRemoveSignature(byte[] data) { SignedCms signedMessage = new SignedCms(); signedMessage.Decode(data); signedMessage.CheckSignature(false); foreach (SignerInfo signer in signedMessage.SignerInfos) { Console.WriteLine("Subject: {0}", signer.Certificate.Subject); } return signedMessage.ContentInfo.Content; }
// Verify the encoded SignedCms message and return a Boolean // value that specifies whether the verification was successful. // Also return the original message that was signed, which is // available as part of the SignedCms message after it // is decoded. public static bool VerifyMsg(byte[] encodedSignedCms, out byte[] origMsg) { // Prepare a SignedCms object in which to decode // and verify. SignedCms signedCms = new SignedCms(); signedCms.Decode(encodedSignedCms); // Catch a verification exception in the event you want to // advise the message recipient that security actions // might be appropriate. try { // Verify signature. Do not validate signer // certificate for the purposes of this example. // Note that in a production environment, validating // the signer certificate chain will probably be // necessary. Console.Write("Checking signature on message ... "); signedCms.CheckSignature(true); Console.WriteLine("Done."); } catch (System.Security.Cryptography.CryptographicException e) { Console.WriteLine("VerifyMsg caught exception: {0}", e.Message); Console.WriteLine("The message may have been modified " + "in transit or storage. Authenticity of the " + "message is not guaranteed."); origMsg = null; return false; } origMsg = signedCms.ContentInfo.Content; return true; }
/// <summary> /// Load's and parses a signed message. The signed message should be in an attachment called smime.p7m /// </summary> /// <param name="storage"></param> private void LoadEncryptedAndMeabySignedMessage(NativeMethods.IStorage storage) { // Create attachment from attachment storage var attachment = new Attachment(new Storage(storage), null); if (attachment.FileName.ToUpperInvariant() != "SMIME.P7M") throw new MRInvalidSignedFile( "The signed file is not valid, it should contain an attachment called smime.p7m but it didn't"); // If the message is signed then it always only contains one attachment called smime.p7m var signedCms = new SignedCms(); signedCms.Decode(attachment.Data); try { signedCms.CheckSignature(signedCms.Certificates, false); SignatureIsValid = true; foreach (var cryptographicAttributeObject in signedCms.SignerInfos[0].SignedAttributes) { if (cryptographicAttributeObject.Values[0] is Pkcs9SigningTime) { var pkcs9SigningTime = (Pkcs9SigningTime)cryptographicAttributeObject.Values[0]; SignedOn = pkcs9SigningTime.SigningTime.ToLocalTime(); } } var certificate = signedCms.SignerInfos[0].Certificate; if (certificate != null) SignedBy = certificate.GetNameInfo(X509NameType.SimpleName, false); } catch (CryptographicException) { SignatureIsValid = false; } // Get the decoded attachment using (var memoryStream = new MemoryStream(signedCms.ContentInfo.Content)) { var eml = Mime.Message.Load(memoryStream); _bodyText = eml.TextBody.GetBodyAsText(); _bodyHtml = eml.HtmlBody.GetBodyAsText(); foreach (var emlAttachment in eml.Attachments) _attachments.Add(new Attachment(emlAttachment)); } }
public void CheckSignatureDetachedSignedCms () { string path = Path.Combine ("Test", "System.Security.Cryptography.Pkcs"); var signedBytes = File.ReadAllBytes (Path.Combine (path, "detached.data")); var bytes = File.ReadAllBytes (Path.Combine (path, "detached.p7")); var oid = new Oid ("1.2.840.113549.1.7.2"); var contentInfo = new ContentInfo (oid, signedBytes); var signedCms = new SignedCms (contentInfo, true); signedCms.Decode (bytes); signedCms.CheckSignature (true); }
/// <summary> /// Extract a list of MIME parts from a multipart/* MIME encoded message. /// </summary> /// <param name="contentType">Content Type of the outermost MIME part.</param> /// <param name="charSet">Character set of the outermost MIME part.</param> /// <param name="contentTransferEncoding">Encoding of the outermost MIME part.</param> /// <param name="body">The outermost MIME part's contents.</param> /// <param name="depth">The nesting layer of this MIME part.</param> /// <param name="processingFlags">Flags determining whether specialized properties are returned with a MailMessage.</param> public static List<MimePart> ExtractMIMEParts(string contentType, string charSet, string contentTransferEncoding, string body, MailMessageProcessingFlags processingFlags, int depth) { List<MimePart> mimeParts = new List<MimePart>(); string contentTypeToUpper = contentType.ToUpper(); if (contentTypeToUpper.StartsWith("MULTIPART/")) { // Prepare to process each part of the multipart/* message. int cursor = 0; // Prepend and append to the body with a carriage return and linefeed for consistent boundary matching. body = "\r\n" + body + "\r\n"; // Determine the outermost boundary name. string boundaryName = Functions.ExtractMimeParameter(contentType, "boundary"); int boundaryNameLength = boundaryName.Length; // Variables used for record keeping with signed S/MIME parts. int signatureBlock = -1; List<string> mimeBlocks = new List<string>(); cursor = body.IndexOf("\r\n--" + boundaryName, 0, StringComparison.Ordinal); while (cursor > -1) { // Calculate the end boundary of the current MIME part. int mimeStartPosition = cursor + boundaryNameLength + 4; int mimeEndPosition = body.IndexOf("\r\n--" + boundaryName, mimeStartPosition, StringComparison.Ordinal); if (mimeEndPosition > -1 && (mimeEndPosition + boundaryNameLength + 6 <= body.Length)) { string afterBoundaryEnd = body.Substring(mimeEndPosition + 4 + boundaryNameLength, 2); if (afterBoundaryEnd == "\r\n" || afterBoundaryEnd == "--") { string mimeContents = body.Substring(mimeStartPosition, mimeEndPosition - mimeStartPosition); // Extract the header portion of the current MIME part. int mimeDivider = mimeContents.IndexOf("\r\n\r\n"); string mimeHeaders, mimeBody; if (mimeDivider > -1) { mimeHeaders = mimeContents.Substring(0, mimeDivider); mimeBody = mimeContents.Substring(mimeDivider + 4); } else { // The following is a workaround to handle malformed MIME bodies. mimeHeaders = mimeContents; mimeBody = ""; int linePos = 0, lastLinePos = 0; while (linePos > -1) { lastLinePos = linePos; linePos = mimeHeaders.IndexOf("\r\n", lastLinePos); if (linePos > -1) { string currentLine = mimeContents.Substring(lastLinePos, linePos - lastLinePos); if (currentLine.Length > 0 && currentLine.IndexOf(":") < 0) { mimeBody = mimeContents.Substring(lastLinePos + 2, mimeContents.Length - lastLinePos - 4); linePos = -1; } else linePos += 2; } } } mimeBlocks.Add(mimeContents); // Divide the MIME part's headers into its components. string mimeCharSet = "", mimeContentDisposition = "", mimeContentID = "", mimeContentType = "", mimeContentTransferEncoding = "", mimeFileName = ""; ExtractMimeHeaders(mimeHeaders, out mimeContentType, out mimeCharSet, out mimeContentTransferEncoding, out mimeContentDisposition, out mimeFileName, out mimeContentID); string mimeContentTypeToUpper = mimeContentType.ToUpper(); if (mimeContentTypeToUpper.StartsWith("MULTIPART/")) { // Recurse through embedded MIME parts. List<MimePart> returnedMIMEParts = ExtractMIMEParts(mimeContentType, mimeCharSet, mimeContentTransferEncoding, mimeBody, processingFlags, depth + 1); foreach (MimePart returnedMIMEPart in returnedMIMEParts) mimeParts.Add(returnedMIMEPart); } else { // Keep track of whether this MIME part's body has already been processed. bool processed = false; if (mimeContentTypeToUpper.StartsWith("APPLICATION/PKCS7-SIGNATURE") || mimeContentTypeToUpper.StartsWith("APPLICATION/X-PKCS7-SIGNATURE")) { // Unless a flag has been set to include this *.p7s block, exclude it from attachments. if ((processingFlags & MailMessageProcessingFlags.IncludeSmimeSignedData) == 0) processed = true; // Remember the signature block to use for later verification. signatureBlock = mimeBlocks.Count() - 1; } else if (mimeContentTypeToUpper.StartsWith("APPLICATION/PKCS7-MIME") || mimeContentTypeToUpper.StartsWith("APPLICATION/X-PKCS7-MIME")) { // Unless a flag has been set to include this *.p7m block, exclude it from attachments. processed = (processingFlags & MailMessageProcessingFlags.IncludeSmimeEncryptedEnvelopeData) == 0; // Decrypt the MIME part and recurse through embedded MIME parts. List<MimePart> returnedMIMEParts = ReturnSmimeDecryptedMimeParts(mimeContentType, mimeContentTransferEncoding, mimeBody, processingFlags, depth + 1); if (returnedMIMEParts != null) { foreach (MimePart returnedMIMEPart in returnedMIMEParts) mimeParts.Add(returnedMIMEPart); } else { // If we were unable to decrypt, return this MIME part as-is. processed = false; } } else if (mimeContentTypeToUpper.StartsWith("APPLICATION/MS-TNEF") || mimeFileName.ToUpper() == "WINMAIL.DAT") { // Process the TNEF encoded message. processed = true; TnefEncoding tnef = new TnefEncoding(Convert.FromBase64String(mimeBody)); // If we were unable to extract content from this MIME, include it as an attachment. if ((tnef.Body.Length < 1 && tnef.MimeAttachments.Count < 1) || (processingFlags & MailMessageProcessingFlags.IncludeWinMailData) > 0) processed = false; else { // Unless a flag has been set to include this winmail.dat block, exclude it from attachments. if ((processingFlags & MailMessageProcessingFlags.IncludeWinMailData) > 0) { if (!string.IsNullOrEmpty(tnef.Body)) mimeParts.Add(new MimePart("winmail.dat", tnef.ContentType, "", "", mimeContentTransferEncoding, Encoding.UTF8.GetBytes(tnef.Body))); } foreach (MimePart mimePart in tnef.MimeAttachments) mimeParts.Add(mimePart); } } else if (mimeContentTypeToUpper == "MESSAGE/RFC822") { if ((processingFlags & MailMessageProcessingFlags.IncludeNestedRFC822Messages) > 0) { // Recurse through the RFC822 container. processed = true; mimeDivider = mimeBody.IndexOf("\r\n\r\n"); if (mimeDivider > -1) { mimeHeaders = Functions.UnfoldWhitespace(mimeBody.Substring(0, mimeDivider)); mimeBody = mimeBody.Substring(mimeDivider + 4); mimeContentType = Functions.ReturnBetween(mimeHeaders, "Content-Type:", "\r\n").Trim(); mimeContentTransferEncoding = Functions.ReturnBetween(mimeHeaders, "Content-Transfer-Encoding:", "\r\n").Trim(); mimeCharSet = Functions.ExtractMimeParameter(mimeContentType, "charset").Replace("\"", ""); List<MimePart> returnedMIMEParts = ExtractMIMEParts(mimeContentType, mimeCharSet, mimeContentTransferEncoding, mimeBody, processingFlags, depth + 1); foreach (MimePart returnedMIMEPart in returnedMIMEParts) mimeParts.Add(returnedMIMEPart); } } } if (!processed) { // Decode and add the message to the MIME parts collection. switch (mimeContentTransferEncoding.ToLower()) { case "base64": mimeBody = mimeBody.Replace("\r\n", ""); if (mimeBody.Length % 4 != 0) mimeBody += new String('=', 4 - (mimeBody.Length % 4)); mimeParts.Add(new MimePart(mimeFileName, mimeContentType, mimeCharSet, mimeContentID, mimeContentTransferEncoding, Convert.FromBase64String(mimeBody))); break; case "quoted-printable": mimeParts.Add(new MimePart(mimeFileName, mimeContentType, mimeCharSet, mimeContentID, mimeContentTransferEncoding, Functions.FromQuotedPrintable(mimeBody, mimeCharSet, null))); break; case "binary": case "7bit": case "8bit": default: mimeParts.Add(new MimePart(mimeFileName, mimeContentType, mimeCharSet, mimeContentID, mimeContentTransferEncoding, mimeBody)); break; } } } } cursor = mimeEndPosition; } else cursor = -1; } // If a PKCS signature was found and there's one other MIME part, verify the signature. if (signatureBlock > -1 && mimeBlocks.Count == 2) { // Verify the signature and track the signing certificates. X509Certificate2Collection signingCertificates; if (VerifySmimeSignature(mimeBlocks[signatureBlock], mimeBlocks[1 - signatureBlock], out signingCertificates)) { // Stamp each MIME part found so far as signed, and if relevant, triple wrapped. foreach (MimePart mimePart in mimeParts) { mimePart.SmimeSigningCertificates = signingCertificates; if (mimePart.SmimeSigned && mimePart.SmimeEncryptedEnvelope) mimePart.SmimeTripleWrapped = true; mimePart.SmimeSigned = true; } } } } else if (contentTypeToUpper.StartsWith("APPLICATION/MS-TNEF")) { // Process the TNEF encoded message. TnefEncoding tnef = new TnefEncoding(Convert.FromBase64String(body)); // Unless a flag has been set to include this winmail.dat block, exclude it from attachments. if ((processingFlags & MailMessageProcessingFlags.IncludeWinMailData) > 0) { if (!string.IsNullOrEmpty(tnef.Body)) mimeParts.Add(new MimePart("winmail.dat", tnef.ContentType, "", "", "", Encoding.UTF8.GetBytes(tnef.Body))); } foreach (MimePart mimePart in tnef.MimeAttachments) mimeParts.Add(mimePart); } else if (contentTypeToUpper.StartsWith("APPLICATION/PKCS7-MIME") || contentTypeToUpper.StartsWith("APPLICATION/X-PKCS7-MIME")) { // Don't attempt to decrypt if this is a signed message only. if (contentType.IndexOf("smime-type=signed-data") < 0) { // Unless a flag has been set to include this *.p7m block, exclude it from attachments. if ((processingFlags & MailMessageProcessingFlags.IncludeSmimeEncryptedEnvelopeData) > 0) mimeParts.Add(new MimePart("smime.p7m", contentType, "", "", "", body)); // Decrypt the MIME part and recurse through embedded MIME parts. List<MimePart> returnedMIMEParts = ReturnSmimeDecryptedMimeParts(contentType, contentTransferEncoding, body, processingFlags, depth + 1); if (returnedMIMEParts != null) { foreach (MimePart returnedMIMEPart in returnedMIMEParts) mimeParts.Add(returnedMIMEPart); } else { // If we were unable to decrypt the message, pass it along as-is. mimeParts.Add(new MimePart(Functions.ReturnBetween(contentType + ";", "name=", ";").Replace("\"", ""), contentType, "", "", contentTransferEncoding, body)); } } else { // Hydrate the signature CMS object. SignedCms signedCms = new SignedCms(); try { // Attempt to decode the signature block and verify the passed in signature. signedCms.Decode(Convert.FromBase64String(body)); signedCms.CheckSignature(true); string mimeContents = Encoding.UTF8.GetString(signedCms.ContentInfo.Content); int mimeDivider = mimeContents.IndexOf("\r\n\r\n"); string mimeHeaders; if (mimeDivider > -1) mimeHeaders = mimeContents.Substring(0, mimeDivider); else mimeHeaders = mimeContents; if (mimeHeaders.Length > 0) { // Extract the body portion of the current MIME part. string mimeBody = mimeContents.Substring(mimeDivider + 4); string mimeCharSet = "", mimeContentDisposition = "", mimeContentID = "", mimeContentType = "", mimeContentTransferEncoding = "", mimeFileName = ""; ExtractMimeHeaders(mimeHeaders, out mimeContentType, out mimeCharSet, out mimeContentTransferEncoding, out mimeContentDisposition, out mimeFileName, out mimeContentID); List<MimePart> returnedMIMEParts = ExtractMIMEParts(mimeContentType, mimeCharSet, mimeContentTransferEncoding, mimeBody, processingFlags, depth + 1); foreach (MimePart returnedMIMEPart in returnedMIMEParts) mimeParts.Add(returnedMIMEPart); } } catch { // If an exception occured, the signature could not be verified. } } } else if (contentTypeToUpper == "MESSAGE/RFC822") { int mimeDivider = body.IndexOf("\r\n\r\n"); if (mimeDivider > -1) { string mimeHeaders = Functions.UnfoldWhitespace(body.Substring(0, mimeDivider)); string mimeBody = body.Substring(mimeDivider + 4); string mimeContentType = Functions.ReturnBetween(mimeHeaders, "Content-Type:", "\r\n").Trim(); string mimeContentTransferEncoding = Functions.ReturnBetween(mimeHeaders, "Content-Transfer-Encoding:", "\r\n").Trim(); string mimeCharSet = Functions.ExtractMimeParameter(mimeContentType, "charset"); List<MimePart> returnedMIMEParts = ExtractMIMEParts(mimeContentType, mimeCharSet, mimeContentTransferEncoding, mimeBody, processingFlags, depth + 1); foreach (MimePart returnedMIMEPart in returnedMIMEParts) mimeParts.Add(returnedMIMEPart); } } else { // Decode the message. switch (contentTransferEncoding.ToLower()) { case "base64": body = Functions.FromBase64(body); break; case "quoted-printable": body = Functions.FromQuotedPrintable(body, charSet, null); break; case "binary": case "7bit": case "8bit": break; } // If we're beyond the first layer, process the MIME part. Otherwise, the message isn't MIME encoded. if (depth > 0) { // Extract the headers from this MIME part. string mimeHeaders; int mimeDivider = body.IndexOf("\r\n\r\n"); if (mimeDivider > -1) mimeHeaders = body.Substring(0, mimeDivider); else mimeHeaders = body; // Divide the MIME part's headers into its components. string mimeCharSet = "", mimeContentDisposition = "", mimeContentID = "", mimeContentType = "", mimeContentTransferEncoding = "", mimeFileName = ""; ExtractMimeHeaders(mimeHeaders, out mimeContentType, out mimeCharSet, out mimeContentTransferEncoding, out mimeContentDisposition, out mimeFileName, out mimeContentID); // If this MIME part's content type is null, fall back to the overall content type. if ((string.IsNullOrEmpty(mimeContentType) && !string.IsNullOrEmpty(contentType)) || (contentTypeToUpper.StartsWith("MESSAGE/PARTIAL"))) { mimeCharSet = charSet; mimeContentType = contentType; } else { if (body.Length > (mimeDivider + 4)) body = body.Substring(mimeDivider + 4); else body = ""; } // Add the message to the MIME parts collection. mimeParts.Add(new MimePart(mimeFileName, mimeContentType, mimeCharSet, mimeContentID, mimeContentTransferEncoding, body)); } else { // If the content type contains a character set, extract it. charSet = Functions.NormalizeCharSet(Functions.ExtractMimeParameter(contentType, "charset")); int semicolonPos = contentType.IndexOf(";"); if (semicolonPos > -1) contentType = contentType.Substring(0, semicolonPos); // Add the message as-is. mimeParts.Add(new MimePart("", contentType, charSet, "", contentTransferEncoding, body)); } } return mimeParts; }
internal static X509Certificate GetSignerCertificate(Stream stream) { stream.Seek(60, SeekOrigin.Begin); BinaryReader br = new BinaryReader(stream); int peSignatureOffset = br.ReadInt32(); int checksumOffset = peSignatureOffset + 24 + 64; // seek to the IMAGE_OPTIONAL_HEADER stream.Seek(peSignatureOffset + 24, SeekOrigin.Begin); int certificateTableDataDirectoryOffset; switch (br.ReadUInt16()) { case IMAGE_NT_OPTIONAL_HDR32_MAGIC: certificateTableDataDirectoryOffset = peSignatureOffset + 24 + (64 + 4 * 8) + 8 * 4; break; case IMAGE_NT_OPTIONAL_HDR64_MAGIC: certificateTableDataDirectoryOffset = peSignatureOffset + 24 + (64 + 4 * 8 + 16) + 8 * 4; break; default: throw new BadImageFormatException(); } stream.Seek(certificateTableDataDirectoryOffset, SeekOrigin.Begin); int certificateTableOffset = br.ReadInt32(); int certificateTableLength = br.ReadInt32(); stream.Seek(certificateTableOffset, SeekOrigin.Begin); int dwLength = br.ReadInt32(); short wRevision = br.ReadInt16(); short wCertificateType = br.ReadInt16(); if (wRevision != WIN_CERT_REVISION_2_0) { return null; } if (wCertificateType != WIN_CERT_TYPE_PKCS_SIGNED_DATA) { return null; } byte[] buf = new byte[certificateTableLength - 8]; stream.Read(buf, 0, buf.Length); SignedCms cms = new SignedCms(); try { cms.Decode(buf); cms.CheckSignature(false); } catch (CryptographicException) { return null; } SignerInfo signerInfo = cms.SignerInfos[0]; int[] offsets = new int[] { checksumOffset, certificateTableDataDirectoryOffset, certificateTableOffset }; int[] lengths = new int[] { 4, 8, certificateTableLength }; byte[] actualHash = ComputeHashWithSkip(stream, signerInfo.DigestAlgorithm.FriendlyName, offsets, lengths); byte[] requiredHash = DecodeASN1(cms.ContentInfo.Content, 0, 1, 1); if (requiredHash == null || actualHash.Length != requiredHash.Length) { return null; } for (int i = 0; i < actualHash.Length; i++) { if (actualHash[i] != requiredHash[i]) { return null; } } return signerInfo.Certificate; }
public bool CheckSignature (SignedCms cms) { try { cms.CheckSignature (false); return true; } catch { } return false; }
private void RoundTrip (byte[] encoded) { SignedCms sp = new SignedCms (); sp.Decode (encoded); sp.CheckSignature (true); }
public void CheckSignatureCmsSignerUnknown () { byte[] signature = { 0x30, 0x82, 0x03, 0x4C, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x02, 0xA0, 0x82, 0x03, 0x3D, 0x30, 0x82, 0x03, 0x39, 0x02, 0x01, 0x01, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A, 0x05, 0x00, 0x30, 0x11, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x01, 0xA0, 0x04, 0x04, 0x02, 0x05, 0x00, 0xA0, 0x82, 0x02, 0x2E, 0x30, 0x82, 0x02, 0x2A, 0x30, 0x82, 0x01, 0x97, 0xA0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x10, 0x91, 0xC4, 0x4B, 0x0D, 0xB7, 0xD8, 0x10, 0x84, 0x42, 0x26, 0x71, 0xB3, 0x97, 0xB5, 0x00, 0x97, 0x30, 0x09, 0x06, 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1D, 0x05, 0x00, 0x30, 0x28, 0x31, 0x26, 0x30, 0x24, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x1D, 0x4D, 0x6F, 0x74, 0x75, 0x73, 0x20, 0x54, 0x65, 0x63, 0x68, 0x6E, 0x6F, 0x6C, 0x6F, 0x67, 0x69, 0x65, 0x73, 0x20, 0x69, 0x6E, 0x63, 0x2E, 0x28, 0x74, 0x65, 0x73, 0x74, 0x29, 0x30, 0x1E, 0x17, 0x0D, 0x30, 0x33, 0x30, 0x38, 0x31, 0x33, 0x30, 0x30, 0x34, 0x33, 0x34, 0x37, 0x5A, 0x17, 0x0D, 0x33, 0x39, 0x31, 0x32, 0x33, 0x31, 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5A, 0x30, 0x13, 0x31, 0x11, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x08, 0x46, 0x41, 0x52, 0x53, 0x43, 0x41, 0x50, 0x45, 0x30, 0x81, 0x9F, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8D, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xD2, 0xCB, 0x47, 0x21, 0xF5, 0x62, 0xDD, 0x35, 0xBF, 0x1D, 0xEC, 0x9A, 0x4C, 0x07, 0x2C, 0x01, 0xF0, 0x28, 0xC2, 0x82, 0x17, 0x8E, 0x58, 0x32, 0xD5, 0x4C, 0xAC, 0x86, 0xB4, 0xC9, 0xEB, 0x21, 0x26, 0xF3, 0x22, 0x30, 0xC5, 0x7A, 0xA3, 0x5A, 0xDD, 0x53, 0xAB, 0x1C, 0x06, 0x3E, 0xB2, 0x13, 0xC4, 0x05, 0x1D, 0x95, 0x8B, 0x0A, 0x71, 0x71, 0x11, 0xA7, 0x47, 0x26, 0x61, 0xF1, 0x76, 0xBE, 0x35, 0x72, 0x32, 0xC5, 0xCB, 0x47, 0xA4, 0x22, 0x41, 0x1E, 0xAD, 0x29, 0x11, 0x0D, 0x39, 0x22, 0x0C, 0x79, 0x90, 0xC6, 0x52, 0xA1, 0x10, 0xF6, 0x55, 0x09, 0x4E, 0x51, 0x26, 0x47, 0x0E, 0x94, 0xE6, 0x81, 0xF5, 0x18, 0x6B, 0x99, 0xF0, 0x76, 0xF3, 0xB2, 0x4C, 0x91, 0xE9, 0xBA, 0x3B, 0x3F, 0x6E, 0x63, 0xDA, 0x12, 0xD1, 0x0B, 0x73, 0x0E, 0x12, 0xC7, 0x70, 0x77, 0x22, 0x03, 0x9D, 0x5D, 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x72, 0x30, 0x70, 0x30, 0x13, 0x06, 0x03, 0x55, 0x1D, 0x25, 0x04, 0x0C, 0x30, 0x0A, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x30, 0x59, 0x06, 0x03, 0x55, 0x1D, 0x01, 0x04, 0x52, 0x30, 0x50, 0x80, 0x10, 0xAE, 0xD7, 0x80, 0x88, 0xA6, 0x3D, 0xBA, 0x50, 0xA1, 0x7E, 0x57, 0xE5, 0x40, 0xC9, 0x6F, 0xC5, 0xA1, 0x2A, 0x30, 0x28, 0x31, 0x26, 0x30, 0x24, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x1D, 0x4D, 0x6F, 0x74, 0x75, 0x73, 0x20, 0x54, 0x65, 0x63, 0x68, 0x6E, 0x6F, 0x6C, 0x6F, 0x67, 0x69, 0x65, 0x73, 0x20, 0x69, 0x6E, 0x63, 0x2E, 0x28, 0x74, 0x65, 0x73, 0x74, 0x29, 0x82, 0x10, 0x9D, 0xAE, 0xA3, 0x39, 0x47, 0x0E, 0xD4, 0xA2, 0x49, 0x78, 0xEA, 0x6C, 0xBA, 0x0D, 0xDE, 0x9C, 0x30, 0x09, 0x06, 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1D, 0x05, 0x00, 0x03, 0x81, 0x81, 0x00, 0x32, 0x8A, 0x7E, 0xAD, 0xE7, 0x67, 0x9E, 0x5C, 0x4C, 0xD8, 0x33, 0x59, 0x68, 0xCF, 0x94, 0xC0, 0x36, 0x47, 0x7A, 0xA7, 0x85, 0xC2, 0xDD, 0xD8, 0xDA, 0x11, 0x3C, 0x66, 0xC1, 0x83, 0xE3, 0xAB, 0x33, 0x06, 0x7C, 0xE3, 0x6A, 0x15, 0x72, 0xB8, 0x83, 0x3D, 0x0B, 0xAB, 0x3C, 0xEE, 0x75, 0x13, 0xBD, 0x5C, 0x96, 0x25, 0x56, 0x36, 0x05, 0xFA, 0xAE, 0xD4, 0xF4, 0xCF, 0x52, 0xEC, 0x11, 0xB5, 0xEA, 0x9F, 0x20, 0xA3, 0xC8, 0x34, 0x72, 0x59, 0x09, 0x51, 0xE7, 0x36, 0x87, 0x86, 0x86, 0x98, 0xB5, 0x30, 0x7B, 0xFB, 0x3D, 0xCC, 0x5E, 0xE8, 0xC9, 0x49, 0xE0, 0xC6, 0xEA, 0x02, 0x76, 0x01, 0xE0, 0xBB, 0x8A, 0x70, 0xEB, 0x07, 0x86, 0xE8, 0x04, 0xE7, 0x48, 0xE4, 0x6C, 0x90, 0xE6, 0x16, 0x42, 0xB4, 0xBB, 0xC0, 0xC4, 0x82, 0x5F, 0xF8, 0xFB, 0x7E, 0xB2, 0x9E, 0xC2, 0x78, 0x26, 0x86, 0x31, 0x81, 0xE1, 0x30, 0x81, 0xDE, 0x02, 0x01, 0x01, 0x30, 0x3C, 0x30, 0x28, 0x31, 0x26, 0x30, 0x24, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x1D, 0x4D, 0x6F, 0x74, 0x75, 0x73, 0x20, 0x54, 0x65, 0x63, 0x68, 0x6E, 0x6F, 0x6C, 0x6F, 0x67, 0x69, 0x65, 0x73, 0x20, 0x69, 0x6E, 0x63, 0x2E, 0x28, 0x74, 0x65, 0x73, 0x74, 0x29, 0x02, 0x10, 0x91, 0xC4, 0x4B, 0x0D, 0xB7, 0xD8, 0x10, 0x84, 0x42, 0x26, 0x71, 0xB3, 0x97, 0xB5, 0x00, 0x97, 0x30, 0x09, 0x06, 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A, 0x05, 0x00, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x81, 0x80, 0x45, 0x88, 0x80, 0x58, 0xC7, 0x4F, 0xE4, 0xD8, 0x88, 0xB0, 0xC0, 0x08, 0x70, 0x84, 0xCC, 0x8E, 0xA7, 0xF1, 0xA4, 0x07, 0x41, 0x14, 0x3E, 0xF5, 0xEA, 0x6E, 0x05, 0x75, 0xB8, 0x58, 0xAA, 0x5C, 0x0E, 0xFD, 0x7A, 0x07, 0x09, 0xE1, 0x80, 0x94, 0xBD, 0xAA, 0x45, 0xBB, 0x55, 0x9C, 0xC2, 0xD9, 0x72, 0x14, 0x4B, 0xA4, 0x64, 0xFB, 0x38, 0x9F, 0xD3, 0x22, 0xED, 0xB3, 0x0B, 0xF7, 0xAE, 0x4D, 0xE6, 0x65, 0x4D, 0x2A, 0x31, 0x18, 0xB5, 0xB4, 0x2D, 0x9E, 0x4E, 0xD7, 0xC0, 0x44, 0x5F, 0xAC, 0x43, 0xDC, 0x4F, 0x3D, 0x6D, 0x2C, 0x8C, 0xA1, 0xFE, 0x08, 0x38, 0xB7, 0xC4, 0xC4, 0x08, 0xDB, 0xF8, 0xF0, 0xC1, 0x55, 0x54, 0x49, 0x9D, 0xA4, 0x7F, 0x76, 0xDE, 0xF4, 0x29, 0x1C, 0x0B, 0x95, 0x10, 0x90, 0xB5, 0x0A, 0x9A, 0xEC, 0xCA, 0x89, 0x9A, 0x85, 0x92, 0x76, 0x78, 0x6F, 0x97, 0x67 }; SignedCms sp = new SignedCms (); sp.Decode (signature); sp.CheckSignature (true); CheckSignatureProperties (sp, 1); }
/// <summary> /// Verify the S/MIME signature. /// </summary> /// <param name="signatureBlock">The S/MIME signature block.</param> /// <param name="body">The message's raw body.</param> /// <param name="signingCertificates">Collection of certificates to be used when signing.</param> public static bool VerifySmimeSignature(string signatureBlock, string body, out X509Certificate2Collection signingCertificates) { // Ignore MIME headers for the signature block. signatureBlock = signatureBlock.Substring(signatureBlock.IndexOf("\r\n\r\n") + 4); // Bypass any leading carriage returns and line feeds in the body. int bodyOffset = 0; while (body.Substring(bodyOffset).StartsWith("\r\n")) bodyOffset += 2; // Hydrate the signature CMS object. ContentInfo contentInfo = new ContentInfo(Encoding.UTF8.GetBytes(body.Substring(bodyOffset))); SignedCms signedCms = new SignedCms(contentInfo, true); try { // Attempt to decode the signature block and verify the passed in signature. signedCms.Decode(Convert.FromBase64String(signatureBlock)); signedCms.CheckSignature(true); signingCertificates = signedCms.Certificates; return true; } catch { // If an exception occured, the signature could not be verified. signingCertificates = null; return false; } }
/// <summary> /// Checks if signature is valid and data not altered. /// </summary> /// <returns>Returns true if signature is valid, otherwise false.</returns> /// <remarks>This method is valid only if <b>Content-Type</b> parameter <b>smime-type=signed-data</b>.</remarks> /// <exception cref="InvalidOperationException">Is raised when <b>smime-type != signed-data</b>.</exception> public bool VerifySignature() { if(!string.Equals(this.Entity.ContentType.Parameters["smime-type"],"signed-data",StringComparison.InvariantCultureIgnoreCase)){ throw new InvalidOperationException("The VerifySignature method is only valid if Content-Type parameter smime-type=signed-data."); } // Check this.Data exists. if(this.Data == null){ return false; } try{ SignedCms signedCms = new SignedCms(); signedCms.Decode(this.Data); signedCms.CheckSignature(true); return true; } catch{ } return false; }
private bool VerifySignatureTimestamp(XmlElement signatureNode, XmlNamespaceManager nsm, out DateTime verificationTime) { verificationTime = DateTime.Now; XmlElement node = signatureNode.SelectSingleNode("ds:Object/as:Timestamp", nsm) as XmlElement; if (node != null) { string encodedMessage = node.InnerText; if (!string.IsNullOrEmpty(encodedMessage)) { byte[] base64DecodedMessage = null; try { base64DecodedMessage = Convert.FromBase64String(encodedMessage); } catch (FormatException) { _authenticodeSignerInfo.ErrorCode = Win32.TRUST_E_TIME_STAMP; throw new CryptographicException(Win32.TRUST_E_TIME_STAMP); } if (base64DecodedMessage != null) { // Create a new, nondetached SignedCms message. SignedCms signedCms = new SignedCms(); signedCms.Decode(base64DecodedMessage); // Verify the signature without validating the // certificate. signedCms.CheckSignature(true); byte[] signingTime = null; CryptographicAttributeObjectCollection caos = signedCms.SignerInfos[0].SignedAttributes; foreach (CryptographicAttributeObject cao in caos) { if (0 == string.Compare(cao.Oid.Value, Win32.szOID_RSA_signingTime, StringComparison.Ordinal)) { foreach (AsnEncodedData d in cao.Values) { if (0 == string.Compare(d.Oid.Value, Win32.szOID_RSA_signingTime, StringComparison.Ordinal)) { signingTime = d.RawData; Pkcs9SigningTime time = new Pkcs9SigningTime(signingTime); verificationTime = time.SigningTime; return true; } } } } } } } return false; }
public override bool VerifyFile(string filePath, ref List< KeyValuePair<X509Certificate2, bool>> verifiedCMS) { byte[] DataDigest = new byte[0]; byte[] EncodedCMS = new byte[0]; //digest of the data without the signature(s) DataDigest = Hash(filePath); //signatures found in the file List<String> Signatures = ExtractAllSignatures(filePath); if (Signatures.Count < 1) throw new NoSignatureFoundException(filePath); //Content information created from the data digest ContentInfo StepContent = new ContentInfo(DataDigest); SignedCms SignedCMS = new SignedCms(StepContent, true); List<KeyValuePair<X509Certificate2, bool>> UsedCertificates = new List<KeyValuePair<X509Certificate2, bool>>(); //B1.List<KeyValuePair<String,KeyValuePair<X509Certificate2, bool>>> UsedCertificates = new List<KeyValuePair<String, KeyValuePair<X509Certificate2, bool>>>(); bool Validation = true; foreach (String Signature in Signatures) { SignedCMS.Decode(Convert.FromBase64String(Signature)); SignerInfoEnumerator Enumerator = SignedCMS.SignerInfos.GetEnumerator(); if (!Enumerator.MoveNext()) throw new InvalidSignerInformationException(Signature); try { //after decoding the signed cms, we check the signature SignedCMS.CheckSignature(true); UsedCertificates.Add(new KeyValuePair<X509Certificate2, bool>(Enumerator.Current.Certificate, true)); //B1.UsedCertificates.Add(new KeyValuePair<string, KeyValuePair<X509Certificate2, bool>>(FilePath,new KeyValuePair<X509Certificate2, bool>(enumerator.Current.Certificate, true))); } catch (System.Security.Cryptography.CryptographicException e) { //signature can't be verified UsedCertificates.Add(new KeyValuePair<X509Certificate2, bool>(Enumerator.Current.Certificate, true)); //B1.UsedCertificates.Add(new KeyValuePair<string, KeyValuePair<X509Certificate2, bool>>(FilePath, new KeyValuePair<X509Certificate2, bool>(enumerator.Current.Certificate, false))); Validation = false; } } //B1.VerifiedCMS = MoveTo(UsedCertificates, VerifiedCMS); verifiedCMS = UsedCertificates; return Validation; }
private TimestampInformation GetTimestampInformation(X509Native.AXL_AUTHENTICODE_TIMESTAMPER_INFO timestamper, XmlElement licenseNode) { TimestampInformation information = null; if (timestamper.dwError == 0) { return new TimestampInformation(timestamper); } if ((timestamper.dwError == -2146762748) || (timestamper.dwError == -2146762496)) { XmlElement element = licenseNode.SelectSingleNode("r:issuer/ds:Signature/ds:Object/as:Timestamp", this.m_namespaceManager) as XmlElement; if (element == null) { return information; } byte[] encodedMessage = Convert.FromBase64String(element.InnerText); try { SignedCms cms = new SignedCms(); cms.Decode(encodedMessage); cms.CheckSignature(true); return null; } catch (CryptographicException exception) { return new TimestampInformation((SignatureVerificationResult) Marshal.GetHRForException(exception)); } } return null; }
public override bool VerifyFile(string filePath, ref List<KeyValuePair<X509Certificate2, bool>> verifiedCMS) { byte[] DataDigest = new byte[0]; byte[] BlockDigest = new byte[0]; signatureBlock = new Elements(ExtractBlocks(filePath), false); //digest of the data without the signature(s) DataDigest = Hash(filePath); //signatures found in the file Dictionary<string, string> Signatures = ExtractAllSignatures(filePath); if (Signatures.Count < 1) throw new NoSignatureFoundException(filePath); List<KeyValuePair<X509Certificate2, bool>> UsedCertificates = new List<KeyValuePair<X509Certificate2, bool>>(); bool Validation = true; foreach (String Signature in Signatures.Keys) { BlockDigest = HashFunction.ComputeHash(new MemoryStream(System.Text.Encoding.UTF8.GetBytes(Signatures[Signature]))); byte[] merkleHash = new byte[DataDigest.Length + BlockDigest.Length]; Array.Copy(DataDigest, merkleHash, DataDigest.Length); Array.Copy(BlockDigest, 0, merkleHash, DataDigest.Length, BlockDigest.Length); //Content information created from the data digest ContentInfo StepContent = new ContentInfo(merkleHash); SignedCms SignedCMS = new SignedCms(StepContent, true); SignedCMS.Decode(Convert.FromBase64String(Signature)); SignerInfoEnumerator Enumerator = SignedCMS.SignerInfos.GetEnumerator(); if (!Enumerator.MoveNext()) throw new InvalidSignerInformationException(Signature); try { //after decoding the signed cms, we check the signature SignedCMS.CheckSignature(true); UsedCertificates.Add(new KeyValuePair<X509Certificate2, bool>(Enumerator.Current.Certificate, true)); } catch (System.Security.Cryptography.CryptographicException e) { //signature can't be verified UsedCertificates.Add(new KeyValuePair<X509Certificate2, bool>(Enumerator.Current.Certificate, false)); Validation = false; } } verifiedCMS = UsedCertificates; return Validation; }
private bool VerifySig(string signeture, string message) { SignedCms cms = null; bool flag; this.CertificateErr = ""; byte[] encodedMessage = Convert.FromBase64String(signeture); ContentInfo contentInfo = new ContentInfo(Encoding.UTF8.GetBytes(message)); cms = new SignedCms(contentInfo, true); X509Chain ch = new X509Chain(); try { cms.Decode(encodedMessage); ch.ChainPolicy.RevocationMode = X509RevocationMode.Offline; ch.ChainPolicy.VerificationFlags = X509VerificationFlags.IgnoreRootRevocationUnknown; if (ch.Build(cms.Certificates[0])) { cms.CheckSignature(true); return true; } string str = this.statuschk(ch); if (str == "CRL does not exist") { cms.CheckSignature(true); return true; } this.CertificateErr = str; flag = false; } catch (Exception exception) { throw exception; } return flag; }
public static bool VerifyDetached(byte[] data, byte[] signature) { ContentInfo content = new ContentInfo(data); SignedCms signedMessage = new SignedCms(content, true); signedMessage.Decode(signature); try { signedMessage.CheckSignature(false); return true; } catch { return false; } }
/// <summary> /// Checks if signature is valid and data not altered. /// </summary> /// <returns>Returns true if signature is valid, otherwise false.</returns> public bool VerifySignature() { // Message is signed when it's saved out. if(m_pSignerCert != null){ return true; } // multipart/signed must always have only 2 entities, otherwise invalid data. if(this.BodyParts.Count != 2){ return false; } // Get signature. It should be 2 entity. MIME_Entity signatureEntity = this.BodyParts[1]; // Store entity to tmp stream. MemoryStream tmpDataEntityStream = new MemoryStream(); this.BodyParts[0].ToStream(tmpDataEntityStream,null,null,false); try{ SignedCms signedCms = new SignedCms(new ContentInfo(tmpDataEntityStream.ToArray()),true); signedCms.Decode(((MIME_b_SinglepartBase)signatureEntity.Body).Data); signedCms.CheckSignature(true); return true; } catch{ return false; } }