Databases
StackOverflow2013
Postsdbo
POOpenSSL S/MIME signature with .NET
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POOpenSSL S/MIME signature with .NET
    text
    copied!<p>For an application I'm developing I need to create a signature file before I can upload files. The documentation of it explains how to do this with openssl:</p> <p>First you need to prepare your key:</p> <pre><code>$ openssl pkcs12 -in certificate.pfx -passin pass:xxxxxxxxxx -out pem -clcerts -nokeys $ openssl pkcs12 -in certificate.pfx -passin pass:xxxxxxxxxx -passout pass:xxxxxx -out key </code></pre> <p>After which you can sign any file using the following syntax:</p> <pre><code>$ openssl smime -sign -in inputfile -signer pem -inkey key -passin pass:xxxxxx -outform PEM -out signaturefile </code></pre> <p>This works, but I'd rather avoid having to run an external program just to create signature files if it's possible to do it with native .NET code.</p> <p>I've tried to code this in vb.net and got the following:</p> <pre><code>Public Shared Sub SignFile(ByVal theFilename As String, ByVal theCertFile As String, ByVal thePassword As String, ByVal theDestination As String) Dim aCertificate = New X509Certificates.X509Certificate2(theCertFile, thePassword) Dim aByteArray = IO.File.ReadAllBytes(theFilename) Dim anOid = New System.Security.Cryptography.Oid("1.2.840.113549.1.7.2") Dim aContentInfo = New Pkcs.ContentInfo(anOid, aByteArray) Dim aSignedCms = New Pkcs.SignedCms(aContentInfo, True) Dim aCmsSigner = New Pkcs.CmsSigner(Pkcs.SubjectIdentifierType.IssuerAndSerialNumber, aCertificate) aSignedCms.ComputeSignature(aCmsSigner) Dim aSignature = Convert.ToBase64String(aSignedCms.Encode()) IO.File.WriteAllText(theDestination, Convert.ToBase64String(anOutput.ToArray())) End Sub </code></pre> <p>The file it makes isn't exactly what openssl expects: I still need to insert the <code>-----BEGIN PKCS7-----</code> and <code>-----END PKCS7-----</code> and add in line breaks so that lines aren't longer than 65 characters. But, even after doing that, the signature I made this way isn't valid, when I check with openssl I get the following error:</p> <pre><code>5768:error:21071065:PKCS7 routines:PKCS7_signatureVerify:digest failure:.\crypto\pkcs7\pk7_doit.c:1051: 5768:error:21075069:PKCS7 routines:PKCS7_verify:signature failure:.\crypto\pkcs7\pk7_smime.c:410: </code></pre> <p>I think I'm forgetting a small detail somewhere, but I can't just figure out what.</p> <p>Can anyone help me out make that code work? And if not, point to a .NET library that has such functionality with possibly an example of how to do it?</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload