Мобильная версияI have big problem with signature I don't recognized why it's not work.
I want to use AS2 over http with digital signature. My partner use mendelson.
Minimal Story:
I generated private key, certificate and as result .pfx file by following commands:
openssl genrsa -out key.pem 2048
openssl req -new -sha256 -key key.pem -out csr.csr
openssl x509 -req -in csr.csr -signkey key.pem -out cert.crt
openssl pkcs12 -export -in cert.crt -inkey key.pem -out certificate.p12
And firstly I just tried
- hash my "data" by sha256
- sign data with rsa.
When I had sent it, I encountered an error. Error that not recognized hash algorithm.
Question: this error mean that I must use "RFC 6211 - Cryptographic Message Syntax (CMS)"?
And next I tried this c# code:
public byte[] SignData(byte[] data, string p12FilePath, string p12Password) { X509Certificate2 signingCert = new X509Certificate2(p12FilePath, p12Password); ContentInfo content = new ContentInfo(data); SignedCms signedMessage = new SignedCms(content, false); CmsSigner signer = new CmsSigner(SubjectIdentifierType.IssuerAndSerialNumber, signingCert); signer.DigestAlgorithm = new Oid(Oid.FromFriendlyName("SHA256", OidGroup.HashAlgorithm)); signer.IncludeOption = X509IncludeOption.WholeChain; signedMessage.ComputeSignature(signer); byte[] signedBytes = signedMessage.Encode(); return signedBytes; } After that I load data to my http and as result it's have this http format:
// Create multipart form data string boundary = "STARTBOUND_" + Guid.NewGuid().ToString() + "_ENDBOUND"; var formData = new MultipartFormDataContent(boundary); formData.Headers.ContentType = new MediaTypeHeaderValue("multipart/signed"); formData.Headers.ContentType.Parameters.Add(new NameValueHeaderValue("protocol", "\"application/pkcs7-signature\"")); formData.Headers.ContentType.Parameters.Add(new NameValueHeaderValue("micalg", "sha1")); formData.Headers.ContentType.Parameters.Add(new NameValueHeaderValue("boundary", $"\"{boundary}\"")); formData.Headers.ContentDisposition = new ContentDispositionHeaderValue("attachment"); formData.Headers.ContentDisposition.FileName = "smime.p7m"; var fileContentPart = new ByteArrayContent(as2Message); fileContentPart.Headers.ContentType = new MediaTypeHeaderValue("application/EDIFACT"); fileContentPart.Headers.Add("Content-Transfer-Encoding", "binary"); fileContentPart.Headers.ContentDisposition = new ContentDispositionHeaderValue("attachment") { FileName = "data.edifact" }; formData.Add(fileContentPart); var signatureData = SignData(as2Message, _PathToMyPrivateKey, _Passphrase); var signatureContentPart = new StringContent(Convert.ToBase64String(signatureData)); signatureContentPart.Headers.ContentType = new MediaTypeHeaderValue("application/pkcs7-signature"); signatureContentPart.Headers.ContentType.Parameters.Add(new NameValueHeaderValue("name", "smime.p7s")); signatureContentPart.Headers.ContentType.Parameters.Add(new NameValueHeaderValue("smime-type", "signed-data")); signatureContentPart.Headers.Add("Content-Transfer-Encoding", "base64"); signatureContentPart.Headers.ContentDisposition = new ContentDispositionHeaderValue("attachment") { FileName = "smime.p7s" }; formData.Add(signatureContentPart); When I had sent it I received another error: Outbound MDN details: Error verifying the senders digital signature: Verification failed
I 1000 times checked that my certificate is correct - it's correct. My partner tried add this certificate (which I sended to him) to Trusted Certificates store, but it's not helped us. But I don't understand why this error.
In internet I searched that exist
- Signature
- CMS with Sinature (Please explain me one thing: Can I create CMS from scratch? and where example of it. Because in rfc I have only this
Источник: https://stackoverflow.com/questions/781 ... s-and-used
