[英]How do I sign an email message with a certificate and private key?
So I'm trying to sign an email using an X509Certificate2 that has been selected by a user. 因此,我正在尝试使用用户已选择的X509Certificate2签署电子邮件。 I've been trying to do this using MimeKit but the documentation for this appears to be old.
我一直在尝试使用MimeKit进行此操作,但是此文档似乎很旧。
This is how they tell you to do this on the github page (found here ) 这就是他们告诉您如何在github页面上执行此操作(在此处找到)
using (var ctx = new MySecureMimeContext ()) {
var certificate = GetJoeysX509Certificate ();
var signer = new CmsSigner (certificate);
signer.DigestAlgorithm = DigestAlgorithm.Sha1;
message.Body = MultipartSigned.Create (ctx, signer, body);
}
The first issue I have is that the above is using 我的第一个问题是以上内容正在使用
Org.BouncyCastle.X509.X509Certificate
and I am getting the certificate from X509Store() which uses 我从X509Store()获得证书,该证书使用
System.Security.Cryptography.X509Certificates.X509Certificate2
ie 即
X509Store store = new X509Store("My");
store.Open(OpenFlags.ReadOnly);
// bind to dropdownlist for user to select...
store.Close();
This suggests that I should be retrieving my list of certificates using some other method (one that I haven't been able to find any documentation for). 这表明我应该使用其他方法(我无法为其找到任何文档的方法)来检索证书列表。
My second problem is that, CmsSigner requires a second argument (AsymmetricKeyParameter), not one, as shown in the example. 我的第二个问题是,CmsSigner需要第二个参数(AsymmetricKeyParameter),而不是一个,如示例所示。
So my questions are: 所以我的问题是:
To get an Org.BouncyCastle.X509.X509Certificate
from a System.Security.Cryptography.X509Certificates.X509Certificate2
, you can use the following code snippet: 要从
System.Security.Cryptography.X509Certificates.X509Certificate2
获取Org.BouncyCastle.X509.X509Certificate
,可以使用以下代码片段:
static bool TryGetCertificateAndPrivateKey (X509Certificate2 x509Certificate2, out Org.BouncyCastle.X509.X509Certificate certificate, out AsymmetricKeyParameter privateKey)
{
if (x509Certificate2 == null || !x509Certificate.HasPrivateKey) {
certificate = null;
privateKey = null;
return false;
}
var keyPair = Org.BouncyCastle.Security.DotNetUtilities.GetKeyPair (x509Certificate2.PrivateKey);
certificate = Org.BouncyCastle.Security.DotNetUtilities.FromX509Certificate (x509Certificate2);
privateKey = keyPair.Private;
return true;
}
I'll add a new CmsSigner constructor that takes an X509Certificate2 that does the conversion for you in the next release of MimeKit. 我将添加一个新的CmsSigner构造函数,该构造函数采用X509Certificate2,在下一个MimeKit版本中为您进行转换。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.