充气城堡的CMS签名X509证书

Question

我需要将此.Net代码转换为BouncyCastle代码，因为我需要在单声道中使用

X509Certificate2 certFirmante = LoadCertFromFile("sign.p12");
ContentInfo infoContenido = new ContentInfo(argBytesMsg);

SignedCms cmsFirmado = new SignedCms(infoContenido);
CmsSigner cmsFirmante = new CmsSigner(argCertFirmante);

cmsFirmante.IncludeOption = X509IncludeOption.EndCertOnly;

cmsFirmado.ComputeSignature(cmsFirmante, true);

return cmsFirmado.Encode();

我尝试使用此代码，但签名的数据不相同

CmsSignedDataGenerator gen = new CmsSignedDataGenerator();
CmsEnvelopedDataStreamGenerator dataGenerator = new CmsEnvelopedDataStreamGenerator();


dataGenerator.AddKeyTransRecipient(cert);

// Make the output stream
MemoryStream outStream = new MemoryStream();
// Sign the stream
Stream cryptoStream = dataGenerator.Open(outStream, CmsEnvelopedGenerator.Aes128Cbc);
BinaryWriter binWriter = new BinaryWriter(cryptoStream);
binWriter.Write(datos);

byte[] contenido = new byte[outStream.Length];

outStream.Read(contenido, 0, Convert.ToInt32(outStream.Length));
return contenido;

Answer 1

您想要的可能是这样的：

byte[] Sign (byte[] argBytesMsg)
{
    var signedData = new CmsSignedDataStreamGenerator ();
    var x509certificate2 = LoadCertFromFile ("sign.p12");
    var cert = DotNetUtilities.FromX509Certificate (x509certificate2);
    var key = DotNetUtilities.GetKeyPair (x509certificate2.PrivateKey);

    signedData.AddSigner (key.PrivateKey, cert, X509ObjectIdentifiers.IdSha1.Id, null, null);

    signedData.AddCertificate (cert);

    using (var memory = new MemoryStream ()) {
        using (var stream = signedData.Open (memory, true))
            stream.Write (argBytesMsg, 0, argBytesMsg.Length);

        return memory.ToArray ();
    }
}

顺便说一句，您是否考虑过使用MimeKit而不是自己尝试这样做？

MimeKit使用BouncyCastle，因此是跨平台的，并且是完全开源的。