C＃如何通过电子邮件验证数字签名（编码SeveBit）

Question

我得到了邮件正文和包含数字签名的smime.p7s文件。 我想验证邮件是否由该签名签名。 我正在使用以下代码。

   private bool VerifyCommand(string text, byte[] signature, string certPath)
{   
// Load the certificate file to use to verify the signature from a file
// If using web service or ASP.NET, use: X509Certificate2 cert = new X509Certificate2(Request.ClientCertificate.Certificate);
X509Certificate2 cert = new X509Certificate2(certPath);

// Get public key
RSACryptoServiceProvider csp = (RSACryptoServiceProvider)cert.PublicKey.Key;

// Hash the text, the text is the expected command by the client application.
// Remember hased data cannot be unhash. It is irreversable
SHA1Managed sha1 = new SHA1Managed();
UnicodeEncoding encoding = new UnicodeEncoding();
byte[] data = encoding.GetBytes(text);
byte[] hash = sha1.ComputeHash(data);

// Verify the signature with the hash
return csp.VerifyHash(hash, CryptoConfig.MapNameToOID("SHA1"), signature);
}

byte[] signature是Convert.FromBase64String（mailsignature）之后来自邮件的签名。 string certPath是smime.p7s文件的路径。 （smime.p7s附在邮件上）

这是正文邮件的部分：

------=_NextPart_001_0039_01CC77C1.AFC97230
Content-Type: text/plain;
    charset="us-ascii"
Content-Transfer-Encoding: 7bit

FINAL TEST SIGNED

------=_NextPart_001_0039_01CC77C1.AFC97230

这是Signature附件的一部分：

------=_NextPart_000_0038_01CC77C1.AFC4B740
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIWADCCA7Ew
ggKZoAMCAQICEBErBTlXKN63QvT+VRPTt1EwDQYJKoZIhvcNAQEFBQAwQzEXMBUGA1UEChMOQWxj
YXRlbCBMdWNlbnQxKDAmBgNVBAMTH0FsY2F0ZWwgTHVjZW50IEludGVybmFsIFJvb3QgQ0EwHhcN
MDgxMTAzMTU0MTE2WhcNMjgxMTAzMTU0MTE2WjBDMRcwFQYDVQQKEw5BbGNhdGVsIEx1Y2VudDEo
MCYGA1UEAxMfQWxjYXRlbCBMdWNlbnQgSW50ZXJuYWwgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBAL5IGBVth8afQdnpuLDI0Z37GgIcPWznOOzFJUV1gVbztqQ5CIxkVL4K
...................

我正在使用的方法是否正确？ 是编码写吗？ 或者我必须使用7位？

在这里输入代码

---

Thnx Henning Krause。 我搜查了，我再次陷入困境:(。

public static bool Verify(byte[] signature, X509Certificate2 certificate)
{
   X509Certificate2 cert=new X509Certificate2(@"D:\Work\Digital Signature\smime.p7s");
   certificate = cert;

    if(signature == null)
        throw new ArgumentNullException("signature");
    if(certificate == null)
        throw new ArgumentNullException("certificate");

    //the text from the body of the mail    
    string text = "FINAL TEST SIGNED";
    //hash the text 
     // Methode 3 for Hashing
            System.Security.Cryptography.SHA1 hash3 = System.Security.Cryptography.SHA1.Create();
            System.Text.UnicodeEncoding encoder = new System.Text.UnicodeEncoding();
            byte[] combined = encoder.GetBytes(text);
            byte[] hash3byte = hash3.ComputeHash(combined);

    //Adding the text from the email, to a contentInfo 
      ContentInfo content = new ContentInfo(hash3byte);

    // decode the signature
    SignedCms verifyCms = new SignedCms(content,true);
    verifyCms.Decode(signature);

    // verify it
    try
    {
        verifyCms.CheckSignature(new X509Certificate2Collection(certificate), false);
        return true;
    }
    catch(CryptographicException)
    {
        return false;
    }
} 

我得到CryptographicException“哈希值不正确。” 我只试过verifyCms.CheckSignature(true) ; （同样的错误）我试图在ContentInfo中添加整个邮件（发件人，主题，正文，HTML部分......）（同样的错误）

您能否更具体地说明如何使用SignedCms来解决我的问题？

Answer 1

您应该查看SignedCMS类。 您可以使用该类根据PKCS＃7标准验证签名。

如果您有消息和签名，您将执行以下操作：

var cmsMessage = new SignedCms(new ContentInfo(message), true)
cmsMessage.Decode(signature);
// if no CryptographicException is thrown at this point, the signature holds up. Otherwise it's broken.