充氣城堡的CMS簽名X509證書

Question

我需要將此.Net代碼轉換為BouncyCastle代碼，因為我需要在單聲道中使用

X509Certificate2 certFirmante = LoadCertFromFile("sign.p12");
ContentInfo infoContenido = new ContentInfo(argBytesMsg);

SignedCms cmsFirmado = new SignedCms(infoContenido);
CmsSigner cmsFirmante = new CmsSigner(argCertFirmante);

cmsFirmante.IncludeOption = X509IncludeOption.EndCertOnly;

cmsFirmado.ComputeSignature(cmsFirmante, true);

return cmsFirmado.Encode();

我嘗試使用此代碼，但簽名的數據不相同

CmsSignedDataGenerator gen = new CmsSignedDataGenerator();
CmsEnvelopedDataStreamGenerator dataGenerator = new CmsEnvelopedDataStreamGenerator();


dataGenerator.AddKeyTransRecipient(cert);

// Make the output stream
MemoryStream outStream = new MemoryStream();
// Sign the stream
Stream cryptoStream = dataGenerator.Open(outStream, CmsEnvelopedGenerator.Aes128Cbc);
BinaryWriter binWriter = new BinaryWriter(cryptoStream);
binWriter.Write(datos);

byte[] contenido = new byte[outStream.Length];

outStream.Read(contenido, 0, Convert.ToInt32(outStream.Length));
return contenido;

Answer 1

您想要的可能是這樣的：

byte[] Sign (byte[] argBytesMsg)
{
    var signedData = new CmsSignedDataStreamGenerator ();
    var x509certificate2 = LoadCertFromFile ("sign.p12");
    var cert = DotNetUtilities.FromX509Certificate (x509certificate2);
    var key = DotNetUtilities.GetKeyPair (x509certificate2.PrivateKey);

    signedData.AddSigner (key.PrivateKey, cert, X509ObjectIdentifiers.IdSha1.Id, null, null);

    signedData.AddCertificate (cert);

    using (var memory = new MemoryStream ()) {
        using (var stream = signedData.Open (memory, true))
            stream.Write (argBytesMsg, 0, argBytesMsg.Length);

        return memory.ToArray ();
    }
}

順便說一句，您是否考慮過使用MimeKit而不是自己嘗試這樣做？

MimeKit使用BouncyCastle，因此是跨平台的，並且是完全開源的。