驗證從AS2貿易伙伴收到的pkcs7簽名
[英]Verify pkcs7 Signature received from AS2 trading partner
問題描述
我收到貿易伙伴的AS2消息。 我已經成功解密了它,它具有以下內容:
Content-Type: multipart/signed; boundary="----1E2FB76A361B53C9D12B3971C32BC0D8"; protocol="application/pkcs7-signature"; micalg="sha-256"
------1E2FB76A361B53C9D12B3971C32BC0D8
Content-Transfer-Encoding: binary
Content-Disposition: attachment; filename="edi.dat"
Content-Type: application/octet-stream; charset="ascii"; name="edi.dat"
ISA*00* *00* *ZZ*SPSAS2 *ZZ*SPSAS2 *140919*1159*|*00501*100000001*0*P*>
GS*PO*AS2S3REC*AS2S3SEND*20140919*1159*123*X*005010
ST*850*1234
BEG*00*SA*SPSAS2TEST**20121017
REF*IA*TEST
PER*OC*Someone*TE*2844994944
DTM*001*20121025
N1*ST*SomeoneElse
N3*My address is private
N4*ST THOMAS*VI*00801
PO1*54812*1*EA***SK*123546*VP*123546*UP*123456987111
CTT*1
SE*11*1234
GE*1*123
IEA*1*100000001
------1E2FB76A361B53C9D12B3971C32BC0D8
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Type: application/pkcs7-signature; name="smime.p7s"
MIIL5gYJKoZIhvcNAQcCoIIL1zCCC9MCAQExDzANBglghkgBZQMEAgEFADALBgkq
hkiG9w0BBwGgggg3MIIIMzCCBxugAwIBAgIQCq+jbObLeCwtsdF61BAtBzANBgkq
hkiG9w0BAQsFADBNMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5j
MScwJQYDVQQDEx5EaWdpQ2VydCBTSEEyIFNlY3VyZSBTZXJ2ZXIgQ0EwHhcNMTgw
MjA5MDAwMDAwWhcNMjEwMjE3MTIwMDAwWjCBgjELMAkGA1UEBhMCVVMxEjAQBgNV
BAgTCU1pbm5lc290YTEUMBIGA1UEBxMLTWlubmVhcG9saXMxGzAZBgNVBAoTElNQ
UyBDb21tZXJjZSwgSW5jLjELMAkGA1UECxMCSVQxHzAdBgNVBAMTFnNwc2FzMi5j
b21tZXJjZXZhbi5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCw
1fJZ14+32k+Qutklk2+YYxaPMe2ASv41lfR5945H6M2SmdgFqqF2LPNZqWofcBPQ
HbMWctbBHOW1shOS2XvBRUFT5tuyQKcG4iYz7FEHFGpu4oGyC0eUYSuBBtTQMmRi
zk8bMwwNhRUUyzxa/y3OePK0lEDdaQsSKi8WHLkfkVZBo7Lk9CPyR4WZ8q8uo/qW
tNMDbk1Fn2CtXqYrXFTmLJ81ScXGTp5zoIUhrkGcUzumK+25EBT9p+2XcVMCUj9S
LY1DWyTnWx2mgT0ekeHM0pXV2MPDuUG99SiQB4Q0CH0I3J4ZafP2rCzBVkvNlTFJ
ZojaQyfcP9W73ZiYSgUmQ3mCa/BjACTO8wztu9DBelUNVjSxCYysGUdKNyl6hAAI
OAPe8z0mmDCVA7S4rnTYkliW+2JQdOTaKc0GOiaHQjrd+Gta1aAJHRR1pxjSX2FC
apS3DkiJl4i5vdyPZM53QhS51XCxGHtCCcJ574MIPkthI4SLwKJkk6rSgvb7B0ai
7jbDmvp1FjY0SgKoHyN+QNH1J4rMeK7IUp2N0R+YrJa6kEaocIptSoPToDGKWk+o
qAx65r3T2n21jEfiCzN6JyqxNfE1T35Pekpvu4ioUEfW1ICf6AOQ5oQHWLr/Fhk2
sVzptYw5Lmtkb/sPGP1R/hBy88HAlTAh+QFrRJHHWwIDAQABo4ID1zCCA9MwHwYD
VR0jBBgwFoAUD4BhHIIxYdUvKOeNRji0LOHG2eIwHQYDVR0OBBYEFJs5x7uPOhBe
2Mp1aThYg8urrQ4FMCEGA1UdEQQaMBiCFnNwc2FzMi5jb21tZXJjZXZhbi5jb20w
DgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBr
BgNVHR8EZDBiMC+gLaArhilodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc3NjYS1z
aGEyLWc2LmNybDAvoC2gK4YpaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL3NzY2Et
c2hhMi1nNi5jcmwwTAYDVR0gBEUwQzA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcC
ARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAIBgZngQwBAgIwfAYIKwYB
BQUHAQEEcDBuMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20w
RgYIKwYBBQUHMAKGOmh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2Vy
dFNIQTJTZWN1cmVTZXJ2ZXJDQS5jcnQwDAYDVR0TAQH/BAIwADCCAfYGCisGAQQB
1nkCBAIEggHmBIIB4gHgAHYApLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN
3BAAAAFhezY//QAABAMARzBFAiEA/peliWFFZt3DPuaO1JekVr9XQhfW/SeCVONq
Rmju3zECIDByDCYP5dzgszieTnkpP3w5dsOfiVmJ+RRmuNORjb0rAHYAh3W/51l8
+IxDmV+9827/Vo1HVjb/SrVgwbTq/16ggw8AAAFhezZA2gAABAMARzBFAiEAmlnD
uPy34+XDxNZU8r0dD4fI+hFJwxQQkatA9zkIzegCIFxT3jLCCf9pVoEIeWYBOv3C
BjVqsn0jDqXLYSVOJTQVAHYAu9nfvB+KcbWTlCOXqpJ7RzhXlQqrUugakJZkNo4e
0YUAAAFhezZAzAAABAMARzBFAiEAwAWMiOFLxRBqVjLc/cktB7SjMujisPPx5WQA
Bat22NoCIAtVJcU2yoj6c66x8o/YI2lfSdZqF46K51WGb6/J79UdAHYAb1N2rDHw
MRnYmQCkURX/dxUcEdkCwQApBo2yCJo32RMAAAFhezZDCwAABAMARzBFAiAqzLuy
gkPgUSELvuB2xF9bFxPOj2YjBoiggQbUGfCMqgIhAL3VnGsi6xXUBswPEMn0M3P5
Cgnz6UGp2M4ItBE69YQnMA0GCSqGSIb3DQEBCwUAA4IBAQBbxA1NvqhkXddENUT5
qHY1pF91metZG38DwUS7c0xgS/LoY/WZZJ2cv0rEMoGCzRwwYijiiTc1MY6muiGE
hpdNja9Tu3bYJ9Z1bkiJJVKknqcqs64ibIbD762a7L/J0O9DzFKHeUwXAhpzT+rh
Z2eIPSR9BpUbiBpok73F/TvW2beJb2ncEiQJujK+UKlB9XeSsghrMOBiGnNJFB5t
Y155GAQb6oGiwRkkhWiJYZOq6riU5dmUbyqAqaxHij6hZOUzDL/fM5oeOpusedR0
4+eYgTe7LBq2teDNjchSceapKRXbbtz4UNDp0Ce3ZQyU4T4ndAsF9QiQnq7478SO
2ZgpMYIDczCCA28CAQEwYTBNMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNl
cnQgSW5jMScwJQYDVQQDEx5EaWdpQ2VydCBTSEEyIFNlY3VyZSBTZXJ2ZXIgQ0EC
EAqvo2zmy3gsLbHRetQQLQcwDQYJYIZIAWUDBAIBBQCggeQwGAYJKoZIhvcNAQkD
MQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTgwODMwMTkxMjQ3WjAvBgkq
hkiG9w0BCQQxIgQgh0UxRgyVkgQvRpk0/2ZBwHWFEqKH5Hu6qgpvjX9ETjUweQYJ
KoZIhvcNAQkPMWwwajALBglghkgBZQMEASowCwYJYIZIAWUDBAEWMAsGCWCGSAFl
AwQBAjAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAw
BwYFKw4DAgcwDQYIKoZIhvcNAwICASgwDQYJKoZIhvcNAQEBBQAEggIAEb1tlBKO
lSv69TDq4Jlhmtqt2szWKZazOhTMDUo68j3rJ6xJS9so7NKrQv+aeo8DdAblU/G/
OD2U6XS5iDdYg94aIyNEjuCZOfvibV8U1PA6WP+8VTo3vEDP0JoAt/NgWJKiKESS
iQ/8waAcLqxECW1Pa11KxdvO6xhJKpNI/xpl/t0007mYrZDseuLZNcyQjOOrP0Kj
E/21geSIyTTN842R0Zg6qTn6XlkPUq/bSa9MnlCUDNGxFn25Uqv+3nYlJhEiGyHa
GQef4vZL1faz7ljxnx/MJKiWAbq07F7tYEHGyVTkO3MGF/wBe8vDlYs3U1T4v+2g
hjEWiOyREYTt9a4XJ1QcscjbGCRl28BajmxBBHibkSM2o5ztLxPUoiEKjY3XQc6J
oHX3Gmj63qMQPQz58AVoalGtwxOxlJiFc0Y13NIydbxMRuxep0XHVNE5XFQGE1K/
2r5iV4pS1f+EarDxfjzkrUwZFYJLdO27DqIL//6m6uTiIgZBXnzqulWlLxX17MCD
2yUOTRPGqo9eRhnrtbeh3PYGXG0zhGSdmzoTQr2mf2k7EDB/48BGvUWeHGsc7sQT
LUrlnLKqiG1uRB4sWTWMtxsKtH8kGP824ihszLh+13IXlMztCEg+kh472KQENguC
Yxt8DzcvxMi0rIsbsC/Thq3nxpFCGDV7m3Q=
------1E2FB76A361B53C9D12B3971C32BC0D8--
它具有“ Base64”格式和“ pkcs7-signature”的簽名。 我無法匹配簽名。 我正在考慮以下部分作為主要數據:
ISA*00* *00* *ZZ*SPSAS2 *ZZ*SPSAS2 *140919*1159*|*00501*100000001*0*P*>
GS*PO*AS2S3REC*AS2S3SEND*20140919*1159*123*X*005010
ST*850*1234
BEG*00*SA*SPSAS2TEST**20121017
REF*IA*TEST
PER*OC*Someone*TE*2844994944
DTM*001*20121025
N1*ST*SomeoneElse
N3*My address is private
N4*ST THOMAS*VI*00801
PO1*54812*1*EA***SK*123546*VP*123546*UP*123456987111
CTT*1
SE*11*1234
GE*1*123
IEA*1*100000001
和base64字符串作為符號。 並演唱以下功能以匹配符號:
static bool Verify(string text, byte[] signature, string certPath)
{
X509Certificate2 cert = new X509Certificate2(certPath);
RSACryptoServiceProvider csp = (RSACryptoServiceProvider)cert.PublicKey.Key;
SHA1Managed sha1 = new SHA1Managed();
UnicodeEncoding encoding = new UnicodeEncoding();
byte[] data = encoding.GetBytes(text);
byte[] hash = sha1.ComputeHash(data);
// Verify the signature with the hash
return csp.VerifyHash(hash, CryptoConfig.MapNameToOID("SHA1"), signature);
}
但是此功能與簽名不匹配。 請幫我解決這個問題。
謝謝...
1 個解決方案
解決方案1
0 2018-09-18 14:42:24
我個人無法獲取數據進行驗證。 (我假設要么存在尾部空格未正確復制,要么有效載荷已更改(例如“我的地址是私人的”))
我期望的流程正在發生:
- pkcs7內容是具有分離內容的CMS SignedData。
- 在第一個流中指定了簽名內容
因此,您需要執行以下操作:
byte[] dataBytes = ReadFirstSegment();
byte[] signatureBytes = ReadSecondSegment();
SignedCms cms = new SignedCms(new ContentInfo(dataBytes), detached: true);
cms.Decode(signatureBytes);
// This next line throws a CryptographicException if the signature can't be verified
cms.CheckSignature(true);
SignerInfoCollection signers = cms.SignerInfos;
if (signers.Count != 1)
{
// probably fail
}
if (!IsExpectedCertificate(signers[0].Certificate))
{
// fail
}
// success
在 PKCS7 (CMS) 中使用相同的響應 xml 簽名對多個位置進行簽名
[英]Sign multiple location with same response xml signature in PKCS7 (CMS)
使用IText或ITextSharp或BouncyCastle從pdf文件中提取pkcs7(字節[])
[英]Extract pkcs7 (byte[]) from a pdf file using IText or ITextSharp or BouncyCastle
如何驗證SMIME多部分/已簽名應用程序/ x-pkcs7簽名郵件的簽名
[英]Howto Verify Signature of a SMIME multipart/signed application/x-pkcs7-signature Mail
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.
相關問題
如何從數字PKCS7簽名解碼時間戳?
解密並驗證 C# 中的 PKCS7 消息
驗證未分離的PKCS簽名
在 PKCS7 (CMS) 中使用相同的響應 xml 簽名對多個位置進行簽名
如何解密 PKCS7 消息
如何從 PKCS#7 中提取 PKCS#1 簽名
使用IText或ITextSharp或BouncyCastle從pdf文件中提取pkcs7(字節[])
如何驗證SMIME多部分/已簽名應用程序/ x-pkcs7簽名郵件的簽名
有什么辦法可以從紅寶石中解密pkcs7填充的AES 256 CBC?
在Java中驗證Bouncy Castle的pkcs7 SignedData
相關標簽