[英]Digitalsignature verification failed using Mimekit
我們正在嘗試使用 MimeKit 來驗證數字簽名的電子郵件 (.p7m) 簽名。 當我調用signature.Verify();
它拋出錯誤消息:
{“無法驗證數字簽名:需要非空集\\r\\n參數名稱:值”}。
但同樣的郵件被 Limilabs.Mail 成功驗證。
我正在使用下面的代碼來驗證簽名。
if (message.Body is MultipartSigned)
{
var signed = (MultipartSigned)message.Body;
foreach (var signature in signed.Verify())
{
try
{
bool valid = signature.Verify();
// If valid is true, then it signifies that the signed content
// has not been modified since this particular signer signed the
// content.
// However, if it is false, then it indicates that the signed
// content has been modified.
}
catch (DigitalSignatureVerifyException)
{
// There was an error verifying the signature.
}
}
}
任何人都可以幫助我解決為什么我收到錯誤?
這里的問題是,默認情況下,當開發人員沒有明確提供用於MultipartSigned.Verify()
方法調用的上下文並且也沒有注冊替代 S/MIME 時,MimeKit 默認使用DefaultSecureMimeContext
后端使用CryptographyContext.Register()
上下文。
由於DefaultSecureMimeContext
以一個空的 S/MIME 證書數據庫開始,因此它沒有受信任的錨點(又名根證書頒發機構證書),因此在它為 S/MIME 簽名者構建證書鏈時拋出您看到的異常驗證簽名。
您可以通過導入一些根證書頒發機構證書(最好包括為所述簽名者構建證書鏈所需的證書)或使用WindowsSecureMimeContext
來解決此問題:
if (message.Body is MultipartSigned)
{
var signed = (MultipartSigned)message.Body;
using (var ctx = new WindowsSecureMimeContext ()) {
foreach (var signature in signed.Verify(ctx))
{
try
{
bool valid = signature.Verify();
// If valid is true, then it signifies that the signed content
// has not been modified since this particular signer signed the
// content.
// However, if it is false, then it indicates that the signed
// content has been modified.
}
catch (DigitalSignatureVerifyException)
{
// There was an error verifying the signature.
}
}
}
}
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.