C# How to Verify Digital Signature from email ( Encoding SeveBit )_问答_开发者

C# How to Verify Digital Signature from email ( Encoding SeveBit )

开发者 https://www.devze.com 2023-04-06 12:17 出处：网络

I get the message body and the smime.p7s file that contains the digital signature. And I want to verify if the mail is signed by that signature.

I get the message body and the smime.p7s file that contains the digital signature. And I want to verify if the mail is signed by that signature. I'm using the following code.

   private bool VerifyCommand(string text, byte[] signature, string certPath)
{   
// Load the certificate file to use to verify the signature from a file
// If using web service or ASP.NET, use: X509Certificate2 cert = new X509Certificate2(Request.ClientCertificate.Certificate);
X509Certificate2 cert = new X509Certificate2(certPath);

// Get public key
RSACryptoServiceProvider csp = (RSACryptoServiceProvider)cert.PublicKey.Key;

// Hash the text, the text is the expected command by the client application.
// Remember hased data cannot be unhash. It is irreversable
SHA1Managed sha1 = new SHA1Managed();
UnicodeEncoding encoding = new UnicodeEncoding();
byte[] data = encoding.GetBytes(text);
byte[] hash = sha1.ComputeHash(data);

// Verify the signature with the hash
return csp.VerifyHash(hash, CryptoConfig.MapNameToOID("SHA1"), signature);
}

byte[] signature is the signature from mail after Convert.FromBase64String(mailsignature). string certPath is the path tot the smime.p7s file. ( the smime.p7s is attached to the mail)

This is the part where the body mail is:

------=_NextPart_001_0039_01CC77C1.AFC97230
Content-Type: text/plain;
    charset="us-ascii"
Content-Transfer-Encoding: 7开发者_Go百科bit

FINAL TEST SIGNED

------=_NextPart_001_0039_01CC77C1.AFC97230

This is a part of the Signature attachment:

------=_NextPart_000_0038_01CC77C1.AFC4B740
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIWADCCA7Ew
ggKZoAMCAQICEBErBTlXKN63QvT+VRPTt1EwDQYJKoZIhvcNAQEFBQAwQzEXMBUGA1UEChMOQWxj
YXRlbCBMdWNlbnQxKDAmBgNVBAMTH0FsY2F0ZWwgTHVjZW50IEludGVybmFsIFJvb3QgQ0EwHhcN
MDgxMTAzMTU0MTE2WhcNMjgxMTAzMTU0MTE2WjBDMRcwFQYDVQQKEw5BbGNhdGVsIEx1Y2VudDEo
MCYGA1UEAxMfQWxjYXRlbCBMdWNlbnQgSW50ZXJuYWwgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBAL5IGBVth8afQdnpuLDI0Z37GgIcPWznOOzFJUV1gVbztqQ5CIxkVL4K
...................

Is the method that I'm using correct? is the Encoding write? or I have to use a 7-bit?

enter code here

Thnx Henning Krause. I searched, and I'm stuck again :( .

public static bool Verify(byte[] signature, X509Certificate2 certificate)
{
   X509Certificate2 cert=new X509Certificate2(@"D:\Work\Digital Signature\smime.p7s");
   certificate = cert;

    if(signature == null)
        throw new ArgumentNullException("signature");
    if(certificate == null)
        throw new ArgumentNullException("certificate");

    //the text from the body of the mail    
    string text = "FINAL TEST SIGNED";
    //hash the text 
     // Methode 3 for Hashing
            System.Security.Cryptography.SHA1 hash3 = System.Security.Cryptography.SHA1.Create();
            System.Text.UnicodeEncoding encoder = new System.Text.UnicodeEncoding();
            byte[] combined = encoder.GetBytes(text);
            byte[] hash3byte = hash3.ComputeHash(combined);

    //Adding the text from the email, to a contentInfo 
      ContentInfo content = new ContentInfo(hash3byte);

    // decode the signature
    SignedCms verifyCms = new SignedCms(content,true);
    verifyCms.Decode(signature);

    // verify it
    try
    {
        verifyCms.CheckSignature(new X509Certificate2Collection(certificate), false);
        return true;
    }
    catch(CryptographicException)
    {
        return false;
    }
}

I get the CryptographicException "The hash value is not correct." I tried only verifyCms.CheckSignature(true); (same error) I tried to add in ContentInfo the whole mail (Sender , Subject , Body, HTML Sectione ...) (same error)

Can you please be more specific how can I use the SignedCms for my problem?

You should look into the SignedCMS class. You can use that class to validate signatures according to the PKCS#7 standard.

If you have the message and the signature, you'll do the following:

var cmsMessage = new SignedCms(new ContentInfo(message), true)
cmsMessage.Decode(signature);
// if no CryptographicException is thrown at this point, the signature holds up. Otherwise it's broken.