-1

考虑一下,我创建了 PKCS#7 消息:

ContentInfo contentInfo = new ContentInfo(someByteArrayToSign);
SignedCms signedCms = new SignedCms(contentInfo);

var certificateFromFile = new X509Certificate2("myCert.pfx");

var signer = new CmsSigner(certificateFromFile);
signer.DigestAlgorithm = new Oid("1.3.14.3.2.26");
signedCms.ComputeSignature(signer);

var myCmsMessage = signedCms.Encode();
SendBytesOverNetwork(myCmsMessage);

现在,我很想签名。以下场景有效(使用BounceCastleand PKCS11.Interop):

var signedPayloadCms = new CmsSignedData(GetBytesFromNetwork());

var data = (byte[])signedPayloadCms.SignedContent.GetContent();
byte[] signature = null;

foreach (SignerInformation signer in signedPayloadCms.GetSignerInfos().GetSigners())
{
    if (signature != null)
    {
        throw new NotSupportedException("Multiple signature");
    }

    signature = signer.GetSignature();
}

var algCkm = CKM.CKM_SHA1_RSA_PKCS;
var mechanism = new Mechanism(algCkm);
Session.Verify(mechanism, somePublicKey.Handle, data, signature, out var isValid)
//isValid  == true

但是当我使用CKM_RSA_PKCS并手动计算 HASH 时,出现了问题:

var algHash = CKM.CKM_SHA_1;
var dataHash = Session.Digest(new Mechanism(algHash), data);

var algCkm = CKM.CKM_RSA_PKCS;
var mechanism = new Mechanism(algCkm);
Session.Verify(mechanism, somePublicKey.Handle, dataHash, signature, out var isValid)
//isValid  == false

我错过了什么?为什么手动计算的哈希无效?

4

1 回答 1

0

事实证明,该哈希需要用DigestInfo结构包装。最简单的方法是添加前缀:(前缀仅对 SHA-1 哈希有效):

var dataHash = Session.Digest(new Mechanism(algHash), data);
dataHash = HexToByteArray("30 21 30 09 06 05 2B 0E 03 02 1A 05 00 04 14")
             .Concat(dataHash).ToArray();

 var algCkm = CKM.CKM_RSA_PKCS
...

在 RF3447C 中找到:https ://www.ietf.org/rfc/rfc3447.txt

如何DigestInfo自行创建:C# - 如何计算特定哈希算法的 ASN.1 DER 编码?

于 2018-03-09T10:14:10.313 回答