0

我们正在尝试使用 MimeKit 来验证数字签名的电子邮件 (.p7m) 签名。当我调用signature.Verify();它时,它会抛出错误消息:

{"验证数字签名失败:需要非空集\r\n参数名称:值"}。

但同一封邮件已被 Limilabs.Mail 成功验证。

我正在使用下面的代码来验证签名。

if (message.Body is MultipartSigned)
{
    var signed = (MultipartSigned)message.Body;
    foreach (var signature in signed.Verify())
    {
        try
        {
            bool valid = signature.Verify();

            // If valid is true, then it signifies that the signed content
            // has not been modified since this particular signer signed the
            // content.
            // However, if it is false, then it indicates that the signed
            // content has been modified.
        }
        catch (DigitalSignatureVerifyException)
        {
            // There was an error verifying the signature.
        }
    }
}

任何人都可以帮助我解决为什么我会收到错误吗?

4

1 回答 1

3

这里的问题是,默认情况下,DefaultSecureMimeContext当开发人员没有明确提供用于MultipartSigned.Verify()方法调用的上下文并且也没有使用CryptographyContext.Register().

由于DefaultSecureMimeContext从 S/MIME 证书的空数据库开始,它没有受信任的锚点(也称为根证书颁发机构证书),因此在验证时为 S/MIME 签名者构建证书链时会抛出您看到的异常签名。

您可以通过导入一些根证书颁发机构证书(最好包括为所述签名者构建证书链所需的证书)来解决此问题 - 或 - 通过使用WindowsSecureMimeContext

if (message.Body is MultipartSigned)
{
    var signed = (MultipartSigned)message.Body;

    using (var ctx = new WindowsSecureMimeContext ()) {
        foreach (var signature in signed.Verify(ctx))
        {
            try
            {
                bool valid = signature.Verify();

                // If valid is true, then it signifies that the signed content
                // has not been modified since this particular signer signed the
                // content.
                // However, if it is false, then it indicates that the signed
                // content has been modified.
            }
            catch (DigitalSignatureVerifyException)
            {
                // There was an error verifying the signature.
            }
        }
    }
}
于 2019-12-03T15:30:19.140 回答