I have the following code to sign my data before sending (http):
internal static byte[] Encode(byte[] arMessage, string signerCert, string signerPassword)
{
X509Certificate2 cert = new X509Certificate2(signerCert, signerPassword);
var msg = System.Text.ASCIIEncoding.ASCII.GetString(arMessage);
ContentInfo contentInfo = new ContentInfo(arMessage);
SignedCms signedCms = new SignedCms(contentInfo, true);
CmsSigner cmsSigner = new CmsSigner(cert);
signedCms.ComputeSignature(cmsSigner);
byte[] signature = signedCms.Encode();
return signature;
}
I see a signature after following these steps:
string sig = Convert.ToBase64String(bSignature) + MESSAGE_SEPARATOR;
bSignature = System.Text.ASCIIEncoding.ASCII.GetBytes(sig);
string deb8 = System.Text.ASCIIEncoding.ASCII.GetString(bSignature);
For instance:
MIICvgYJKoZIhvcNAQcCoIICrzCCAqsCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCCAbgwggG0MIIBXqADAgECAhAGicJ2MhB7tUZtG3QcdWDwMA0GCSqGSIb3DQEBBAUAMBYxFDASBgNVBAMTC1Jvb3QgQWdlbmN5MB4XDTExMDUwMzEyMTQ0NVoXDTM5MTIzMTIzNTk1OVowDzENMAsGA1UEAxMEVGVzdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAuOm4jGHUzLPNww6sx7cZJJxjLIDL/rVVLOtDd1NeA4DZZM1+lKwLpDp3FrV1CA4NP7g3weTg6Y0Jb6X7CSQHnfHRzU8LLrHgp/D9NJ39/RhsKggUteMa1FUUas0fMDMELtTO07ejNfYAhDYQiXmeg+pIMpUfeUhMicyV2xrPzG8CAwEAAaNLMEkwRwYDVR0BBEAwPoAQEuQJLQYdHU8AjWEh3BZkY6EYMBYxFDASBgNVBAMTC1Jvb3QgQWdlbmN5ghAGN2wAqgBkihHPuNSqXDX0MA0GCSqGSIb3DQEBBAUAA0EAVIjI0My490lY6vKrcgorZZ8MBo3MSk9HuDRBE0SRwSQjnvPsAD0ol1ZjvzjFKA/0Vgvp1lyYquCTSL8R/uWf+TGBzzCBzAIBATAqMBYxFDASBgNVBAMTC1Jvb3QgQWdlbmN5AhAGicJ2MhB7tUZtG3QcdWDwMAkGBSsOAwIaBQAwDQYJKoZIhvcNAQEBBQAEgYCuXG2CJ0G6UaO1AVMpo5ul3JkJ9EvJbdwb6sXOqOonq5qKbaGJsx0sgwoBfg3lLMP3UI9JVi4dTGG4KTzA1k/0Qt0owmEPKrDh3zVZr2hK/iHsW75sGjSgYT4hxbn6ziQ2IFoN2qCbxdXrMZ+TD0pf7o/ABdorjlvQ5USwlPKjZQ==
This is what I received in the received message. So, the question is : how to check the signature of the received message at the recipient (is there a .cer file)? thanks in advance
Edit 1:
I tried to follow the logic of Daniel Hilgart, but that didn't work. Several times I met the exception "ASN Bad tag value". To make it easier, I hard-coded the message used to generate the signature. So, I have 2 things on the receiver: the original message and the signature generated for it:
var signatureKey = GetSignatureFromSignatureMessage(signatureMessage, boundary);
var messageOriginal =
"Content-Type: application/EDIFACT\r\nContent-Transfer-Encoding: binary\r\n\r\nSome short text.\r\nVery short.";
I need to check if the signature matches this post. So I am trying to do something like this:
ContentInfo contentInfo = new ContentInfo(System.Text.ASCIIEncoding.ASCII.GetBytes(messageOriginal));
SignedCms signedCms = new SignedCms(contentInfo, true);
signedCms.Decode(System.Text.ASCIIEncoding.ASCII.GetBytes(signatureKey));
signedCms.CheckSignature(true);
.
?
2:
:
.
, :
Base64 → Base64String → ASCII → ASCII → Send_message
ASCII, :
ASCII String → .
base64, .
var signatureKey = GetSignatureFromSignatureMessage(signatureMessage, boundary);
var sigKeyBase = Convert.FromBase64String(signatureKey);
var messageOriginal =
"Content-Type: application/EDIFACT\r\nContent-Transfer-Encoding: binary\r\n\r\nSome short text.\r\nVery short.";
var messageOriginalByteASCII = System.Text.ASCIIEncoding.ASCII.GetBytes(messageOriginal);
ContentInfo contentInfo = new ContentInfo(messageOriginalByteASCII);
SignedCms signedCms = new SignedCms(contentInfo, true);
signedCms.Decode(sigKeyBase);
signedCms.CheckSignature(true);
.
ChekSignature true false. .: (