是否可以使用 MimeKit 创建带有不透明签名的签名电子邮件?
Is it possible to create a signed email with an opaque signature using MimeKit?
基本上如问题所述。
我编写了一个程序,使用安装在用户计算机上的 X509Certificate2 对电子邮件进行签名。这是用 MimeKit 完成的,这使得它非常容易(如图所示)。
var signer = new CmsSigner(certificate, key);
signer.DigestAlgorithm = DigestAlgorithm.Sha1;
message.Body = MultipartSigned.Create(ctx, signer, messageContent);
有人问我是否可以使用 'opaque' 签名而不是分离签名来创建此签名电子邮件。我相信 OpenSSL 中有一个选项可以做到这一点(??)。
无论如何,我找不到任何与 MimeKit 相关的 'opaque' 选项。
这可能吗?如果可能,怎么做?
是的,这也是可以的。关于 S/MIME,当人们提到不透明签名时,他们的意思是他们想要 application/pkcs7-mime 格式的签名。以下是您将如何创建它:
var signer = new CmsSigner(certificate, key);
signer.DigestAlgorithm = DigestAlgorithm.Sha1;
message.Body = ApplicationPkcs7Mime.Sign(ctx, signer, messageContent);
希望对您有所帮助!
注:
In late 2013, Microsoft announced that they would be retiring their
use of SHA-1 in their products by 2016 with the assumption that its
days as an unbroken digest algorithm were numbered. It is speculated
that the SHA-1 digest algorithm will be vulnerable to collisions, and
thus no longer considered secure, by 2018.
Microsoft and other vendors plan to move to the SHA-2 suite of digest
algorithms which includes the following 4 variants: SHA-224, SHA-256,
SHA-384, and SHA-512.
public void SignEmail( MimeMessage m, Org.BouncyCastle.X509.X509Certificate certificate, Org.BouncyCastle.Crypto.AsymmetricKeyParameter key, MailboxAddress sender, MimeEntity content)
{
var signer = new MimeKit.Cryptography.CmsSigner( certificate, key );
signer.DigestAlgorithm = DigestAlgorithm.Sha1;
m.Body = ApplicationPkcs7Mime.Sign( sender, signer.DigestAlgorithm, content );
}
基本上如问题所述。
我编写了一个程序,使用安装在用户计算机上的 X509Certificate2 对电子邮件进行签名。这是用 MimeKit 完成的,这使得它非常容易(如图所示)。
var signer = new CmsSigner(certificate, key);
signer.DigestAlgorithm = DigestAlgorithm.Sha1;
message.Body = MultipartSigned.Create(ctx, signer, messageContent);
有人问我是否可以使用 'opaque' 签名而不是分离签名来创建此签名电子邮件。我相信 OpenSSL 中有一个选项可以做到这一点(??)。
无论如何,我找不到任何与 MimeKit 相关的 'opaque' 选项。
这可能吗?如果可能,怎么做?
是的,这也是可以的。关于 S/MIME,当人们提到不透明签名时,他们的意思是他们想要 application/pkcs7-mime 格式的签名。以下是您将如何创建它:
var signer = new CmsSigner(certificate, key);
signer.DigestAlgorithm = DigestAlgorithm.Sha1;
message.Body = ApplicationPkcs7Mime.Sign(ctx, signer, messageContent);
希望对您有所帮助!
注:
In late 2013, Microsoft announced that they would be retiring their use of SHA-1 in their products by 2016 with the assumption that its days as an unbroken digest algorithm were numbered. It is speculated that the SHA-1 digest algorithm will be vulnerable to collisions, and thus no longer considered secure, by 2018.
Microsoft and other vendors plan to move to the SHA-2 suite of digest algorithms which includes the following 4 variants: SHA-224, SHA-256, SHA-384, and SHA-512.
public void SignEmail( MimeMessage m, Org.BouncyCastle.X509.X509Certificate certificate, Org.BouncyCastle.Crypto.AsymmetricKeyParameter key, MailboxAddress sender, MimeEntity content)
{
var signer = new MimeKit.Cryptography.CmsSigner( certificate, key );
signer.DigestAlgorithm = DigestAlgorithm.Sha1;
m.Body = ApplicationPkcs7Mime.Sign( sender, signer.DigestAlgorithm, content );
}