SignedCms.CheckSignature 根据哪些证书检查签名?
SignedCms.CheckSignature checks the signature against which certificates?
我有一封已签名的邮件,我想知道此代码检查签名时使用的是什么证书。
SignedCms 是否始终包含签名证书(并且它用于验证签名)或者有时证书不在消息中并且它是从验证机器证书存储中获取的?
基本上我感兴趣的是确定谁是签署该消息的用户。
这是进行验证的代码示例(来自 msdn:https://msdn.microsoft.com/en-us/library/aedbc064(v=vs.110).aspx)
// Create a ContentInfo object from the inner content obtained independently from encodedMessage.
ContentInfo contentInfo = new ContentInfo(innerContent);
// Create a new, detached SignedCms message.
SignedCms signedCms = new SignedCms(contentInfo, true);
// encodedMessage is the encoded message received from the sender.
signedCms.Decode(encodedMessage);
// Verify the signature without validating the certificate.
signedCms.CheckSignature(true); //<-- Here is the verification
谢谢,抱歉我的英语不好。
SignedCms 由 RFC 2315 中定义的 ASN.1 结构 SignedData 表示
SignedData ::= SEQUENCE {
version Version,
digestAlgorithms DigestAlgorithmIdentifiers,
contentInfo ContentInfo,
certificates
[0] IMPLICIT ExtendedCertificatesAndCertificates
OPTIONAL,
crls
[1] IMPLICIT CertificateRevocationLists OPTIONAL,
signerInfos SignerInfos }
属性 certificates 如 RFC 2315
所述
is a set of PKCS #6 extended certificates and X.509 certificates. It
is intended that the set be sufficient to contain chains from a
recognized "root" or "top-level certification authority" to all of the
signers in the signerInfos field. There may be more certificates than
necessary, and there may be certificates sufficient to contain chains
from two or more independent top-level certification authorities.
There may also be fewer certificates than necessary, if it is expected
that those verifying the signatures have an alternate means of
obtaining necessary certificates (e.g., from a previous set of
certificates).
但它是可选的。
signerInfos 描述为
signerInfos is a collection of per-signer information. There may be any number of elements in the collection, including zero.
SignerInfo 包含描述用于签署内容的证书的 IssuerAndSerialNumber 元素。
更多信息见RFC 2315
在 c# 中,您可以使用以下代码获取证书:
signedCms.SignerInfos[0].Certificate
我有一封已签名的邮件,我想知道此代码检查签名时使用的是什么证书。 SignedCms 是否始终包含签名证书(并且它用于验证签名)或者有时证书不在消息中并且它是从验证机器证书存储中获取的? 基本上我感兴趣的是确定谁是签署该消息的用户。
这是进行验证的代码示例(来自 msdn:https://msdn.microsoft.com/en-us/library/aedbc064(v=vs.110).aspx)
// Create a ContentInfo object from the inner content obtained independently from encodedMessage.
ContentInfo contentInfo = new ContentInfo(innerContent);
// Create a new, detached SignedCms message.
SignedCms signedCms = new SignedCms(contentInfo, true);
// encodedMessage is the encoded message received from the sender.
signedCms.Decode(encodedMessage);
// Verify the signature without validating the certificate.
signedCms.CheckSignature(true); //<-- Here is the verification
谢谢,抱歉我的英语不好。
SignedCms 由 RFC 2315 中定义的 ASN.1 结构 SignedData 表示
SignedData ::= SEQUENCE {
version Version,
digestAlgorithms DigestAlgorithmIdentifiers,
contentInfo ContentInfo,
certificates
[0] IMPLICIT ExtendedCertificatesAndCertificates
OPTIONAL,
crls
[1] IMPLICIT CertificateRevocationLists OPTIONAL,
signerInfos SignerInfos }
属性 certificates 如 RFC 2315
is a set of PKCS #6 extended certificates and X.509 certificates. It is intended that the set be sufficient to contain chains from a recognized "root" or "top-level certification authority" to all of the signers in the signerInfos field. There may be more certificates than necessary, and there may be certificates sufficient to contain chains from two or more independent top-level certification authorities. There may also be fewer certificates than necessary, if it is expected that those verifying the signatures have an alternate means of obtaining necessary certificates (e.g., from a previous set of certificates).
但它是可选的。
signerInfos 描述为
signerInfos is a collection of per-signer information. There may be any number of elements in the collection, including zero.
SignerInfo 包含描述用于签署内容的证书的 IssuerAndSerialNumber 元素。
更多信息见RFC 2315
在 c# 中,您可以使用以下代码获取证书:
signedCms.SignerInfos[0].Certificate