OpenSSL Signing and CAPI Validation
I am working with the CAPICOM libary, but it is not available on Android and iOS. As far as I know the CAPICOM signed message is in PKCS # 7 format, then I want to use OpenSSL to create a signed message like CAPICOM.
OpenSSL commands I used:
iconv -f utf-8 -t utf-16le data.bin > data-utf16le.bin
openssl smime -sign -binary -noattr -in data-utf16le.bin -signer demo.pem -inkey demo.key -out sign.txt -outform PEM
then I checked with CAPICOM like this: http://www.codeproject.com/Articles/9691/Using-CAPICOM-in-NET-for-Digital-Signatures-with-A
Verification method:
public bool VerifyDetachedSignature(string plaintextMessage, string signedContent, Encoding encodingType)
{
try
{
this._clearText = plaintextMessage;
this._signedContent = signedContent;
CAPICOM.SignedData signedData = new CAPICOM.SignedDataClass();
CAPICOM.Utilities u = new CAPICOM.UtilitiesClass();
IntPtr _content = u.ByteArrayToBinaryString(encodingType.GetBytes(plaintextMessage));
signedData.set_Content(_content);
int len = _signedContent.Length;
signedData.Verify(_signedContent,true, CAPICOM.CAPICOM_SIGNED_DATA_VERIFY_FLAG.CAPICOM_VERIFY_SIGNATURE_ONLY);
SignerCert=null;
CAPICOM.Signer s = (CAPICOM.Signer) signedData.Signers[1];
SignerCert = (CAPICOM.Certificate)s.Certificate;
return true;
}
catch(COMException e)
{
return false;
}
}
encodingType
- System.Text.Encoding.UTF8
.
The result is invalid.
I sign the CAPICOM again and see that the length of the signed message in this case is longer than the length of the signed message generated by OpenSSL.
Please help me understand!
source to share
No one has answered this question yet
Check out similar questions: