1

I'm starting to cryptography. I need to generate a PKCS # 7 file with XML, an RSA private key (which is not included in the certificate is a file extension .key) and a certificate .cer extension.

For this i'm using a BouncyCastle.

Edit:

Thanks @khlr for your help but I can not solve my problem. When sending the data to the AC returns me "Invalid CMS". I have this code: 

public static byte[] FirmaBytesMensaje(byte[] argBytesMsg, X509Certificate2 argCertFirmante)
{
    try
    {
        //Add message in object ContentInfo 
        ContentInfo infoContenido = new ContentInfo(argBytesMsg);
        SignedCms cmsFirmado = new SignedCms(infoContenido);


        CmsSigner cmsFirmante = new CmsSigner(argCertFirmante);
        cmsFirmante.IncludeOption = X509IncludeOption.EndCertOnly;


        // Sign message PKCS #7 
        cmsFirmado.ComputeSignature(cmsFirmante);


        // Encodeo el mensaje PKCS #7. 
        return cmsFirmado.Encode();
    }
    catch (Exception excepcionAlFirmar)
    {
        throw new Exception("***Error: " + excepcionAlFirmar.Message);
    }
}

Signing on PKCS # 7 but this makes with a "PFX" certificate, that is, that contains the private key in a ".pfx" file. When I use the OpenSSL command:

openssl smime -sign -signer cert.crt -inkey private.key -out file.xml.cms -in file.xml -outform PEM -nodetach

The AC responds well. How I can do this with BouncyCastle and cer and key files? I am going crazy! :-(

Emily
  • 314
  • 2
  • 17
  • And your actual question is...? – Jan Köhler Jan 30 '16 at 08:46
  • Hi! @khlr My problem is I can not create the CMS file containing: ---BEGIN PKCS # 7 --- .............................................. --- END PKCS # 7--- – Emily Jan 30 '16 at 17:33
  • Well, do you get any exceptions or is just the output you're getting different from that what you're expecting? – Jan Köhler Jan 30 '16 at 18:24
  • I just need a file extension ".cms" containing the signed and encrypted content in PKCS # 7, you know what I mean? – Emily Jan 30 '16 at 21:30
  • @khlr This line "return signedDataString;" returns me "Org.BouncyCastle.Cms.CmsSignedData" instead of BEGIN PKCS # 7 --- --- --- END CONTENT OF PKCS PKCS # 7 --- Not how to solve it.Help please! – Emily Jan 30 '16 at 21:54
  • 1
    @Emily: Look at what methods the `CmsSignedData` type offers. Evidently, it doesn't override `ToString()` so when you call that you get the default behavior, which is simply to return the type name of the class. Chances are there's another one that returns what you really want. – 500 - Internal Server Error Jan 30 '16 at 22:43

2 Answers2

0

Unfortunately there seems to be no bouncycastle API documentation for C#. Never the less there's a Java reference which is said to be quite similar to the C# API.

Hence the getEncoded()-method (look for a C# equivalent, e.g. GetEncoded()) yields a ASN.1 encoded byte[].

You could then go ahead and get a string from that (note that I'm not familiar with ASN.1 encoding. This is just a guess ):

byte[] buffer = datosFirmados.GetEncoded();
string signedDataString = System.Text.Encoding.UTF8.GetString(buffer, 0, buffer.Length);

Edit:

Maybe the AsnEncodedData-class would be more appropriate for that task:

byte[] buffer = datosFirmados.GetEncoded();
var asndata = new AsnEncodedData(buffer);
const bool multiline = true;
string signedDataString = asndata.Format(multiline);
Community
  • 1
  • 1
Jan Köhler
  • 5,817
  • 5
  • 26
  • 35
0

It's been a quite time, but still no answer. You will need to merge cert and key file together as below.

            using (System.Security.Cryptography.X509Certificates.X509Certificate2 _pub = this.PublicKey.X509Certificate2)
            {
                using (X509Certificate2 _pri = _pub.CopyWithPrivateKey(_rsa))
                {
                    var _infoContenido          = new System.Security.Cryptography.Pkcs.ContentInfo(Message);
                    SignedCms _signedCms        = new SignedCms(_infoContenido);

                    CmsSigner _cmsSigner        = new CmsSigner(_pri);
                    if (IncludeSignDate)
                    {
                        _cmsSigner.SignedAttributes.Add(new Pkcs9SigningTime(DateTime.Now));    // [2020-05-02] 서명한 날짜 속성 추가
                    }
                    _cmsSigner.IncludeOption    = X509IncludeOption.EndCertOnly;

                    // Sign message PKCS #7
                    _signedCms.ComputeSignature(_cmsSigner);
                    var _signedMessage          = _signedCms.Encode();
                }
            }
Joshua Son
  • 1,839
  • 6
  • 31
  • 51