search

CryptoPro / corefx

This repo contains the .NET Core foundational libraries, called CoreFX. It includes classes for collections, file systems, console, XML, async and many others. We welcome contributions.
https://github.com/dotnet/core
MIT License
27 stars 7 forks source link

ошибка проверки открепленной подписи #55

Closed mshamito closed 2 years ago

mshamito commented 2 years ago

ubuntu 22.04 при проверке только что созданной открепленной подписи возвращается ошибка

Unhandled exception. System.Security.Cryptography.CryptographicException: The hash value is not correct.
   at System.Security.Cryptography.Pkcs.SignerInfo.PrepareDigest(Boolean compatMode) in /home/appveyor/projects/corefx/src/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/SignerInfo.cs:line 589
   at System.Security.Cryptography.Pkcs.SignerInfo.VerifySignature(CmsSignature signatureProcessor, X509Certificate2 certificate, Boolean compatMode) in /home/appveyor/projects/corefx/src/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/SignerInfo.cs:line 698
   at System.Security.Cryptography.Pkcs.SignerInfo.Verify(X509Certificate2Collection extraStore, X509Certificate2 certificate, Boolean verifySignatureOnly) in /home/appveyor/projects/corefx/src/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/SignerInfo.cs:line 647
   at System.Security.Cryptography.Pkcs.SignerInfo.CheckSignature(X509Certificate2Collection extraStore, Boolean verifySignatureOnly) in /home/appveyor/projects/corefx/src/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/SignerInfo.cs:line 415
   at System.Security.Cryptography.Pkcs.SignedCms.CheckSignatures(SignerInfoCollection signers, X509Certificate2Collection extraStore, Boolean verifySignatureOnly) in /home/appveyor/projects/corefx/src/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/SignedCms.cs:line 595
   at System.Security.Cryptography.Pkcs.SignedCms.CheckSignature(X509Certificate2Collection extraStore, Boolean verifySignatureOnly) in /home/appveyor/projects/corefx/src/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/SignedCms.cs:line 578
   at System.Security.Cryptography.Pkcs.SignedCms.CheckSignature(Boolean verifySignatureOnly) in /home/appveyor/projects/corefx/src/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/SignedCms.cs:line 569
   at cms_raw.Program.Main(String[] args)

на http://dss.cryptopro.ru/Verify/Verify/ проверка проходит успешно. создание и проверка присоединенной подписи также проходит успешно

            bool detached = true;
            SignedCms verifySign = detached ? 
                new SignedCms(new ContentInfo(msg)) : 
                new SignedCms();
            verifySign.Decode(sign);
            verifySign.CheckSignature(true);
Fasjeit commented 2 years ago

Попробуйте явно указать тип подписи при проверке

bool detached = true;
SignedCms verifySign = detached ? 
    new SignedCms(new ContentInfo(msg), detached) : // changes here, explicit detached signature
    new SignedCms();
verifySign.Decode(sign);
verifySign.CheckSignature(true);
mshamito commented 2 years ago

так работает! спасибо!