Closed dawud-tan closed 4 years ago
@dawud-tan Does your snippet work from .NET Framework, but not .NET Core; or does it fail from both?
@bartonjs It fail from both, what I do is just put the base64 encoded of signedCms.Encode()
into the body of application/pkcs7-signature
, then concatenate all of the required string to form standard S/MIME (RFC 3851), following is the snippet of my .csproj
file. mm, could you point me to an example of SignedCms
that could be verified with openssl cms -verify
please?
<TargetFramework>net471</TargetFramework>
<RuntimeIdentifier>win10-x64</RuntimeIdentifier>
I'm pretty sure OpenSSL is upset with you for violating the base64 encoding rule that says no more than 76 characters per line.
https://tools.ietf.org/html/rfc2045#section-6.8
The encoded output stream must be represented in lines of no more than 76 characters each. All line breaks or other characters not found in Table 1 must be ignored by decoding software. In base64 data, characters other than those in Table 1, line breaks, and other white space probably indicate a transmission error, about which a warning message or even a message rejection might be appropriate under some circumstances.
Adding a bunch of line breaks in your message to limit the base64 to 76 characters per line I then get
$ openssl cms -in smime.msg -verify
Verification failure
139997058221720:error:2E099064:CMS routines:CMS_SIGNERINFO_VERIFY_CERT:certificate verify error:cms_smime.c:287:Verify error:self signed certificate
Which means it has now processed the message.
@bortonjs ah, I'm sorry for being naive, thanks for the url spec :smile:, it's my fault. This issue could be closed.
string sig = Convert.ToBase64String(signedCms.Encode());
I didn't break the output of the above call into 76 chars. So, the problem it's not related with SignedCms class, but, does .NET Framework or .NET Core do have S/MIME support out of the box?
self-signed cert error is supposed to be happen. What I do in my environment is just openssl smime -verify -in signedCusdec.txt -noverify -nointern -nochain -certfile kepabeanan.crt -out verify.txt
.
does .NET Framework or .NET Core do have S/MIME support out of the box?
Not that I'm aware of. @davidsh is there S/MIME anywhere in System.Net.Mail?
Not that I'm aware of. @davidsh is there S/MIME anywhere in System.Net.Mail?
There is no S/MIME support in System.Net.* APIs in neither .NET Framework or .NET Core.
https://github.com/dotnet/corefx/commit/075cec7a82fe2cdec403315c3350b88973119abe I have difficulty in making Detached
System.Security.Cryptography.Pkcs.SignedCms.cs
interoperate with openssl cms, the openssl command that I execute isopenssl cms -verify -in signedCusdec.p7s -certfile kepabeanan.crt -noverify -nointern -no_alt_chains -out verifiedCusdec.txt
, it throws following errorFollowing is my code snippet extracted from AS2MIMEUtilities.cs
Following is the signedCusdec.p7s file, generated from the above code