My task is to create data that are digitally signed in format of PKCS#7 version 1.5 (RFC 2315) DER (ITU-T Recommendation X.690)
- basically ANSI.1
with X.509 signature
?
the message must satisfy following:
- must be type
signedData
- must contain signed data
- must contain signer's certificate
- must contain one digital signature
My code is following
static void Main(string[] args)
{
string pfx = @"C:\Users\marek\Downloads\mfcr\marek-pfx.pfx";
string xml = @"C:\Users\marek\Downloads\mfcr\souhr20141.xml";
X509Certificate2 cert = new X509Certificate2(pfx, "thepass");
byte[] publicBytes = cert.RawData;
//var f = new FileStream(xml, System.IO.FileMode.Open);
var fileContent = System.IO.File.ReadAllBytes(xml);
char[] cArray = System.Text.Encoding.ASCII.GetString(fileContent).ToCharArray();
RSACryptoServiceProvider rsa = (RSACryptoServiceProvider)cert.PrivateKey;
byte[] signedData = rsa.SignData(new System.Text.UTF8Encoding().GetBytes(cArray), new SHA1CryptoServiceProvider());
RSACryptoServiceProvider rsa2 = (RSACryptoServiceProvider)new X509Certificate2(publicBytes).PublicKey.Key;
var dataGenerator = new CmsEnvelopedDataStreamGenerator();
bool verified = rsa2.VerifyData(new System.Text.UTF8Encoding().GetBytes(cArray), new SHA1CryptoServiceProvider(), signedData);
File.WriteAllBytes(@"C:\Users\marek\Downloads\mfcr\Foo.p7b", signedData);
}
The WebService
that Iam sending the Foo.p7b
responds with: File is not in expected format of PKCS7(DER).
This code for sending the HttpWebRequest
:
static void Main(string[] args)
{
try
{
string fileName = (@"C:\Users\marek\Downloads\mfcr\Foo.p7b");
WebResponse rsp = null;
HttpWebRequest request = (HttpWebRequest)HttpWebRequest.Create("https://adisepo.mfcr.cz/adistc/epo_podani");
request.ClientCertificates.Add(new X509Certificate(pfx,"thepass"));
request.Method = "POST";
request.ContentType = "application/pkcs7-signature";
request.Credentials = CredentialCache.DefaultNetworkCredentials;
var encoder = new UTF8Encoding();
var reqStream = request.GetRequestStream();
StreamWriter writer = new StreamWriter(request.GetRequestStream());
// Write the XML text into the stream
writer.WriteLine(GetTextFromXMLFile(fileName));
writer.Close();
reqStream.Close();
rsp = request.GetResponse();
StreamReader sr = new StreamReader(rsp.GetResponseStream());
string result = sr.ReadToEnd();
sr.Close();
Console.Write("\n příkaz odeslán \n");
Console.Write(result);
Console.ReadLine();
Console.Read();
}
catch (Exception ex)
{ Console.WriteLine(ex.ToString());
Console.ReadLine();
}
}
private static string GetTextFromXMLFile(string file)
{
StreamReader reader = new StreamReader(file);
string ret = reader.ReadToEnd();
reader.Close();
return ret;
}
}
I'm struggling with this issue for almost 5 days - I'm surely not expert on digital signature or certificates.
From what I learned so far - to create message like that I should do:
- Sign the
xml
with myprivate key
- Envelope that blob with my
public key
But how could the recipient check whether I am the real sender? Should I add to HttpWebRequest
parameter with my certificate? Or that step 2 - Enveloping the message is enough for him to check that?
Thank you everyone for your time and replies.
WebService
. Thanks anyway, I edited my code. – Marek