Which is the equivalent openssl commad to this c# signing code -
i have following code sign file:
using system; using system.collections.generic; using system.io; using system.linq; using system.security.cryptography.x509certificates; using system.security.cryptography.pkcs; using system.text; using system.threading.tasks; using disig.timestampclient; using system.xml.linq; namespace clienttest { class program { static void main(string[] args) { var certificate = getcertificate("mycert.pfx", "password"); var data = file.readallbytes("data.bin"); var signature = computesignature(data, certificate); savepemsignature(signature, "file-signature.pem"); } static void savepemsignature(byte[] signature, string filepath) { var base64 = convert.tobase64string(signature); using (var writer = new streamwriter(filepath, false, encoding.default)) { writer.writeline("-----begin cms-----"); var pos = 0; while (pos < base64.length) { var len = math.min(64, base64.length - pos); var line = base64.substring(pos, len); writer.writeline(line); pos += len; } writer.writeline("-----end cms-----"); } } static byte[] computesignature(byte[] data, x509certificate2 certificate) { if (data == null) throw new argumentnullexception("data"); if (certificate == null) throw new argumentnullexception("certificate"); contentinfo content = new contentinfo(data); signedcms signedcms = new signedcms(content, true); cmssigner signer = new cmssigner(subjectidentifiertype.subjectkeyidentifier, certificate); signer.digestalgorithm = system.security.cryptography.oid.fromfriendlyname("sha256", system.security.cryptography.oidgroup.hashalgorithm); signedcms.computesignature(signer); return signedcms.encode(); } static x509certificate2 getcertificate(string filepath, string password) { x509certificate2collection collection = new x509certificate2collection(); collection.import(filepath, password, x509keystorageflags.persistkeyset); var cert = collection.cast<x509certificate2>() .firstordefault(x => x.privatekey != null && x.extensions.oftype<x509keyusageextension>().firstordefault(c => (c.keyusages & x509keyusageflags.digitalsignature) == x509keyusageflags.digitalsignature) != null); return cert; } } }
which equivalent openssl command?
i tried following, had not luck, pem files different:
openssl cms -in data.bin -sign -signer mycert.pem -md sha256 -binary -noattr -outform pem -out file-signature.pem
Comments
Post a Comment