Howto Verify Signature of a SMIME multipart/signed

2019-09-02 03:41发布

站内问答 / C#
1883 1 6

I am working on a larger application which receives email by POP3, IMAP or through import from .msg Files (Exported form Outlook or dragged over from Outlook).

Recently I received an email with an attachment "smime.p7m". After further inspection it turned out to be a MIME Message with

Content-Type: multipart/signed; protocol="application/x-pkcs7-signature";

Among other parts it contains one section

Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s"

I tried to verify this signature using OpenPop as a MIME Message Parser and SignedCms to check the signature. My attempt looks like this:

var datapart = OpenPop.MessagePart[...];
var part3 = OpenPop.MessagePart[3]; // the signature

var ci = new ContentInfo(datapart);            
var sCMS = new SignedCms(ci, detached: true);
sCMS.Decode(part3.Body);
sCMS.CheckHash();

sCMS.CheckSignature(verifySignatureOnly:true);

But no matter what I use for datapart I always get

System.Security.Cryptography.CryptographicException The hash value is not correct.

How can I verify the signature?

Are there better approaches?

标签: c# smime openpop
举报
1条回答
疯言疯语
2楼-- · 2019-09-02 04:12

The easiest way for you to do this would be to use MimeKit (which is not only open source but also free for commercial use).

Since all you care about is verifying the signatures, you could just use a MimeKit.Cryptography.TemporarySecureMimeContext instead of setting up your own (like the README and other documentation talks about doing).

Typically, when you receive a message signed via S/MIME, it is almost always the root-level MIME part that is the multipart/signed part, which makes this somewhat easier (the first step toward verifying signatures is to locate the multipart/signed part).

var signed = message.Body as MultipartSigned;
if (signed != null) {
    using (var ctx = new TemporaryMimeContext ()) {
        foreach (var signature in signed.Verify (ctx)) {
            try {
                bool valid = signature.Verify ();

                // If valid is true, then it signifies that the signed
                // content has not been modified since this particular
                // signer signed the content.
                //
                // However, if it is false, then it indicates that the
                // signed content has
                // been modified.
            } catch (DigitalSignatureVerifyException) {
                // There was an error verifying the signature.
            }
        }
    }
}

You can find API documentation for MimeKit at www.mimekit.net/docs.

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(6)