有一种方法(此处简化)可以验证数字签名。当我尝试检查签名文件时,我在 SignerInfo.CheckSignature 方法中收到错误“参数不正确”。无论我传递什么参数。这发生在生产服务器上,我无法在自己身上重现相同的错误 - 一切正常。签名和证书链是有效的。开发服务器和生产服务器的代码和证书集合相同。
public string Check(byte[] fileBytes)
{
X509Store store = new X509Store(StoreName.Root, StoreLocation.LocalMachine);
store.Open(OpenFlags.MaxAllowed);
X509Certificate2Collection collection = new X509Certificate2Collection(store.Certificates);
store.Close();
byte[] encodedSignedCms = fileBytes;
SignedCms signedCms = new SignedCms();
signedCms.Decode(encodedSignedCms);
if (signedCms.SignerInfos.Count == 0)
return ("not found");
SignerInfoEnumerator enumerator = signedCms.SignerInfos.GetEnumerator();
while (enumerator.MoveNext())
{
SignerInfo current = enumerator.Current;
try
{
//any of these methods will return the same error
current.CheckSignature(true);
current.CheckSignature(collection, true);
current.CheckSignature(collection, false);
}
catch (CryptographicException e)
{
//parameter is incorrect
return ("error");
}
}
return ("success");
}
错误:
MESSAGE: parameter is incorrect
INNEREXCEPTION: null
STACKTRACE: in System.Security.Cryptography.Pkcs.SignerInfo.Verify(X509Certificate2Collection extraStore, X509Certificate2 certificate, Boolean verifySignatureOnly) in System.Security.Cryptography.Pkcs.SignerInfo.CheckSignature(X509Certificate2Collection extraStore, Boolean verifySignatureOnly) in ProjectName.Controllers.SignatureController.Check(Byte[] fileBytes).
TARGETSITE: Void Verify(System.Security.Cryptography.X509Certificates.X509Certificate2Collection, System.Security.Cryptography.X509Certificates.X509Certificate2, Boolean)
技术信息:
ASP.NET MVC
Production: Windows Server 2016. Net Framework 4.8. IIS 10.
Development: Windows 7 Pro or Windows Server 2016. Net Framework 4.8. Visual Studio 2015
我可以修复或检查什么?提前致谢。
答案 0 :(得分:0)
我注意到打开任何证书时都没有显示链。并显示错误“验证信任时发生系统级错误”。我找到了重新安装加密提供程序的建议。就我而言,它是 Crypto Pro CSP。之后,证书链正确排列,代码运行良好。这很可能发生在 Windows 更新之后。