EDS verification from 1C using C# is not performed. What are the differences?

A

Andrey Plax2017-10-18 14:04:27

1C

Andrey Plax, 2017-10-18 14:04:27

In C #, it is not possible to perform the verification of the digital signature imposed in 1C. In sharpie I write:

X509Certificate2 certificate = new X509Certificate2(fileP12, "PASSWORD");
RSACryptoServiceProvider rsa = (RSACryptoServiceProvider)certificate.PrivateKey;
var hash = sha1.ComputeHash(new UnicodeEncoding.GetBytes(input));
rsa.SignHash(hash, CryptoConfig.MapNameToOID("SHA1"));

Tried to sign both a file and a line. Everything is working. But the signature made by the programmer in 1C does not match.
The key is one. Both have "SHA1" hash. I also played around with the encoding ... What could be the differences?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

B

bonv, 2017-10-18
@Hereigo

Your C# code makes a "naked" signature.
The cryptography manager in 1C creates a signature in PKCS7 format.
Accordingly, in C#, you need to check the signature in the PKCS7 (CMS) format.
SignedCms.CheckSignature

A

Andrey Plax, 2017-10-19
@Hereigo

After a lot of dancing with the tambourine and with a lot of help from bonv , this is what happened:

using System.Security.Cryptography.Pkcs;
// ...
ContentInfo contentInfo = new ContentInfo(Encoding.UTF8.GetBytes(INPUT_MSG));
SignedCms signedCms = new SignedCms(contentInfo, true);
signedCms.Decode(READ_FROM_1C_FILE_SIG);
signedCms.CheckSignature(true);