0

I'm new to s/mime and need to digitally sign email with xml attachment, but unfortunately this email has a wrong hash value (according to response of external system). I digged into the code of the library and found that it creates a sign for base64-encoded body part, is it correct or the signature should be computed for xml attachment content?

Also here is some more issues:

  1. Lots of headers/parameters are owerritten by library: for ex. ContentType parameters, some headers (like X-Mailer) and many others
  2. It creates an empty boundary for Content-Type: text/plain, though I haven't any text except attachment

Here is my code:

public static void Sign(X509Certificate2 clientCert, string from, string to, string subject, string attachementPath)
{
    Message message = new Message();

    message.From = new Address(from);
    message.To.Add(to);
    message.ContentType.MimeType = "multipart/signed";
    message.ContentType.Parameters.Add("protocol", "\"application/pkcs7-signature\"");
    message.ContentTransferEncoding = ContentTransferEncoding.SevenBits;
    message.AddHeaderField("MIME-Version", "1.0");
    message.Subject = subject;

    var mimePart = new MimePart(attachementPath, false);
    mimePart.ContentTransferEncoding = ContentTransferEncoding.Base64;
    mimePart.Charset = "windows-1251";
    mimePart.ContentType.MimeType = "text/xml";

    message.Attachments.Add(mimePart);
    message.BuildMimePartTree();

    CmsSigner signer = new CmsSigner(clientCert);
    signer.IncludeOption = X509IncludeOption.EndCertOnly;

    message.SmimeAttachSignatureBy(signer);
}
Andrey
  • 65
  • 1
  • 8
  • You should share more information. What library are you talking about and how is it used? Can you provide an example of a message before and after signing it? The issues that you list are not necessarily issues. – not2savvy Nov 25 '20 at 10:55
  • A signature is an encryption algorithm and the for the signature to validate you must use the same key, algorithm, and data as the code that created the signature. A lot of times with signed documents you will start with a template and the create the signed document from the template. So I think the over writing is just modifying the template. – jdweng Nov 25 '20 at 11:04
  • I' m using MailSystem.Net library and I've edded code sample (without sending part) – Andrey Nov 25 '20 at 11:23

0 Answers0