How to Sign a P7Z File in C# (.NET 8) Using SignedCms? Facing CryptographicException: 'Not Implemented' - Stack

admin管理员组

文章数量:1134247

I am trying to implement a method in C# using .NET 8 to sign a P7Z file. However, when using the SignedCms class, I encounter the following error: System.Security.Cryptography.CryptographicException: 'Not Implemented'.

I have reviewed the SignedCms documentation from Microsoft, but it doesn't seem to provide clarity for this issue. The examples suggest my implementation is correct, yet it doesn't work as expected.

Here is the code I have so far:

public void AddSignature(
    X509Certificate2 certificate,
    Stream inputStream,
    Stream outputStream,
    bool closeStream
)
{
    try
    {
        // Read and decode the original content
        byte[] originalContent = new byte[inputStream.Length];

        using (var ms = new MemoryStream())
        {
            inputStream.CopyTo(ms);
            originalContent = ms.ToArray();
        }

        inputStream.Seek(0, SeekOrigin.Begin);
        inputStream.Read(originalContent, 0, (int)inputStream.Length);

        var signedCms = new SignedCms();
        signedCms.Decode(originalContent);

        // Configure the new signer
        var signer = new CmsSigner(SubjectIdentifierType.IssuerAndSerialNumber, certificate)
        {
            IncludeOption = X509IncludeOption.EndCertOnly
        };

        // Add signed attributes
        signer.SignedAttributes.Add(new Pkcs9SigningTime(DateTime.UtcNow));

        // Attempt to add the signature
        signedCms.ComputeSignature(signer);

        // If the signature was added, save the content
        byte[] signedMessage = signedCms.Encode();
        outputStream.Write(signedMessage, 0, signedMessage.Length);
        outputStream.Flush();
    }
    finally
    {
        if (closeStream)
        {
            outputStream?.Close();
            inputStream?.Close();
        }
    }
}

The method reads the content of the input stream, decodes it using SignedCms.Decode, and then attempts to add a signature using ComputeSignature. The certificate is an X509Certificate2 object and works in other signing scenarios. I am using .NET 8, and my use case requires signing files in the P7Z format.

Is there something specific about the P7Z format or SignedCms that requires additional configuration? Could the issue be related to .NET 8 changes or missing support for specific cryptographic operations? Are there alternative approaches or libraries to sign P7Z files in .NET 8? Any insights or guidance would be greatly appreciated!

Verified that the X509Certificate2 is valid and usable. Confirmed that the content in SignedCms.Decode is correct and properly formatted. Checked the documentation and other examples, which suggest that the ComputeSignature method should work as implemented.

I also tried using BouncyCastle to create a detached signature, but since my RSA signing certificate is configured only for document signing, it does not include the private key required for signing operations. The file I need to sign is very large (over 100 MB). I implemented a similar solution in an earlier version of SignedCms with .NET Framework 3.5, and it works with smaller files, but now I need to handle files of at least 1 GB. The current implementation seems to have performance or memory limitations with larger files in .NET 8.

本文标签：