I'm trying to create a PKCS#7 signed message in C#. The digital signature is being computed separately in an HSM so I already have the value of the signature, I just want to create a PKCS#7 structure that contains it.
I've looked into using the SignedCms in the System.Security.Cryptography.Pkcs namespace but this doesn't seem to have an option for providing a precomputed signature.
What is the best way to generate a PKCS#7 structure in C# when I already have the value of the digital signature?
AFAIK you cannot do that with "built-in" .NET classes.
However I have created an example application - Pkcs7SignatureGenerator - for CMS signature creation with Pkcs11Interop (which I am author of) and Bouncy Castle libraries.
In this application Pkcs11Interop library performs signing operation via PKCS#11 API with the private key stored in the hardware device and BouncyCastle library is responsible for construction of a CMS (PKCS#7) signature structure.
I think what you want is the X509Certificate2 class, use the static CreateFromSignedFile function to retrieve the certificate from the signed file, or use CreateFromCertFile to create from the specified certification file:
X509Certificate2 cert = X509Certificate2.CreateFromSignedFile(filename);
CmsSigner signer = new CmsSigner(cert);
来源:https://stackoverflow.com/questions/41779669/create-a-pkcs7-signed-message-in-c-sharp-with-a-precomputed-signature