0

I am signing message using digital certificate in a asp.net web service using below code. Signing is working fine expect signedMessage.ComputeSignature line is taking up to 30 to 40 seconds because of this i am face timeout exception. The same code when i am running under windows forms application is producing result in fraction of second. Any clue or help.

   public static string Encrypt(string fullMessage, string certificateName, bool deAttch)
    {
        X509Certificate2 signer = GetCertificate(certificateName);  
        byte[] contentBytes = Encoding.ASCII.GetBytes(fullMessage);  
        Oid contentOid = new Oid("1.2.840.113549.1.7.1", "PKCS 7 Data");
        SignedCms signedMessage = new SignedCms(new ContentInfo(contentOid, contentBytes), deAttch);

        signedMessage.ComputeSignature(new CmsSigner(signer));

        byte[] signedBytes = signedMessage.Encode();
        return Convert.ToBase64String(signedBytes).Trim();
        }
adam
  • 73
  • 2
  • 8

1 Answers1

3

I am not sure whether this should be a answer (I don't know what impact it cause, but i will find out). Just setting a property

cert.IncludeOption = X509IncludeOption.EndCertOnly;

of

CmsSigner cert = new CmsSigner(signer);

where previously i was creating object using constructor and passing directly to method. Now it is working fine and not taking that much time.

   public static string Encrypt(string fullMessage, string certificateName, bool deAttch)
    {
        X509Certificate2 signer = GetCertificate(certificateName);  
        byte[] contentBytes = Encoding.ASCII.GetBytes(fullMessage);  
        Oid contentOid = new Oid("1.2.840.113549.1.7.1", "PKCS 7 Data");
        SignedCms signedMessage = new SignedCms(new ContentInfo(contentOid, contentBytes), deAttch);
        CmsSigner cert = new CmsSigner(signer);
        cert.IncludeOption = X509IncludeOption.EndCertOnly;            
        signedMessage.ComputeSignature(cert);
        byte[] signedBytes = signedMessage.Encode();
        return Convert.ToBase64String(signedBytes).Trim();
        }


        private static X509Certificate2 GetCertificate(string certificateName)
    {
        X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
        store.Open(OpenFlags.OpenExistingOnly | OpenFlags.ReadOnly);
        X509Certificate2 certificate = store.Certificates.Cast<X509Certificate2>().Where(cert => cert.Subject.IndexOf(certificateName) >= 0).FirstOrDefault();
        if (certificate == null)
            throw new Exception("Certificate " + certificateName + " not found.");

        return certificate;
    }
John Saunders
  • 160,644
  • 26
  • 247
  • 397
adam
  • 73
  • 2
  • 8
  • I checked it thoroughly X509IncludeOption.EndCertOnly it decrease length of signature meaning only personal certificate is included in signature. – adam Dec 22 '13 at 07:52
  • Unlike forum sites, we don't use "Thanks", or "Any help appreciated", or signatures on [so]. See "[Should 'Hi', 'thanks,' taglines, and salutations be removed from posts?](http://meta.stackexchange.com/questions/2950/should-hi-thanks-taglines-and-salutations-be-removed-from-posts). – John Saunders Dec 22 '13 at 18:19
  • @JohnSaunders ok will consider this next time – adam Feb 12 '14 at 09:08
  • 1
    It worked for me too, you could tag this an answer! :) – Mike May 15 '14 at 12:42