While trying to sign bytes through X509Certificate2 it was throwing exception
"System.Security.Cryptography.CryptographicException: A certificate chain could not be built to a trusted root authority""
I made an small changes and now every thing is working fine with signer.IncludeOption = X509IncludeOption.EndCertOnly;
My modified code is
Microsoft Reference
https://blogs.msdn.microsoft.com/dsnotes/2014/08/26/using-x509includeoption-to-avoid-system-security-cryptography-cryptographicexception-a-certificate-chain-could-not-be-built-to-a-trusted-root-authority/
"System.Security.Cryptography.CryptographicException: A certificate chain could not be built to a trusted root authority""
I made an small changes and now every thing is working fine with signer.IncludeOption = X509IncludeOption.EndCertOnly;
My modified code is
private static byte[] Sign(byte[] data, X509Certificate2 certificate)
{
if (data == null)
throw new ArgumentNullException("data");
if (certificate == null)
throw new ArgumentNullException("certificate");
X509Chain ch = new X509Chain();
ch.Build(certificate);
// setup the data to sign
System.Security.Cryptography.Pkcs.ContentInfo content = new System.Security.Cryptography.Pkcs.ContentInfo(data);
SignedCms signedCms = new SignedCms(content, false);
CmsSigner signer = new CmsSigner(SubjectIdentifierType.IssuerAndSerialNumber, certificate);
signer.IncludeOption = X509IncludeOption.EndCertOnly;// Use if Error: A certificate chain could not be built to a trusted root authority.
// create the signature
signedCms.ComputeSignature(signer);
return signedCms.Encode();
}
Microsoft Reference
https://blogs.msdn.microsoft.com/dsnotes/2014/08/26/using-x509includeoption-to-avoid-system-security-cryptography-cryptographicexception-a-certificate-chain-could-not-be-built-to-a-trusted-root-authority/