使用sha256算法为DigestMethod修改c# Manifest

本文关键字:修改 Manifest DigestMethod sha256 算法 使用 | 更新日期: 2023-09-27 17:50:23

我需要更新。net 4.5.1应用程序清单,确保DigestMethod保持为sha256哈希。

原因如下:我最初使用ClickOnce将WPF应用程序部署到开发环境,然后用脚本配置、签名并将应用程序复制到特定的生产环境。我有一个现有的脚本,这样做,但从。net 4.0升级到。net 4.5.1后,脚本不再工作。我认为这是由于在这些。net版本中,默认的清单哈希算法从sha1更改为sha256。

脚本的相关部分非常小:

using Microsoft.Build.Tasks.Deployment.ManifestUtilities;
// This comes from Microsoft.Build.Tasks.v12.0.dll
public class Program
    {
        public static void Main(string[] args)
            {
                // set up...
                DeployManifest manifest= ManifestReader.ReadManifest(manifestPath, true) as DeployManifest;
                // I perform some updates to the manifest...
                ManifestWriter.WriteManifest(manifest);
            }
    }
}

即使我只是简单地读取清单并再次写出来,不做任何更新,DigestMethod算法从sha256更改为sha1,如下面的清单文件所示:

原始清单:

<?xml version="1.0" encoding="utf-8"?>
<asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xrml="urn:mpeg:mpeg21:2003:01-REL-R-NS" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:co.v1="urn:schemas-microsoft-com:clickonce.v1" xmlns:co.v2="urn:schemas-microsoft-com:clickonce.v2">
  <assemblyIdentity name="program.application" version="1.9.9.10" publicKeyToken="0000000000000000" language="neutral" processorArchitecture="amd64" xmlns="urn:schemas-microsoft-com:asm.v1" />
  <description asmv2:publisher="me" asmv2:product="program (dev)" xmlns="urn:schemas-microsoft-com:asm.v1" />
  <deployment install="true" mapFileExtensions="true" />
  <compatibleFrameworks xmlns="urn:schemas-microsoft-com:clickonce.v2">
    <framework targetVersion="4.5.1" profile="Full" supportedRuntime="4.0.30319" />
  </compatibleFrameworks>
  <dependency>
    <dependentAssembly dependencyType="install" codebase="Application Files'program_1_9_9_10'program.exe.manifest" size="44259">
      <assemblyIdentity name="program.exe" version="1.9.9.10" publicKeyToken="0000000000000000" language="neutral" processorArchitecture="amd64" type="win32" />
      <hash>
        <dsig:Transforms>
          <dsig:Transform Algorithm="urn:schemas-microsoft-com:HashTransforms.Identity" />
        </dsig:Transforms>
        <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha256" />
        <dsig:DigestValue>0R79PRqWqhrE60GSHC/rE2WczQ4jqxCKBGr4lsjS4ZE=</dsig:DigestValue>
      </hash>
    </dependentAssembly>
  </dependency>
</asmv1:assembly>

重写清单:

<?xml version="1.0" encoding="utf-8"?>
<asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xrml="urn:mpeg:mpeg21:2003:01-REL-R-NS" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:co.v1="urn:schemas-microsoft-com:clickonce.v1" xmlns:co.v2="urn:schemas-microsoft-com:clickonce.v2">
  <assemblyIdentity name="program.application" version="1.9.9.10" publicKeyToken="0000000000000000" language="neutral" processorArchitecture="amd64" xmlns="urn:schemas-microsoft-com:asm.v1" />
  <description asmv2:publisher="me" asmv2:product="program (dev)" xmlns="urn:schemas-microsoft-com:asm.v1" />
  <deployment install="true" mapFileExtensions="true" />
  <dependency>
    <dependentAssembly dependencyType="install" codebase="Application Files'program_1_9_9_10'program.exe.manifest" size="44259">
      <assemblyIdentity name="program.exe" version="1.9.9.10" publicKeyToken="0000000000000000" language="neutral" processorArchitecture="amd64" type="win32" />
      <hash>
        <dsig:Transforms>
          <dsig:Transform Algorithm="urn:schemas-microsoft-com:HashTransforms.Identity" />
        </dsig:Transforms>
        <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
        <dsig:DigestValue>0R79PRqWqhrE60GSHC/rE2WczQ4jqxCKBGr4lsjS4ZE=</dsig:DigestValue>
      </hash>
    </dependentAssembly>
  </dependency>
  <compatibleFrameworks xmlns="urn:schemas-microsoft-com:clickonce.v2">
    <framework targetVersion="4.5.1" profile="Full" supportedRuntime="4.0.30319" />
  </compatibleFrameworks>
</asmv1:assembly>

注意两者之间的区别是designg:DigestMethod元素中的sha256到sha1的变化。奇怪的是,DigestValue没有改变。当我尝试运行部署的应用程序时,这最终会导致一个错误,"xxxx具有与清单中指定的不同的计算散列。"

我在这里展示了部署清单,但是我看到同样的效果也发生在应用程序清单上。

我想如果我能用sha256哈希写出清单,它将解决我的问题。有人知道怎么做吗?如有任何建议,不胜感激。

使用sha256算法为DigestMethod修改c# Manifest

我能够通过使用Mage.exe而不是manifest . utilities获得正确的哈希值。

Mage.exe有-Algorithm标志来选择散列算法:

// -Algorithm <sha256RSA|sha1RSA>  -a
//     Specifies the algorithm to generate digests.
//     Example:
//        -Algorithm sha1RSA

我用来更新。net 4.5 ClickOnce清单(包括签名)的整个过程是:

// Update the application manifest
// (I first had to strip the .deploy extensions from all the files referenced in the manifest for the mage tool to work)
mage -Update <applicationManifest> -Algorithm sha256RSA -CertFile <certificate > -Password <password>
// Then I replaced the .deploy extensions
// Update the deployment manifest (I didn't need to replace any .deploy extensions for this)
 mage -Update <deploymentManifest> -AppManifest <applicationManifest>
 -Algorithm sha256RSA -CertFile <certificate> -Password <password>

我使用这种方法从c#运行mage.exe,在我的项目文件夹中包含mage.exe,并将"复制到输出目录"设置为"始终复制"。

    private static void RunMage(string arguments)
    {
        var startInfo = new ProcessStartInfo
        {
            FileName = "mage.exe",
            Arguments = arguments,
            UseShellExecute = false,
            RedirectStandardOutput = true,
        };
        using (Process mage = Process.Start(startInfo))
        {
            while (!mage.StandardOutput.EndOfStream)
            {
                Console.Out.WriteLine(mage.StandardOutput.ReadLine());
            }
            mage.WaitForExit();
        }
    }

这个链接可以帮助你弄清楚如何使用mage: http://www.nullskull.com/a/1540/update-configuration-of-a-clickonce-wpf-application-using-mage-or-mageui.aspx

我遇到了同样的问题,并通过使用允许您指定目标框架版本的重载来解决它:

ManifestWriter.WriteManifest(manifest, manifestPath, "4.5.1");