gen.generate(msg, false)

表示签名的数据没有封装在签名中.如果您想创建一个分离的签名，这很好，但这确实意味着当您去验证 SignedData 时，您还必须使用 CMSSignedData 构造函数来获取数据的副本 - 在这种情况下，代码使用的是单个参数构造函数必须假设签名数据已被封装(因此在这种情况下将为空)，结果验证尝试失败.

means the signed data is not encapsulated in the signature. This is fine if you want to create a detached signature, but it does mean that when you go to verify the SignedData you have to use the CMSSignedData constructor that takes a copy of the data as well - in this case the code is using the single argument constructor which has to assume the signed data was encapsulated (so for this case will be empty), with the result that the attempt at verification is failing.