(转)C#创建数字证书并导出为pfx,并使用pfx进行非对称加解密
生活随笔
收集整理的這篇文章主要介紹了
(转)C#创建数字证书并导出为pfx,并使用pfx进行非对称加解密
小編覺得挺不錯的,現在分享給大家,幫大家做個參考.
我的項目當中,考慮到安全性,需要為每個客戶端分發一個數字證書,同時使用數字證書中的公私鑰來進行數據的加解密。為了完成這個安全模塊,特寫了如下一個DEMO程序,該DEMO程序包含的功能有:
1:調用.NET2.0的MAKECERT創建含有私鑰的數字證書,并存儲到個人證書區;
2:將該證書導出為pfx文件,并為其指定一個用來打開pfx文件的password;
3:讀取pfx文件,導出pfx中公鑰和私鑰;
4:用pfx證書中的公鑰進行數據的加密,用私鑰進行數據的解密;
代碼如下:
code? ///?<summary>???????????///?將證書從證書存儲區導出,并存儲為pfx文件,同時為pfx文件指定打開的密碼???
????????///?本函數同時也演示如何用公鑰進行加密,私鑰進行解密???
????????///?</summary>???
????????///?<param?name="sender"></param>???
????????///?<param?name="e"></param>???
????????private?void?btn_toPfxFile_Click(object?sender,?EventArgs?e)???
????????{???
????????????X509Store?store?=?new?X509Store(StoreName.My,?StoreLocation.CurrentUser);???
????????????store.Open(OpenFlags.ReadWrite);???
????????????X509Certificate2Collection?storecollection?=?(X509Certificate2Collection)store.Certificates;???
????????????foreach?(X509Certificate2?x509?in?storecollection)???
????????????{???
????????????????if?(x509.Subject?==?"CN=luminji")???
????????????????{???
????????????????????Debug.Print(string.Format("certificate?name:?{0}",?x509.Subject));???
????????????????????byte[]?pfxByte?=?x509.Export(X509ContentType.Pfx,?"123");???
????????????????????using?(FileStream??fileStream?=?new?FileStream("luminji.pfx",?FileMode.Create))???
????????????????????{???
????????????????????????//?Write?the?data?to?the?file,?byte?by?byte.???
????????????????????????for?(int?i?=?0;?i?<?pfxByte.Length;?i++)???
????????????????????????????fileStream.WriteByte(pfxByte[i]);???
????????????????????????//?Set?the?stream?position?to?the?beginning?of?the?file.???
????????????????????????fileStream.Seek(0,?SeekOrigin.Begin);???
????????????????????????//?Read?and?verify?the?data.???
????????????????????????for?(int?i?=?0;?i?<?fileStream.Length;?i++)???
????????????????????????{???
????????????????????????????if?(pfxByte[i]?!=?fileStream.ReadByte())???
????????????????????????????{???
????????????????????????????????Debug.Print("Error?writing?data.");???
????????????????????????????????return;???
????????????????????????????}???
????????????????????????}???
????????????????????????fileStream.Close();???
????????????????????????Debug.Print("The?data?was?written?to?{0}?"?+???
????????????????????????????"and?verified.",?fileStream.Name);???
????????????????????}???
????????????????????string?myname?=?"my?name?is?luminji!?and?i?love?huzhonghua!";???
????????????????????string?enStr?=?this.RSAEncrypt(x509.PublicKey.Key.ToXmlString(false),?myname);???
????????????????????MessageBox.Show("密文是:"?+?enStr);???
????????????????????string?deStr?=?this.RSADecrypt(x509.PrivateKey.ToXmlString(true),?enStr);???
????????????????????MessageBox.Show("明文是:"?+?deStr);???
????????????????}???
????????????}???
????????????store.Close();???
????????????store?=?null;???
????????????storecollection?=?null;???
????????}???
????????///?<summary>???
????????///?創建還有私鑰的證書???
????????///?</summary>???
????????///?<param?name="sender"></param>???
????????///?<param?name="e"></param>???
????????private?void?btn_createPfx_Click(object?sender,?EventArgs?e)???
????????{???
????????????string?MakeCert?=?"C:\\Program?Files\\Microsoft?Visual?Studio?8\\SDK\\v2.0\\Bin\\makecert.exe";???
????????????string?x509Name?=?"CN=luminji";???
????????????string?param?=?"?-pe?-ss?my?-n?\""?+?x509Name?+?"\"?"?;???
????????????Process?p?=?Process.Start(MakeCert,?param);???
????????????p.WaitForExit();???
????????????p.Close();???
????????????MessageBox.Show("over");???
????????}???
????????///?<summary>???
????????///?從pfx文件讀取證書信息???
????????///?</summary>???
????????///?<param?name="sender"></param>???
????????///?<param?name="e"></param>???
????????private?void?btn_readFromPfxFile(object?sender,?EventArgs?e)???
????????{???
????????????X509Certificate2?pc?=?new?X509Certificate2("luminji.pfx",?"123");???
????????????MessageBox.Show("name:"?+?pc.SubjectName.Name);???
????????????MessageBox.Show("public:"?+?pc.PublicKey.ToString());???
????????????MessageBox.Show("private:"?+?pc.PrivateKey.ToString());???
????????????pc?=?null;???
????????}???
????????///?<summary>???
????????///?RSA解密???
????????///?</summary>???
????????///?<param?name="xmlPrivateKey"></param>???
????????///?<param?name="m_strDecryptString"></param>???
????????///?<returns></returns>???
????????public?string?RSADecrypt(string?xmlPrivateKey,?string?m_strDecryptString)???
????????{???
????????????RSACryptoServiceProvider?provider?=?new?RSACryptoServiceProvider();???
????????????provider.FromXmlString(xmlPrivateKey);???
????????????byte[]?rgb?=?Convert.FromBase64String(m_strDecryptString);???
????????????byte[]?bytes?=?provider.Decrypt(rgb,?false);???
????????????return?new?UnicodeEncoding().GetString(bytes);???
????????}???
????????///?<summary>???
????????///?RSA加密???
????????///?</summary>???
????????///?<param?name="xmlPublicKey"></param>???
????????///?<param?name="m_strEncryptString"></param>???
????????///?<returns></returns>???
????????public?string?RSAEncrypt(string?xmlPublicKey,?string?m_strEncryptString)???
????????{???
????????????RSACryptoServiceProvider?provider?=?new?RSACryptoServiceProvider();???
????????????provider.FromXmlString(xmlPublicKey);???
????????????byte[]?bytes?=?new?UnicodeEncoding().GetBytes(m_strEncryptString);???
????????????return?Convert.ToBase64String(provider.Encrypt(bytes,?false));???
????????}??
?
?
上文是一個示例程序,一個完整的證書工具類如下:
code? ??1?·········10········20········30········40········50········60········70········80········90········100·······110·······120·······130·······140·······150??2?public?sealed?class?DataCertificate??
??3?????{??
??4?????????#region?生成證書??
??5?????????///?<summary>??
??6?????????///?根據指定的證書名和makecert全路徑生成證書(包含公鑰和私鑰,并保存在MY存儲區)??
??7?????????///?</summary>??
??8?????????///?<param?name="subjectName"></param>??
??9?????????///?<param?name="makecertPath"></param>??
?10?????????///?<returns></returns>??
?11?????????public?static?bool?CreateCertWithPrivateKey(string?subjectName,?string?makecertPath)??
?12?????????{??
?13?????????????subjectName?=?"CN="?+?subjectName;??
?14?????????????string?param?=?"?-pe?-ss?my?-n?\""?+?subjectName?+?"\"?";??
?15?????????????try??
?16?????????????{??
?17?????????????????Process?p?=?Process.Start(makecertPath,?param);??
?18?????????????????p.WaitForExit();??
?19?????????????????p.Close();??
?20?????????????}??
?21?????????????catch?(Exception?e)??
?22?????????????{??
?23?????????????????LogRecord.putErrorLog(e.ToString(),?"DataCerficate.CreateCertWithPrivateKey");??
?24?????????????????return?false;??
?25?????????????}??
?26?????????????return?true;??
?27?????????}??
?28?????????#endregion??
?29??
?30?????????#region?文件導入導出??
?31?????????///?<summary>??
?32?????????///?從WINDOWS證書存儲區的個人MY區找到主題為subjectName的證書,??
?33?????????///?并導出為pfx文件,同時為其指定一個密碼??
?34?????????///?并將證書從個人區刪除(如果isDelFromstor為true)??
?35?????????///?</summary>??
?36?????????///?<param?name="subjectName">證書主題,不包含CN=</param>??
?37?????????///?<param?name="pfxFileName">pfx文件名</param>??
?38?????????///?<param?name="password">pfx文件密碼</param>??
?39?????????///?<param?name="isDelFromStore">是否從存儲區刪除</param>??
?40?????????///?<returns></returns>??
?41?????????public?static?bool?ExportToPfxFile(string?subjectName,?string?pfxFileName,??
?42?????????????string?password,?bool?isDelFromStore)??
?43?????????{??
?44?????????????subjectName?=?"CN="?+?subjectName;??
?45?????????????X509Store?store?=?new?X509Store(StoreName.My,?StoreLocation.CurrentUser);??
?46?????????????store.Open(OpenFlags.ReadWrite);??
?47?????????????X509Certificate2Collection?storecollection?=?(X509Certificate2Collection)store.Certificates;??
?48?????????????foreach?(X509Certificate2?x509?in?storecollection)??
?49?????????????{??
?50?????????????????if?(x509.Subject?==?subjectName)??
?51?????????????????{??
?52?????????????????????Debug.Print(string.Format("certificate?name:?{0}",?x509.Subject));??
?53???
?54?????????????????????byte[]?pfxByte?=?x509.Export(X509ContentType.Pfx,?password);??
?55?????????????????????using?(FileStream?fileStream?=?new?FileStream(pfxFileName,?FileMode.Create))??
?56?????????????????????{??
?57?????????????????????????//?Write?the?data?to?the?file,?byte?by?byte.??
?58?????????????????????????for?(int?i?=?0;?i?<?pfxByte.Length;?i++)??
?59?????????????????????????????fileStream.WriteByte(pfxByte[i]);??
?60?????????????????????????//?Set?the?stream?position?to?the?beginning?of?the?file.??
?61?????????????????????????fileStream.Seek(0,?SeekOrigin.Begin);??
?62?????????????????????????//?Read?and?verify?the?data.??
?63?????????????????????????for?(int?i?=?0;?i?<?fileStream.Length;?i++)??
?64?????????????????????????{??
?65?????????????????????????????if?(pfxByte[i]?!=?fileStream.ReadByte())??
?66?????????????????????????????{??
?67?????????????????????????????????LogRecord.putErrorLog("Export?pfx?error?while?verify?the?pfx?file!",?"ExportToPfxFile");??
?68?????????????????????????????????fileStream.Close();??
?69?????????????????????????????????return?false;??
?70?????????????????????????????}??
?71?????????????????????????}??
?72?????????????????????????fileStream.Close();??
?73?????????????????????}??
?74?????????????????????if(?isDelFromStore?==?true)??
?75?????????????????????????store.Remove(x509);??
?76?????????????????}??
?77?????????????}??
?78?????????????store.Close();??
?79?????????????store?=?null;??
?80?????????????storecollection?=?null;??
?81?????????????return?true;??
?82?????????}??
?83?????????///?<summary>??
?84?????????///?從WINDOWS證書存儲區的個人MY區找到主題為subjectName的證書,??
?85?????????///?并導出為CER文件(即,只含公鑰的)??
?86?????????///?</summary>??
?87?????????///?<param?name="subjectName"></param>??
?88?????????///?<param?name="cerFileName"></param>??
?89?????????///?<returns></returns>??
?90?????????public?static?bool?ExportToCerFile(string?subjectName,?string?cerFileName)??
?91?????????{??
?92?????????????subjectName?=?"CN="?+?subjectName;??
?93?????????????X509Store?store?=?new?X509Store(StoreName.My,?StoreLocation.CurrentUser);??
?94?????????????store.Open(OpenFlags.ReadWrite);??
?95?????????????X509Certificate2Collection?storecollection?=?(X509Certificate2Collection)store.Certificates;??
?96?????????????foreach?(X509Certificate2?x509?in?storecollection)??
?97?????????????{??
?98?????????????????if?(x509.Subject?==?subjectName)??
?99?????????????????{??
100?????????????????????Debug.Print(string.Format("certificate?name:?{0}",?x509.Subject));??
101?????????????????????//byte[]?pfxByte?=?x509.Export(X509ContentType.Pfx,?password);??
102?????????????????????byte[]?cerByte?=?x509.Export(X509ContentType.Cert);??
103?????????????????????using?(FileStream?fileStream?=?new?FileStream(cerFileName,?FileMode.Create))??
104?????????????????????{??
105?????????????????????????//?Write?the?data?to?the?file,?byte?by?byte.??
106?????????????????????????for?(int?i?=?0;?i?<?cerByte.Length;?i++)??
107?????????????????????????????fileStream.WriteByte(cerByte[i]);??
108?????????????????????????//?Set?the?stream?position?to?the?beginning?of?the?file.??
109?????????????????????????fileStream.Seek(0,?SeekOrigin.Begin);??
110?????????????????????????//?Read?and?verify?the?data.??
111?????????????????????????for?(int?i?=?0;?i?<?fileStream.Length;?i++)??
112?????????????????????????{??
113?????????????????????????????if?(cerByte[i]?!=?fileStream.ReadByte())??
114?????????????????????????????{??
115?????????????????????????????????LogRecord.putErrorLog("Export?CER?error?while?verify?the?CERT?file!",?"ExportToCERFile");??
116?????????????????????????????????fileStream.Close();??
117?????????????????????????????????return?false;??
118?????????????????????????????}??
119?????????????????????????}??
120?????????????????????????fileStream.Close();??
121?????????????????????}??
122?????????????????}??
123?????????????}??
124?????????????store.Close();??
125?????????????store?=?null;??
126?????????????storecollection?=?null;??
127?????????????return?true;??
128?????????}??
129?????????#endregion??
130??
131?????????#region?從證書中獲取信息??
132?????????///?<summary>??
133?????????///?根據私鑰證書得到證書實體,得到實體后可以根據其公鑰和私鑰進行加解密??
134?????????///?加解密函數使用DEncrypt的RSACryption類??
135?????????///?</summary>??
136?????????///?<param?name="pfxFileName"></param>??
137?????????///?<param?name="password"></param>??
138?????????///?<returns></returns>??
139?????????public?static?X509Certificate2?GetCertificateFromPfxFile(string?pfxFileName,??
140?????????????string?password)??
141?????????{??
142?????????????try??
143?????????????{??
144?????????????????return?new?X509Certificate2(pfxFileName,?password,?X509KeyStorageFlags.Exportable);??
145?????????????}??
146?????????????catch?(Exception?e)??
147?????????????{??
148?????????????????LogRecord.putErrorLog("get?certificate?from?pfx"?+?pfxFileName?+?"?error:"?+?e.ToString(),??
149?????????????????????"GetCertificateFromPfxFile");??
150?????????????????return?null;??
151?????????????}??
152?????????}??
153?????????///?<summary>??
154?????????///?到存儲區獲取證書??
155?????????///?</summary>??
156?????????///?<param?name="subjectName"></param>??
157?????????///?<returns></returns>??
158?????????public?static?X509Certificate2?GetCertificateFromStore(string?subjectName)??
159?????????{??
160?????????????subjectName?=?"CN="?+?subjectName;??
161?????????????X509Store?store?=?new?X509Store(StoreName.My,?StoreLocation.CurrentUser);??
162?????????????store.Open(OpenFlags.ReadWrite);??
163?????????????X509Certificate2Collection?storecollection?=?(X509Certificate2Collection)store.Certificates;??
164?????????????foreach?(X509Certificate2?x509?in?storecollection)??
165?????????????{??
166?????????????????if?(x509.Subject?==?subjectName)??
167?????????????????{??
168?????????????????????return?x509;??
169?????????????????}??
170?????????????}??
171?????????????store.Close();??
172?????????????store?=?null;??
173?????????????storecollection?=?null;??
174?????????????return?null;??
175?????????}??
176?????????///?<summary>??
177?????????///?根據公鑰證書,返回證書實體??
178?????????///?</summary>??
179?????????///?<param?name="cerPath"></param>??
180?????????public?static?X509Certificate2?GetCertFromCerFile(string?cerPath)??
181?????????{??
182?????????????try??
183?????????????{??
184?????????????????return?new?X509Certificate2(cerPath);??
185?????????????}??
186?????????????catch?(Exception?e)??
187?????????????{??
188?????????????????LogRecord.putErrorLog(e.ToString(),?"DataCertificate.LoadStudentPublicKey");??
189?????????????????return?null;??
190?????????????}??????????????
191?????????}??
192?????????#endregion?????????
193?????}??
194?
?
轉自:http://blog.csdn.net/luminji/archive/2009/03/05/3960308.aspx轉載于:https://www.cnblogs.com/NoRoad/archive/2010/03/01/1675866.html
《新程序員》:云原生和全面數字化實踐50位技術專家共同創作,文字、視頻、音頻交互閱讀總結
以上是生活随笔為你收集整理的(转)C#创建数字证书并导出为pfx,并使用pfx进行非对称加解密的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: ListBox,CheckBoxList
- 下一篇: C#后台导入css和设置前台关键字和描述