必威体育Betway必威体育官网
当前位置:首页 > IT技术

cer, pfx 创建,并且读取公钥/密钥,加解密 (C#程序实现)

时间:2019-07-06 13:42:42来源:IT技术作者:seo实验室小编阅读:89次「手机版」
 

cer

HTTP://blog.csdn.net/zj510/article/details/39964533

PKI技术(public key infrastructure)里面,cer文件和pfx文件是很常见的。通常cer文件里面保存着公钥以及用户的一些信息,pfx里面则含有私钥和公钥。

用makecert.exe可以创建公钥证书和私钥证书,具体看

http://msdn.microsoft.com/zh-cn/library/bfsktky3(v=vs.110).aspx

http://blog.csdn.net/hacode/article/details/4240238

这里使用程序的方法来创建。参考了http://www.cnblogs.com/luminji/archive/2010/10/28/1863179.HTML

下面的代码封装了一个类,可以在store里面创建一个认证,并且导出到cer,pfx,然后从store,cer,pfx读取信息

[csharp]view plaincopy

  1. publicsealedclassDataCertificate
  2. {
  3. #region生成证书
  4. ///<summary>
  5. ///根据指定的证书名和makecert全路径生成证书(包含公钥和私钥,并保存在MY存储区)
  6. ///</summary>
  7. ///<paramname="subjectName"></param>
  8. ///<paramname="makecertPath"></param>
  9. ///<returns></returns>
  10. publicstaticboolCreateCertwithPrivateKey(stringsubjectName,stringmakecertPath)
  11. {
  12. subjectName="CN="+subjectName;
  13. stringparam="-pe-ssmy-n\""+subjectName+"\"";
  14. try
  15. {
  16. Processp=Process.Start(makecertPath,param);
  17. p.waitforExit();
  18. p.Close();
  19. }
  20. catch(Exceptione)
  21. {
  22. returnfalse;
  23. }
  24. returntrue;
  25. }
  26. #endregion
  28. #region文件导入导出
  29. ///<summary>
  30. ///从windows证书存储区的个人MY区找到主题为subjectName的证书,
  31. ///并导出为pfx文件,同时为其指定一个密码
  32. ///并将证书从个人区删除(如果isDelFromstor为true)
  33. ///</summary>
  34. ///<paramname="subjectName">证书主题,不包含CN=</param>
  35. ///<paramname="pfxFileName">pfx文件名</param>
  36. ///<paramname="password">pfx文件密码</param>
  37. ///<paramname="isDelFromStore">是否从存储区删除</param>
  38. ///<returns></returns>
  39. publicstaticboolExportToPfxFile(stringsubjectName,stringpfxFileName,
  40. stringpassword,boolisDelFromStore)
  41. {
  42. subjectName="CN="+subjectName;
  43. X509Storestore=newX509Store(StoreName.My,StoreLocation.CurrentUser);
  44. store.Open(OpenFlags.ReadWrite);
  45. X509Certificate2Collectionstorecollection=(X509Certificate2Collection)store.Certificates;
  46. foreach(X509Certificate2x509instorecollection)
  47. {
  48. if(x509.Subject==subjectName)
  49. {
  50. Debug.print(string.format("certificatename:{0}",x509.Subject));
  52. byte[]pfxByte=x509.Export(X509contentType.Pfx,password);
  53. using(filestreamfileStream=newFileStream(pfxFileName,FileMode.Create))
  54. {
  55. //Writethedatatothefile,bytebybyte.
  56. for(inti=0;i<pfxByte.Length;i++)
  57. fileStream.WriteByte(pfxByte[i]);
  58. //Setthestreampositiontothebeginningofthefile.
  59. fileStream.Seek(0,SeekOrigin.Begin);
  60. //Readandverifythedata.
  61. for(inti=0;i<fileStream.Length;i++)
  62. {
  63. if(pfxByte[i]!=fileStream.ReadByte())
  64. {
  65. fileStream.Close();
  66. returnfalse;
  67. }
  68. }
  69. fileStream.Close();
  70. }
  71. if(isDelFromStore==true)
  72. store.Remove(x509);
  73. }
  74. }
  75. store.Close();
  76. store=null;
  77. storecollection=null;
  78. returntrue;
  79. }
  80. ///<summary>
  81. ///从WINDOWS证书存储区的个人MY区找到主题为subjectName的证书,
  82. ///并导出为CER文件(即,只含公钥的)
  83. ///</summary>
  84. ///<paramname="subjectName"></param>
  85. ///<paramname="cerFileName"></param>
  86. ///<returns></returns>
  87. publicstaticboolExportToCerFile(stringsubjectName,stringcerFileName)
  88. {
  89. subjectName="CN="+subjectName;
  90. X509Storestore=newX509Store(StoreName.My,StoreLocation.CurrentUser);
  91. store.Open(OpenFlags.ReadWrite);
  92. X509Certificate2Collectionstorecollection=(X509Certificate2Collection)store.Certificates;
  93. foreach(X509Certificate2x509instorecollection)
  94. {
  95. if(x509.Subject==subjectName)
  96. {
  97. Debug.Print(string.Format("certificatename:{0}",x509.Subject));
  98. //byte[]pfxByte=x509.Export(X509ContentType.Pfx,password);
  99. byte[]cerByte=x509.Export(X509ContentType.Cert);
  100. using(FileStreamfileStream=newFileStream(cerFileName,FileMode.Create))
  101. {
  102. //Writethedatatothefile,bytebybyte.
  103. for(inti=0;i<cerByte.Length;i++)
  104. fileStream.WriteByte(cerByte[i]);
  105. //Setthestreampositiontothebeginningofthefile.
  106. fileStream.Seek(0,SeekOrigin.Begin);
  107. //Readandverifythedata.
  108. for(inti=0;i<fileStream.Length;i++)
  109. {
  110. if(cerByte[i]!=fileStream.ReadByte())
  111. {
  112. fileStream.Close();
  113. returnfalse;
  114. }
  115. }
  116. fileStream.Close();
  117. }
  118. }
  119. }
  120. store.Close();
  121. store=null;
  122. storecollection=null;
  123. returntrue;
  124. }
  125. #endregion
  127. #region从证书中获取信息
  128. ///<summary>
  129. ///根据私钥证书得到证书实体,得到实体后可以根据其公钥和私钥进行加解密
  130. ///加解密函数使用DEncrypt的RSACryption类
  131. ///</summary>
  132. ///<paramname="pfxFileName"></param>
  133. ///<paramname="password"></param>
  134. ///<returns></returns>
  135. publicstaticX509Certificate2GetCertificateFromPfxFile(stringpfxFileName,
  136. stringpassword)
  137. {
  138. try
  139. {
  140. returnnewX509Certificate2(pfxFileName,password,X509KeyStorageFlags.Exportable);
  141. }
  142. catch(Exceptione)
  143. {
  144. returnnull;
  145. }
  146. }
  147. ///<summary>
  148. ///到存储区获取证书
  149. ///</summary>
  150. ///<paramname="subjectName"></param>
  151. ///<returns></returns>
  152. publicstaticX509Certificate2GetCertificateFromStore(stringsubjectName)
  153. {
  154. subjectName="CN="+subjectName;
  155. X509Storestore=newX509Store(StoreName.My,StoreLocation.CurrentUser);
  156. store.Open(OpenFlags.ReadWrite);
  157. X509Certificate2Collectionstorecollection=(X509Certificate2Collection)store.Certificates;
  158. foreach(X509Certificate2x509instorecollection)
  159. {
  160. if(x509.Subject==subjectName)
  161. {
  162. returnx509;
  163. }
  164. }
  165. store.Close();
  166. store=null;
  167. storecollection=null;
  168. returnnull;
  169. }
  170. ///<summary>
  171. ///根据公钥证书,返回证书实体
  172. ///</summary>
  173. ///<paramname="cerPath"></param>
  174. publicstaticX509Certificate2GetCertFromCerFile(stringcerPath)
  175. {
  176. try
  177. {
  178. returnnewX509Certificate2(cerPath);
  179. }
  180. catch(Exceptione)
  181. {
  182. returnnull;
  183. }
  184. }
  185. #endregion
  186. }

两个RSA加解密辅助函数:

[csharp]view plaincopy

  1. staticstringRSADecrypt(stringxmlPrivateKey,stringm_strDecryptString)
  2. {
  3. RSACryptoServiceProviderprovider=newRSACryptoServiceProvider();
  4. provider.FromXmlString(xmlPrivateKey);
  5. byte[]rgb=Convert.Frombase64String(m_strDecryptString);
  6. byte[]bytes=provider.Decrypt(rgb,false);
  7. returnnewunicodeEncoding().GetString(bytes);
  8. }
  9. ///<summary>
  10. ///RSA加密
  11. ///</summary>
  12. ///<paramname="xmlPublicKey"></param>
  13. ///<paramname="m_strEncryptString"></param>
  14. ///<returns></returns>
  15. staticstringRSAEncrypt(stringxmlPublicKey,stringm_strEncryptString)
  16. {
  17. RSACryptoServiceProviderprovider=newRSACryptoServiceProvider();
  18. provider.FromXmlString(xmlPublicKey);
  19. byte[]bytes=newUnicodeEncoding().GetBytes(m_strEncryptString);
  20. returnConvert.ToBase64String(provider.Encrypt(bytes,false));
  21. }

使用例子,下面的代码做了几个事情

1. 在个人store里面创建了一个认证, 从认证里面读取信息得到一个X509Certificate2的对象,这个对象内部包含公钥和私钥,然后做了次rsa加解密测试。

2. 从store里面导出一个cer文件,因为cer文件并没有私钥,只有公钥。测试代码就是用公钥加密然后用前面得到的私钥解密。

3. 导出一个pfx文件,pfx包括公钥和私钥,可以自己加解密。

这是个很简单的例子,但是对于理解cer文件和pfx文件已经公钥私钥应该有帮助。

[csharp]view plaincopy

  1. //在personal(个人)里面创建一个foo的证书
  2. DataCertificate.CreateCertWithPrivateKey("foo","C:\\ProgramFiles(x86)\\WindowsKits\\8.1\\bin\\x64\\makecert.exe");
  4. //获取证书
  5. X509Certificate2c1=DataCertificate.GetCertificateFromStore("foo");
  7. stringkeyPublic=c1.PublicKey.Key.ToXmlString(false);//公钥
  8. stringkeyPrivate=c1.PrivateKey.ToXmlString(true);//私钥
  10. stringcypher=RSAEncrypt(keyPublic,"程序员");//加密
  11. stringplain=RSADecrypt(keyPrivate,cypher);//解密
  13. Debug.Assert(plain=="程序员");
  15. //生成一个cert文件
  16. DataCertificate.ExportToCerFile("foo","d:\\mycert\\foo.cer");
  18. X509Certificate2c2=DataCertificate.GetCertFromCerFile("d:\\mycert\\foo.cer");
  20. stringkeyPublic2=c2.PublicKey.Key.ToXmlString(false);
  22. boolb=keyPublic2==keyPublic;
  23. stringcypher2=RSAEncrypt(keyPublic2,"程序员2");//加密
  24. stringplain2=RSADecrypt(keyPrivate,cypher2);//解密,cer里面并没有私钥,所以这里使用前面得到的私钥来解密
  26. Debug.Assert(plain2=="程序员2");
  28. //生成一个pfx,并且从store里面删除
  29. DataCertificate.ExportToPfxFile("foo","d:\\mycert\\foo.pfx","111",true);
  31. X509Certificate2c3=DataCertificate.GetCertificateFromPfxFile("d:\\mycert\\foo.pfx","111");
  33. stringkeyPublic3=c3.PublicKey.Key.ToXmlString(false);//公钥
  34. stringkeyPrivate3=c3.PrivateKey.ToXmlString(true);//私钥
  36. stringcypher3=RSAEncrypt(keyPublic3,"程序员3");//加密
  37. stringplain3=RSADecrypt(keyPrivate3,cypher3);//解密
  39. Debug.Assert(plain3=="程序员3");

附:完整代码

[csharp]view plaincopy

  1. usingSystem;
  2. usingSystem.Collections.Generic;
  3. usingSystem.Diagnostics;
  4. usingSystem.IO;
  5. usingSystem.Linq;
  6. usingSystem.Security.Cryptography;
  7. usingSystem.Security.Cryptography.X509Certificates;
  8. usingSystem.Text;
  11. namespaceconsoleAPPlication1
  12. {
  13. publicsealedclassDataCertificate
  14. {
  15. #region生成证书
  16. ///<summary>
  17. ///根据指定的证书名和makecert全路径生成证书(包含公钥和私钥,并保存在MY存储区)
  18. ///</summary>
  19. ///<paramname="subjectName"></param>
  20. ///<paramname="makecertPath"></param>
  21. ///<returns></returns>
  22. publicstaticboolCreateCertWithPrivateKey(stringsubjectName,stringmakecertPath)
  23. {
  24. subjectName="CN="+subjectName;
  25. stringparam="-pe-ssmy-n\""+subjectName+"\"";
  26. try
  27. {
  28. Processp=Process.Start(makecertPath,param);
  29. p.WaitForExit();
  30. p.Close();
  31. }
  32. catch(Exceptione)
  33. {
  34. returnfalse;
  35. }
  36. returntrue;
  37. }
  38. #endregion
  40. #region文件导入导出
  41. ///<summary>
  42. ///从WINDOWS证书存储区的个人MY区找到主题为subjectName的证书,
  43. ///并导出为pfx文件,同时为其指定一个密码
  44. ///并将证书从个人区删除(如果isDelFromstor为true)
  45. ///</summary>
  46. ///<paramname="subjectName">证书主题,不包含CN=</param>
  47. ///<paramname="pfxFileName">pfx文件名</param>
  48. ///<paramname="password">pfx文件密码</param>
  49. ///<paramname="isDelFromStore">是否从存储区删除</param>
  50. ///<returns></returns>
  51. publicstaticboolExportToPfxFile(stringsubjectName,stringpfxFileName,
  52. stringpassword,boolisDelFromStore)
  53. {
  54. subjectName="CN="+subjectName;
  55. X509Storestore=newX509Store(StoreName.My,StoreLocation.CurrentUser);
  56. store.Open(OpenFlags.ReadWrite);
  57. X509Certificate2Collectionstorecollection=(X509Certificate2Collection)store.Certificates;
  58. foreach(X509Certificate2x509instorecollection)
  59. {
  60. if(x509.Subject==subjectName)
  61. {
  62. Debug.Print(string.Format("certificatename:{0}",x509.Subject));
  64. byte[]pfxByte=x509.Export(X509ContentType.Pfx,password);
  65. using(FileStreamfileStream=newFileStream(pfxFileName,FileMode.Create))
  66. {
  67. //Writethedatatothefile,bytebybyte.
  68. for(inti=0;i<pfxByte.Length;i++)
  69. fileStream.WriteByte(pfxByte[i]);
  70. //Setthestreampositiontothebeginningofthefile.
  71. fileStream.Seek(0,SeekOrigin.Begin);
  72. //Readandverifythedata.
  73. for(inti=0;i<fileStream.Length;i++)
  74. {
  75. if(pfxByte[i]!=fileStream.ReadByte())
  76. {
  77. fileStream.Close();
  78. returnfalse;
  79. }
  80. }
  81. fileStream.Close();
  82. }
  83. if(isDelFromStore==true)
  84. store.Remove(x509);
  85. }
  86. }
  87. store.Close();
  88. store=null;
  89. storecollection=null;
  90. returntrue;
  91. }
  92. ///<summary>
  93. ///从WINDOWS证书存储区的个人MY区找到主题为subjectName的证书,
  94. ///并导出为CER文件(即,只含公钥的)
  95. ///</summary>
  96. ///<paramname="subjectName"></param>
  97. ///<paramname="cerFileName"></param>
  98. ///<returns></returns>
  99. publicstaticboolExportToCerFile(stringsubjectName,stringcerFileName)
  100. {
  101. subjectName="CN="+subjectName;
  102. X509Storestore=newX509Store(StoreName.My,StoreLocation.CurrentUser);
  103. store.Open(OpenFlags.ReadWrite);
  104. X509Certificate2Collectionstorecollection=(X509Certificate2Collection)store.Certificates;
  105. foreach(X509Certificate2x509instorecollection)
  106. {
  107. if(x509.Subject==subjectName)
  108. {
  109. Debug.Print(string.Format("certificatename:{0}",x509.Subject));
  110. //byte[]pfxByte=x509.Export(X509ContentType.Pfx,password);
  111. byte[]cerByte=x509.Export(X509ContentType.Cert);
  112. using(FileStreamfileStream=newFileStream(cerFileName,FileMode.Create))
  113. {
  114. //Writethedatatothefile,bytebybyte.
  115. for(inti=0;i<cerByte.Length;i++)
  116. fileStream.WriteByte(cerByte[i]);
  117. //Setthestreampositiontothebeginningofthefile.
  118. fileStream.Seek(0,SeekOrigin.Begin);
  119. //Readandverifythedata.
  120. for(inti=0;i<fileStream.Length;i++)
  121. {
  122. if(cerByte[i]!=fileStream.ReadByte())
  123. {
  124. fileStream.Close();
  125. returnfalse;
  126. }
  127. }
  128. fileStream.Close();
  129. }
  130. }
  131. }
  132. store.Close();
  133. store=null;
  134. storecollection=null;
  135. returntrue;
  136. }
  137. #endregion
  139. #region从证书中获取信息
  140. ///<summary>
  141. ///根据私钥证书得到证书实体,得到实体后可以根据其公钥和私钥进行加解密
  142. ///加解密函数使用DEncrypt的RSACryption类
  143. ///</summary>
  144. ///<paramname="pfxFileName"></param>
  145. ///<paramname="password"></param>
  146. ///<returns></returns>
  147. publicstaticX509Certificate2GetCertificateFromPfxFile(stringpfxFileName,
  148. stringpassword)
  149. {
  150. try
  151. {
  152. returnnewX509Certificate2(pfxFileName,password,X509KeyStorageFlags.Exportable);
  153. }
  154. catch(Exceptione)
  155. {
  156. returnnull;
  157. }
  158. }
  159. ///<summary>
  160. ///到存储区获取证书
  161. ///</summary>
  162. ///<paramname="subjectName"></param>
  163. ///<returns></returns>
  164. publicstaticX509Certificate2GetCertificateFromStore(stringsubjectName)
  165. {
  166. subjectName="CN="+subjectName;
  167. X509Storestore=newX509Store(StoreName.My,StoreLocation.CurrentUser);
  168. store.Open(OpenFlags.ReadWrite);
  169. X509Certificate2Collectionstorecollection=(X509Certificate2Collection)store.Certificates;
  170. foreach(X509Certificate2x509instorecollection)
  171. {
  172. if(x509.Subject==subjectName)
  173. {
  174. returnx509;
  175. }
  176. }
  177. store.Close();
  178. store=null;
  179. storecollection=null;
  180. returnnull;
  181. }
  182. ///<summary>
  183. ///根据公钥证书,返回证书实体
  184. ///</summary>
  185. ///<paramname="cerPath"></param>
  186. publicstaticX509Certificate2GetCertFromCerFile(stringcerPath)
  187. {
  188. try
  189. {
  190. returnnewX509Certificate2(cerPath);
  191. }
  192. catch(Exceptione)
  193. {
  194. returnnull;
  195. }
  196. }
  197. #endregion
  198. }
  200. classProgram
  201. {
  202. staticstringRSADecrypt(stringxmlPrivateKey,stringm_strDecryptString)
  203. {
  204. RSACryptoServiceProviderprovider=newRSACryptoServiceProvider();
  205. provider.FromXmlString(xmlPrivateKey);
  206. byte[]rgb=Convert.FromBase64String(m_strDecryptString);
  207. byte[]bytes=provider.Decrypt(rgb,false);
  208. returnnewUnicodeEncoding().GetString(bytes);
  209. }
  210. ///<summary>
  211. ///RSA加密
  212. ///</summary>
  213. ///<paramname="xmlPublicKey"></param>
  214. ///<paramname="m_strEncryptString"></param>
  215. ///<returns></returns>
  216. staticstringRSAEncrypt(stringxmlPublicKey,stringm_strEncryptString)
  217. {
  218. RSACryptoServiceProviderprovider=newRSACryptoServiceProvider();
  219. provider.FromXmlString(xmlPublicKey);
  220. byte[]bytes=newUnicodeEncoding().GetBytes(m_strEncryptString);
  221. returnConvert.ToBase64String(provider.Encrypt(bytes,false));
  222. }
  224. staticvoidMain(string[]args)
  225. {
  226. //在personal(个人)里面创建一个foo的证书
  227. DataCertificate.CreateCertWithPrivateKey("foo","C:\\ProgramFiles(x86)\\WindowsKits\\8.1\\bin\\x64\\makecert.exe");
  229. //获取证书
  230. X509Certificate2c1=DataCertificate.GetCertificateFromStore("foo");
  232. stringkeyPublic=c1.PublicKey.Key.ToXmlString(false);//公钥
  233. stringkeyPrivate=c1.PrivateKey.ToXmlString(true);//私钥
  235. stringcypher=RSAEncrypt(keyPublic,"程序员");//加密
  236. stringplain=RSADecrypt(keyPrivate,cypher);//解密
  238. Debug.Assert(plain=="程序员");
  240. //生成一个cert文件
  241. DataCertificate.ExportToCerFile("foo","d:\\mycert\\foo.cer");
  243. X509Certificate2c2=DataCertificate.GetCertFromCerFile("d:\\mycert\\foo.cer");
  245. stringkeyPublic2=c2.PublicKey.Key.ToXmlString(false);
  247. boolb=keyPublic2==keyPublic;
  248. stringcypher2=RSAEncrypt(keyPublic2,"程序员2");//加密
  249. stringplain2=RSADecrypt(keyPrivate,cypher2);//解密,cer里面并没有私钥,所以这里使用前面得到的私钥来解密
  251. Debug.Assert(plain2=="程序员2");
  253. //生成一个pfx,并且从store里面删除
  254. DataCertificate.ExportToPfxFile("foo","d:\\mycert\\foo.pfx","111",true);
  256. X509Certificate2c3=DataCertificate.GetCertificateFromPfxFile("d:\\mycert\\foo.pfx","111");
  258. stringkeyPublic3=c3.PublicKey.Key.ToXmlString(false);//公钥
  259. stringkeyPrivate3=c3.PrivateKey.ToXmlString(true);//私钥
  261. stringcypher3=RSAEncrypt(keyPublic3,"程序员3");//加密
  262. stringplain3=RSADecrypt(keyPrivate3,cypher3);//解密
  264. Debug.Assert(plain3=="程序员3");
  265. }
  266. }
  267. }

相关阅读

tcptraceroute与traceroute

1 traceroute 功能说明:显示数据包到主机间的路径。它默认发送的数据包大小是40字节。 通过traceroute我们可以知道信息从你的计

Packet Tracer 思科模拟器入门教程 之一 初识Packet T

Packet Tracer介绍 Packet Tracer是Cisco公司针对CCNA认证开发的一个用来设计、配置和故障排除网络的模拟软件。 Packer Tracer

宏基/Acer E1-471Gb如何拆机清洁?

本本从2012-12-25购买到现在快3年了,期间把内存增加到8G,硬盘升级为1T的,一直任劳任怨得为我工作着,最近感觉散热不是很好,决定拆

Gooogle发布生成https加密证书工具mkcert

谷歌日前正加快速度完成一项关于mkcert的开源项目,项目本身允许开发者在本地部署https测试环境,而mkcert是一个能够让网站通过自动

宏碁ACER4752G怎么拆机更换内存条?

笔记本电脑的内存和电脑的操作体验有很大的关系,往往换更大的内存电脑会更流畅,可以开启的任务也更多,这篇和大家分享如何给宏碁acer

赞()
分享到:

猜你喜欢

栏目导航

推荐阅读

热门阅读

seo实验室提供seo优化服务,有网站优化、网站建设、运营推广等需求请联系我们!
Copyright © 2001-2017 .seo实验室 版权所有 网站地图