C#创建数字证书并导出为pfx,并使用pfx进行非对称加解密
本文源程序下载:http://download.csdn.net/source/2444494
我的项目当中,考虑到安全性,需要为每个客户端分发一个数字证书,同时使用数字证书中的公私钥来进行数据的加解密。为了完成这个安全模块,特写了如下一个DEMO程序,该DEMO程序包含的功能有:
1:调用.NET2.0的MAKECERT创建含有私钥的数字证书,并存储到个人证书区;
2:将该证书导出为pfx文件,并为其指定一个用来打开pfx文件的password;
3:读取pfx文件,导出pfx中公钥和私钥;
4:用pfx证书中的公钥进行数据的加密,用私钥进行数据的解密;
系统界面:
代码如下:
- /// <summary>
- /// 将证书从证书存储区导出,并存储为pfx文件,同时为pfx文件指定打开的密码
- /// 本函数同时也演示如何用公钥进行加密,私钥进行解密
- /// </summary>
- /// <param name="sender"></param>
- /// <param name="e"></param>
- private void btn_toPfxFile_Click(object sender, EventArgs e)
- {
- X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
- store.Open(OpenFlags.ReadWrite);
- X509Certificate2Collection storecollection = (X509Certificate2Collection)store.Certificates;
- foreach (X509Certificate2 x509 in storecollection)
- {
- if (x509.Subject == "CN=luminji")
- {
- Debug.Print(string.Format("certificate name: {0}", x509.Subject));
- byte[] pfxByte = x509.Export(X509ContentType.Pfx, "123");
- using (FileStream fileStream = new FileStream("luminji.pfx", FileMode.Create))
- {
- // Write the data to the file, byte by byte.
- for (int i = 0; i < pfxByte.Length; i++)
- fileStream.WriteByte(pfxByte[i]);
- // Set the stream position to the beginning of the file.
- fileStream.Seek(0, SeekOrigin.Begin);
- // Read and verify the data.
- for (int i = 0; i < fileStream.Length; i++)
- {
- if (pfxByte[i] != fileStream.ReadByte())
- {
- Debug.Print("Error writing data.");
- return;
- }
- }
- fileStream.Close();
- Debug.Print("The data was written to {0} " +
- "and verified.", fileStream.Name);
- }
- string myname = "my name is luminji! and i love huzhonghua!";
- string enStr = this.RSAEncrypt(x509.PublicKey.Key.ToXmlString(false), myname);
- MessageBox.Show("密文是:" + enStr);
- string deStr = this.RSADecrypt(x509.PrivateKey.ToXmlString(true), enStr);
- MessageBox.Show("明文是:" + deStr);
- }
- }
- store.Close();
- store = null;
- storecollection = null;
- }
- /// <summary>
- /// 创建还有私钥的证书
- /// </summary>
- /// <param name="sender"></param>
- /// <param name="e"></param>
- private void btn_createPfx_Click(object sender, EventArgs e)
- {
- string MakeCert = "C://Program Files//Microsoft Visual Studio 8//SDK//v2.0//Bin//makecert.exe";
- string x509Name = "CN=luminji";
- string param = " -pe -ss my -n /"" + x509Name + "/" " ;
- Process p = Process.Start(MakeCert, param);
- p.WaitForExit();
- p.Close();
- MessageBox.Show("over");
- }
- /// <summary>
- /// 从pfx文件读取证书信息
- /// </summary>
- /// <param name="sender"></param>
- /// <param name="e"></param>
- private void btn_readFromPfxFile(object sender, EventArgs e)
- {
- X509Certificate2 pc = new X509Certificate2("luminji.pfx", "123");
- MessageBox.Show("name:" + pc.SubjectName.Name);
- MessageBox.Show("public:" + pc.PublicKey.ToString());
- MessageBox.Show("private:" + pc.PrivateKey.ToString());
- pc = null;
- }
- /// <summary>
- /// RSA解密
- /// </summary>
- /// <param name="xmlPrivateKey"></param>
- /// <param name="m_strDecryptString"></param>
- /// <returns></returns>
- public string RSADecrypt(string xmlPrivateKey, string m_strDecryptString)
- {
- RSACryptoServiceProvider provider = new RSACryptoServiceProvider();
- provider.FromXmlString(xmlPrivateKey);
- byte[] rgb = Convert.FromBase64String(m_strDecryptString);
- byte[] bytes = provider.Decrypt(rgb, false);
- return new UnicodeEncoding().GetString(bytes);
- }
- /// <summary>
- /// RSA加密
- /// </summary>
- /// <param name="xmlPublicKey"></param>
- /// <param name="m_strEncryptString"></param>
- /// <returns></returns>
- public string RSAEncrypt(string xmlPublicKey, string m_strEncryptString)
- {
- RSACryptoServiceProvider provider = new RSACryptoServiceProvider();
- provider.FromXmlString(xmlPublicKey);
- byte[] bytes = new UnicodeEncoding().GetBytes(m_strEncryptString);
- return Convert.ToBase64String(provider.Encrypt(bytes, false));
- }
上文是一个示例程序,一个完整的证书工具类如下:
- public sealed class DataCertificate
- {
- #region 生成证书
- /// <summary>
- /// 根据指定的证书名和makecert全路径生成证书(包含公钥和私钥,并保存在MY存储区)
- /// </summary>
- /// <param name="subjectName"></param>
- /// <param name="makecertPath"></param>
- /// <returns></returns>
- public static bool CreateCertWithPrivateKey(string subjectName, string makecertPath)
- {
- subjectName = "CN=" + subjectName;
- string param = " -pe -ss my -n /"" + subjectName + "/" ";
- try
- {
- Process p = Process.Start(makecertPath, param);
- p.WaitForExit();
- p.Close();
- }
- catch (Exception e)
- {
- LogRecord.putErrorLog(e.ToString(), "DataCerficate.CreateCertWithPrivateKey");
- return false;
- }
- return true;
- }
- #endregion
- #region 文件导入导出
- /// <summary>
- /// 从WINDOWS证书存储区的个人MY区找到主题为subjectName的证书,
- /// 并导出为pfx文件,同时为其指定一个密码
- /// 并将证书从个人区删除(如果isDelFromstor为true)
- /// </summary>
- /// <param name="subjectName">证书主题,不包含CN=</param>
- /// <param name="pfxFileName">pfx文件名</param>
- /// <param name="password">pfx文件密码</param>
- /// <param name="isDelFromStore">是否从存储区删除</param>
- /// <returns></returns>
- public static bool ExportToPfxFile(string subjectName, string pfxFileName,
- string password, bool isDelFromStore)
- {
- subjectName = "CN=" + subjectName;
- X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
- store.Open(OpenFlags.ReadWrite);
- X509Certificate2Collection storecollection = (X509Certificate2Collection)store.Certificates;
- foreach (X509Certificate2 x509 in storecollection)
- {
- if (x509.Subject == subjectName)
- {
- Debug.Print(string.Format("certificate name: {0}", x509.Subject));
- byte[] pfxByte = x509.Export(X509ContentType.Pfx, password);
- using (FileStream fileStream = new FileStream(pfxFileName, FileMode.Create))
- {
- // Write the data to the file, byte by byte.
- for (int i = 0; i < pfxByte.Length; i++)
- fileStream.WriteByte(pfxByte[i]);
- // Set the stream position to the beginning of the file.
- fileStream.Seek(0, SeekOrigin.Begin);
- // Read and verify the data.
- for (int i = 0; i < fileStream.Length; i++)
- {
- if (pfxByte[i] != fileStream.ReadByte())
- {
- LogRecord.putErrorLog("Export pfx error while verify the pfx file!", "ExportToPfxFile");
- fileStream.Close();
- return false;
- }
- }
- fileStream.Close();
- }
- if( isDelFromStore == true)
- store.Remove(x509);
- }
- }
- store.Close();
- store = null;
- storecollection = null;
- return true;
- }
- /// <summary>
- /// 从WINDOWS证书存储区的个人MY区找到主题为subjectName的证书,
- /// 并导出为CER文件(即,只含公钥的)
- /// </summary>
- /// <param name="subjectName"></param>
- /// <param name="cerFileName"></param>
- /// <returns></returns>
- public static bool ExportToCerFile(string subjectName, string cerFileName)
- {
- subjectName = "CN=" + subjectName;
- X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
- store.Open(OpenFlags.ReadWrite);
- X509Certificate2Collection storecollection = (X509Certificate2Collection)store.Certificates;
- foreach (X509Certificate2 x509 in storecollection)
- {
- if (x509.Subject == subjectName)
- {
- Debug.Print(string.Format("certificate name: {0}", x509.Subject));
- //byte[] pfxByte = x509.Export(X509ContentType.Pfx, password);
- byte[] cerByte = x509.Export(X509ContentType.Cert);
- using (FileStream fileStream = new FileStream(cerFileName, FileMode.Create))
- {
- // Write the data to the file, byte by byte.
- for (int i = 0; i < cerByte.Length; i++)
- fileStream.WriteByte(cerByte[i]);
- // Set the stream position to the beginning of the file.
- fileStream.Seek(0, SeekOrigin.Begin);
- // Read and verify the data.
- for (int i = 0; i < fileStream.Length; i++)
- {
- if (cerByte[i] != fileStream.ReadByte())
- {
- LogRecord.putErrorLog("Export CER error while verify the CERT file!", "ExportToCERFile");
- fileStream.Close();
- return false;
- }
- }
- fileStream.Close();
- }
- }
- }
- store.Close();
- store = null;
- storecollection = null;
- return true;
- }
- #endregion
- #region 从证书中获取信息
- /// <summary>
- /// 根据私钥证书得到证书实体,得到实体后可以根据其公钥和私钥进行加解密
- /// 加解密函数使用DEncrypt的RSACryption类
- /// </summary>
- /// <param name="pfxFileName"></param>
- /// <param name="password"></param>
- /// <returns></returns>
- public static X509Certificate2 GetCertificateFromPfxFile(string pfxFileName,
- string password)
- {
- try
- {
- return new X509Certificate2(pfxFileName, password, X509KeyStorageFlags.Exportable);
- }
- catch (Exception e)
- {
- LogRecord.putErrorLog("get certificate from pfx" + pfxFileName + " error:" + e.ToString(),
- "GetCertificateFromPfxFile");
- return null;
- }
- }
- /// <summary>
- /// 到存储区获取证书
- /// </summary>
- /// <param name="subjectName"></param>
- /// <returns></returns>
- public static X509Certificate2 GetCertificateFromStore(string subjectName)
- {
- subjectName = "CN=" + subjectName;
- X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
- store.Open(OpenFlags.ReadWrite);
- X509Certificate2Collection storecollection = (X509Certificate2Collection)store.Certificates;
- foreach (X509Certificate2 x509 in storecollection)
- {
- if (x509.Subject == subjectName)
- {
- return x509;
- }
- }
- store.Close();
- store = null;
- storecollection = null;
- return null;
- }
- /// <summary>
- /// 根据公钥证书,返回证书实体
- /// </summary>
- /// <param name="cerPath"></param>
- public static X509Certificate2 GetCertFromCerFile(string cerPath)
- {
- try
- {
- return new X509Certificate2(cerPath);
- }
- catch (Exception e)
- {
- LogRecord.putErrorLog(e.ToString(), "DataCertificate.LoadStudentPublicKey");
- return null;
- }
- }
- #endregion
- }
C#创建数字证书并导出为pfx,并使用pfx进行非对称加解密的更多相关文章
- 使用makecert.exe创建数字证书
RT makecert.exe不用去找,安装VS2008后,在开始菜单相应的路径找到该命令提示符:Microsoft Visual Studio 2008/Visual Studio Tools/Vi ...
- 免费CA数字证书的申请、安装、导入、导出
http://wenku.baidu.com/link?url=oDUw50eCE5zX8tmg4N3-ddYGLt1U5aJYGEN7rk_z7t6LuMHL3M4oBstYBI_dQ1UnCtcK ...
- 数字证书KeyTool使用(第二篇)
http://my.oschina.net/frankies/blog/344914 J2SDK提供了keytool命令行工具,可以根据指定的参数来创建数字证书.生成的证书或证书库默认保存在命令行当前 ...
- Java加密解密与数字证书的操作
1 keytool命令总结 一.创建数字证书 交互模式 使用默认的密钥库.keystore(文件夹是c: Documents and Settingusername)和算法(DSA) keytool ...
- 【转】Android数字证书
Android数字证书的作用是非常重要的.Android操作系统每一个应用程序的安装都需要经过这一数字证书的签名. Android手机操作系统作为一款比较流行的开源系统在手机领域占据着举足轻重的地位. ...
- JDK 生成数字证书
JDK(keytool.exe)生成数字证书 2010-11-21 15:52 QUOTE: keytool JAVA是个密钥和证书管理工具.它使用户能够管理自己的公钥/私钥对及相关证书,用于(通过数 ...
- 【上】安全HTTPS-全面具体解释对称加密,非对称加密,数字签名,数字证书和HTTPS
一,对称加密 所谓对称加密.就是它们在编码时使用的密钥e和解码时一样d(e=d),我们就将其统称为密钥k. 对称加解密的步骤例如以下: 发送端和接收端首先要共享同样的密钥k(即通信前两方都须要知道相应 ...
- android利用数字证书对程序签名
签名的必要性 1. 防止你已安装的应用被恶意的第三方覆盖或替换掉. 2. 开发者的身份标识,签名可以防止抵赖等事件的发生. 开发Android的人这么多,完全有可能大家都把类名,包名起成了一个同 ...
- android 利用数字证书对程序签名
签名的必要性 1. 防止你已安装的应用被恶意的第三方覆盖或替换掉. 2. 开发者的身份标识,签名可以防止抵赖等事件的发生. 开发Android的人这么多,完全有可能大家都把类名,包名起成了一个同样 ...
随机推荐
- UVa210 Concurrency Simulator (ACM/ICPC World Finals 1991) 双端队列
Programs executed concurrently on a uniprocessor system appear to be executed at the same time, but ...
- WMRouter:美团外卖Android开源路由框架
WMRouter是一款Android路由框架,基于组件化的设计思路,功能灵活,使用也比较简单. WMRouter最初用于解决美团外卖C端App在业务演进过程中的实际问题,之后逐步推广到了美团其他App ...
- 你见过这些JavaScript的陷阱吗?
一.成员操作符 Number.prototype.testFn=function () { console.log(this<0, this.valueOf()); } var num = -1 ...
- 深入理解Python生成器(Generator)
我们可以通过列表生成式简单直接地创建一个列表,但是受到内存限制,列表容量肯定是有限的.而且,创建一个包含100万个元素的列表,不仅占用很大的存储空间,而且如果我们仅仅需要访问前面几个元素,那后面绝大多 ...
- 【BZOJ 2724】 2724: [Violet 6]蒲公英 (区间众数不带修改版本)
2724: [Violet 6]蒲公英 Time Limit: 40 Sec Memory Limit: 512 MBSubmit: 1908 Solved: 678 Description In ...
- PHP7新特性 What will be in PHP 7/PHPNG
本文结合php官网和鸟哥相关文章总结: 官网:http://www.php7.ca/ https://wiki.php.net/phpng PHP7将在2015年10月正式发布,PHP7 ,将会是 ...
- java多线程技术之条件变量
上一篇讲述了并发包下的Lock,Lock可以更好的解决线程同步问题,使之更面向对象,并且ReadWriteLock在处理同步时更强大,那么同样,线程间仅仅互斥是不够的,还需要通信,本篇的内容是基于上篇 ...
- 持续集成之Jenkins插件使用(一)- 多个job之间的串并联
转载自:http://qa.blog.163.com/blog/static/190147002201391661510655/ Jenkins除了开源和免费,还有一个最吸引人的功能之一就是支持插件. ...
- SLF4J versions 1.4.0 and later requires log4j 1.2.12 or later 终极解决
http://blog.sina.com.cn/s/blog_54eb26870100uynj.html 到SLF4J官方网站:http://www.slf4j.org/codes.html#log4 ...
- Codeforces Round #254 (Div. 1) A. DZY Loves Physics 智力题
A. DZY Loves Physics 题目连接: http://codeforces.com/contest/444/problem/A Description DZY loves Physics ...