cer, pfx 创建,并且读取公钥/密钥,加解密 (C#程序实现)
PKI技术(public key infrastructure)里面,cer文件和pfx文件是很常见的。通常cer文件里面保存着公钥以及用户的一些信息,pfx里面则含有私钥和公钥。
用makecert.exe可以创建公钥证书和私钥证书,具体看
http://msdn.microsoft.com/zh-cn/library/bfsktky3(v=vs.110).aspx
http://blog.csdn.net/hacode/article/details/4240238
这里使用程序的方法来创建。参考了http://www.cnblogs.com/luminji/archive/2010/10/28/1863179.html
下面的代码封装了一个类,可以在store里面创建一个认证,并且导出到cer,pfx,然后从store,cer,pfx读取信息
- public sealed class DataCertificate
- {
- #region 生成证书
- /// <summary>
- /// 根据指定的证书名和makecert全路径生成证书(包含公钥和私钥,并保存在MY存储区)
- /// </summary>
- /// <param name="subjectName"></param>
- /// <param name="makecertPath"></param>
- /// <returns></returns>
- public static bool CreateCertWithPrivateKey(string subjectName, string makecertPath)
- {
- subjectName = "CN=" + subjectName;
- string param = " -pe -ss my -n \"" + subjectName + "\" ";
- try
- {
- Process p = Process.Start(makecertPath, param);
- p.WaitForExit();
- p.Close();
- }
- catch (Exception e)
- {
- return false;
- }
- return true;
- }
- #endregion
- #region 文件导入导出
- /// <summary>
- /// 从WINDOWS证书存储区的个人MY区找到主题为subjectName的证书,
- /// 并导出为pfx文件,同时为其指定一个密码
- /// 并将证书从个人区删除(如果isDelFromstor为true)
- /// </summary>
- /// <param name="subjectName">证书主题,不包含CN=</param>
- /// <param name="pfxFileName">pfx文件名</param>
- /// <param name="password">pfx文件密码</param>
- /// <param name="isDelFromStore">是否从存储区删除</param>
- /// <returns></returns>
- public static bool ExportToPfxFile(string subjectName, string pfxFileName,
- string password, bool isDelFromStore)
- {
- subjectName = "CN=" + subjectName;
- X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
- store.Open(OpenFlags.ReadWrite);
- X509Certificate2Collection storecollection = (X509Certificate2Collection)store.Certificates;
- foreach (X509Certificate2 x509 in storecollection)
- {
- if (x509.Subject == subjectName)
- {
- Debug.Print(string.Format("certificate name: {0}", x509.Subject));
- byte[] pfxByte = x509.Export(X509ContentType.Pfx, password);
- using (FileStream fileStream = new FileStream(pfxFileName, FileMode.Create))
- {
- // Write the data to the file, byte by byte.
- for (int i = 0; i < pfxByte.Length; i++)
- fileStream.WriteByte(pfxByte[i]);
- // Set the stream position to the beginning of the file.
- fileStream.Seek(0, SeekOrigin.Begin);
- // Read and verify the data.
- for (int i = 0; i < fileStream.Length; i++)
- {
- if (pfxByte[i] != fileStream.ReadByte())
- {
- fileStream.Close();
- return false;
- }
- }
- fileStream.Close();
- }
- if( isDelFromStore == true)
- store.Remove(x509);
- }
- }
- store.Close();
- store = null;
- storecollection = null;
- return true;
- }
- /// <summary>
- /// 从WINDOWS证书存储区的个人MY区找到主题为subjectName的证书,
- /// 并导出为CER文件(即,只含公钥的)
- /// </summary>
- /// <param name="subjectName"></param>
- /// <param name="cerFileName"></param>
- /// <returns></returns>
- public static bool ExportToCerFile(string subjectName, string cerFileName)
- {
- subjectName = "CN=" + subjectName;
- X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
- store.Open(OpenFlags.ReadWrite);
- X509Certificate2Collection storecollection = (X509Certificate2Collection)store.Certificates;
- foreach (X509Certificate2 x509 in storecollection)
- {
- if (x509.Subject == subjectName)
- {
- Debug.Print(string.Format("certificate name: {0}", x509.Subject));
- //byte[] pfxByte = x509.Export(X509ContentType.Pfx, password);
- byte[] cerByte = x509.Export(X509ContentType.Cert);
- using (FileStream fileStream = new FileStream(cerFileName, FileMode.Create))
- {
- // Write the data to the file, byte by byte.
- for (int i = 0; i < cerByte.Length; i++)
- fileStream.WriteByte(cerByte[i]);
- // Set the stream position to the beginning of the file.
- fileStream.Seek(0, SeekOrigin.Begin);
- // Read and verify the data.
- for (int i = 0; i < fileStream.Length; i++)
- {
- if (cerByte[i] != fileStream.ReadByte())
- {
- fileStream.Close();
- return false;
- }
- }
- fileStream.Close();
- }
- }
- }
- store.Close();
- store = null;
- storecollection = null;
- return true;
- }
- #endregion
- #region 从证书中获取信息
- /// <summary>
- /// 根据私钥证书得到证书实体,得到实体后可以根据其公钥和私钥进行加解密
- /// 加解密函数使用DEncrypt的RSACryption类
- /// </summary>
- /// <param name="pfxFileName"></param>
- /// <param name="password"></param>
- /// <returns></returns>
- public static X509Certificate2 GetCertificateFromPfxFile(string pfxFileName,
- string password)
- {
- try
- {
- return new X509Certificate2(pfxFileName, password, X509KeyStorageFlags.Exportable);
- }
- catch (Exception e)
- {
- return null;
- }
- }
- /// <summary>
- /// 到存储区获取证书
- /// </summary>
- /// <param name="subjectName"></param>
- /// <returns></returns>
- public static X509Certificate2 GetCertificateFromStore(string subjectName)
- {
- subjectName = "CN=" + subjectName;
- X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
- store.Open(OpenFlags.ReadWrite);
- X509Certificate2Collection storecollection = (X509Certificate2Collection)store.Certificates;
- foreach (X509Certificate2 x509 in storecollection)
- {
- if (x509.Subject == subjectName)
- {
- return x509;
- }
- }
- store.Close();
- store = null;
- storecollection = null;
- return null;
- }
- /// <summary>
- /// 根据公钥证书,返回证书实体
- /// </summary>
- /// <param name="cerPath"></param>
- public static X509Certificate2 GetCertFromCerFile(string cerPath)
- {
- try
- {
- return new X509Certificate2(cerPath);
- }
- catch (Exception e)
- {
- return null;
- }
- }
- #endregion
- }
两个RSA加解密辅助函数:
- static string RSADecrypt(string xmlPrivateKey, string m_strDecryptString)
- {
- RSACryptoServiceProvider provider = new RSACryptoServiceProvider();
- provider.FromXmlString(xmlPrivateKey);
- byte[] rgb = Convert.FromBase64String(m_strDecryptString);
- byte[] bytes = provider.Decrypt(rgb, false);
- return new UnicodeEncoding().GetString(bytes);
- }
- /// <summary>
- /// RSA加密
- /// </summary>
- /// <param name="xmlPublicKey"></param>
- /// <param name="m_strEncryptString"></param>
- /// <returns></returns>
- static string RSAEncrypt(string xmlPublicKey, string m_strEncryptString)
- {
- RSACryptoServiceProvider provider = new RSACryptoServiceProvider();
- provider.FromXmlString(xmlPublicKey);
- byte[] bytes = new UnicodeEncoding().GetBytes(m_strEncryptString);
- return Convert.ToBase64String(provider.Encrypt(bytes, false));
- }
使用例子,下面的代码做了几个事情
1. 在个人store里面创建了一个认证, 从认证里面读取信息得到一个X509Certificate2的对象,这个对象内部包含公钥和私钥,然后做了次rsa加解密测试。
2. 从store里面导出一个cer文件,因为cer文件并没有私钥,只有公钥。测试代码就是用公钥加密然后用前面得到的私钥解密。
3. 导出一个pfx文件,pfx包括公钥和私钥,可以自己加解密。
这是个很简单的例子,但是对于理解cer文件和pfx文件已经公钥私钥应该有帮助。
- // 在personal(个人)里面创建一个foo的证书
- DataCertificate.CreateCertWithPrivateKey("foo", "C:\\Program Files (x86)\\Windows Kits\\8.1\\bin\\x64\\makecert.exe");
- // 获取证书
- X509Certificate2 c1 = DataCertificate.GetCertificateFromStore("foo");
- string keyPublic = c1.PublicKey.Key.ToXmlString(false); // 公钥
- string keyPrivate = c1.PrivateKey.ToXmlString(true); // 私钥
- string cypher = RSAEncrypt(keyPublic, "程序员"); // 加密
- string plain = RSADecrypt(keyPrivate, cypher); // 解密
- Debug.Assert(plain == "程序员");
- // 生成一个cert文件
- DataCertificate.ExportToCerFile("foo", "d:\\mycert\\foo.cer");
- X509Certificate2 c2 = DataCertificate.GetCertFromCerFile("d:\\mycert\\foo.cer");
- string keyPublic2 = c2.PublicKey.Key.ToXmlString(false);
- bool b = keyPublic2 == keyPublic;
- string cypher2 = RSAEncrypt(keyPublic2, "程序员2"); // 加密
- string plain2 = RSADecrypt(keyPrivate, cypher2); // 解密, cer里面并没有私钥,所以这里使用前面得到的私钥来解密
- Debug.Assert(plain2 == "程序员2");
- // 生成一个pfx, 并且从store里面删除
- DataCertificate.ExportToPfxFile("foo", "d:\\mycert\\foo.pfx", "111", true);
- X509Certificate2 c3 = DataCertificate.GetCertificateFromPfxFile("d:\\mycert\\foo.pfx", "111");
- string keyPublic3 = c3.PublicKey.Key.ToXmlString(false); // 公钥
- string keyPrivate3 = c3.PrivateKey.ToXmlString(true); // 私钥
- string cypher3 = RSAEncrypt(keyPublic3, "程序员3"); // 加密
- string plain3 = RSADecrypt(keyPrivate3, cypher3); // 解密
- Debug.Assert(plain3 == "程序员3");
附:完整代码
- using System;
- using System.Collections.Generic;
- using System.Diagnostics;
- using System.IO;
- using System.Linq;
- using System.Security.Cryptography;
- using System.Security.Cryptography.X509Certificates;
- using System.Text;
- namespace ConsoleApplication1
- {
- public sealed class DataCertificate
- {
- #region 生成证书
- /// <summary>
- /// 根据指定的证书名和makecert全路径生成证书(包含公钥和私钥,并保存在MY存储区)
- /// </summary>
- /// <param name="subjectName"></param>
- /// <param name="makecertPath"></param>
- /// <returns></returns>
- public static bool CreateCertWithPrivateKey(string subjectName, string makecertPath)
- {
- subjectName = "CN=" + subjectName;
- string param = " -pe -ss my -n \"" + subjectName + "\" ";
- try
- {
- Process p = Process.Start(makecertPath, param);
- p.WaitForExit();
- p.Close();
- }
- catch (Exception e)
- {
- return false;
- }
- return true;
- }
- #endregion
- #region 文件导入导出
- /// <summary>
- /// 从WINDOWS证书存储区的个人MY区找到主题为subjectName的证书,
- /// 并导出为pfx文件,同时为其指定一个密码
- /// 并将证书从个人区删除(如果isDelFromstor为true)
- /// </summary>
- /// <param name="subjectName">证书主题,不包含CN=</param>
- /// <param name="pfxFileName">pfx文件名</param>
- /// <param name="password">pfx文件密码</param>
- /// <param name="isDelFromStore">是否从存储区删除</param>
- /// <returns></returns>
- public static bool ExportToPfxFile(string subjectName, string pfxFileName,
- string password, bool isDelFromStore)
- {
- subjectName = "CN=" + subjectName;
- X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
- store.Open(OpenFlags.ReadWrite);
- X509Certificate2Collection storecollection = (X509Certificate2Collection)store.Certificates;
- foreach (X509Certificate2 x509 in storecollection)
- {
- if (x509.Subject == subjectName)
- {
- Debug.Print(string.Format("certificate name: {0}", x509.Subject));
- byte[] pfxByte = x509.Export(X509ContentType.Pfx, password);
- using (FileStream fileStream = new FileStream(pfxFileName, FileMode.Create))
- {
- // Write the data to the file, byte by byte.
- for (int i = 0; i < pfxByte.Length; i++)
- fileStream.WriteByte(pfxByte[i]);
- // Set the stream position to the beginning of the file.
- fileStream.Seek(0, SeekOrigin.Begin);
- // Read and verify the data.
- for (int i = 0; i < fileStream.Length; i++)
- {
- if (pfxByte[i] != fileStream.ReadByte())
- {
- fileStream.Close();
- return false;
- }
- }
- fileStream.Close();
- }
- if( isDelFromStore == true)
- store.Remove(x509);
- }
- }
- store.Close();
- store = null;
- storecollection = null;
- return true;
- }
- /// <summary>
- /// 从WINDOWS证书存储区的个人MY区找到主题为subjectName的证书,
- /// 并导出为CER文件(即,只含公钥的)
- /// </summary>
- /// <param name="subjectName"></param>
- /// <param name="cerFileName"></param>
- /// <returns></returns>
- public static bool ExportToCerFile(string subjectName, string cerFileName)
- {
- subjectName = "CN=" + subjectName;
- X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
- store.Open(OpenFlags.ReadWrite);
- X509Certificate2Collection storecollection = (X509Certificate2Collection)store.Certificates;
- foreach (X509Certificate2 x509 in storecollection)
- {
- if (x509.Subject == subjectName)
- {
- Debug.Print(string.Format("certificate name: {0}", x509.Subject));
- //byte[] pfxByte = x509.Export(X509ContentType.Pfx, password);
- byte[] cerByte = x509.Export(X509ContentType.Cert);
- using (FileStream fileStream = new FileStream(cerFileName, FileMode.Create))
- {
- // Write the data to the file, byte by byte.
- for (int i = 0; i < cerByte.Length; i++)
- fileStream.WriteByte(cerByte[i]);
- // Set the stream position to the beginning of the file.
- fileStream.Seek(0, SeekOrigin.Begin);
- // Read and verify the data.
- for (int i = 0; i < fileStream.Length; i++)
- {
- if (cerByte[i] != fileStream.ReadByte())
- {
- fileStream.Close();
- return false;
- }
- }
- fileStream.Close();
- }
- }
- }
- store.Close();
- store = null;
- storecollection = null;
- return true;
- }
- #endregion
- #region 从证书中获取信息
- /// <summary>
- /// 根据私钥证书得到证书实体,得到实体后可以根据其公钥和私钥进行加解密
- /// 加解密函数使用DEncrypt的RSACryption类
- /// </summary>
- /// <param name="pfxFileName"></param>
- /// <param name="password"></param>
- /// <returns></returns>
- public static X509Certificate2 GetCertificateFromPfxFile(string pfxFileName,
- string password)
- {
- try
- {
- return new X509Certificate2(pfxFileName, password, X509KeyStorageFlags.Exportable);
- }
- catch (Exception e)
- {
- return null;
- }
- }
- /// <summary>
- /// 到存储区获取证书
- /// </summary>
- /// <param name="subjectName"></param>
- /// <returns></returns>
- public static X509Certificate2 GetCertificateFromStore(string subjectName)
- {
- subjectName = "CN=" + subjectName;
- X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
- store.Open(OpenFlags.ReadWrite);
- X509Certificate2Collection storecollection = (X509Certificate2Collection)store.Certificates;
- foreach (X509Certificate2 x509 in storecollection)
- {
- if (x509.Subject == subjectName)
- {
- return x509;
- }
- }
- store.Close();
- store = null;
- storecollection = null;
- return null;
- }
- /// <summary>
- /// 根据公钥证书,返回证书实体
- /// </summary>
- /// <param name="cerPath"></param>
- public static X509Certificate2 GetCertFromCerFile(string cerPath)
- {
- try
- {
- return new X509Certificate2(cerPath);
- }
- catch (Exception e)
- {
- return null;
- }
- }
- #endregion
- }
- class Program
- {
- static string RSADecrypt(string xmlPrivateKey, string m_strDecryptString)
- {
- RSACryptoServiceProvider provider = new RSACryptoServiceProvider();
- provider.FromXmlString(xmlPrivateKey);
- byte[] rgb = Convert.FromBase64String(m_strDecryptString);
- byte[] bytes = provider.Decrypt(rgb, false);
- return new UnicodeEncoding().GetString(bytes);
- }
- /// <summary>
- /// RSA加密
- /// </summary>
- /// <param name="xmlPublicKey"></param>
- /// <param name="m_strEncryptString"></param>
- /// <returns></returns>
- static string RSAEncrypt(string xmlPublicKey, string m_strEncryptString)
- {
- RSACryptoServiceProvider provider = new RSACryptoServiceProvider();
- provider.FromXmlString(xmlPublicKey);
- byte[] bytes = new UnicodeEncoding().GetBytes(m_strEncryptString);
- return Convert.ToBase64String(provider.Encrypt(bytes, false));
- }
- static void Main(string[] args)
- {
- // 在personal(个人)里面创建一个foo的证书
- DataCertificate.CreateCertWithPrivateKey("foo", "C:\\Program Files (x86)\\Windows Kits\\8.1\\bin\\x64\\makecert.exe");
- // 获取证书
- X509Certificate2 c1 = DataCertificate.GetCertificateFromStore("foo");
- string keyPublic = c1.PublicKey.Key.ToXmlString(false); // 公钥
- string keyPrivate = c1.PrivateKey.ToXmlString(true); // 私钥
- string cypher = RSAEncrypt(keyPublic, "程序员"); // 加密
- string plain = RSADecrypt(keyPrivate, cypher); // 解密
- Debug.Assert(plain == "程序员");
- // 生成一个cert文件
- DataCertificate.ExportToCerFile("foo", "d:\\mycert\\foo.cer");
- X509Certificate2 c2 = DataCertificate.GetCertFromCerFile("d:\\mycert\\foo.cer");
- string keyPublic2 = c2.PublicKey.Key.ToXmlString(false);
- bool b = keyPublic2 == keyPublic;
- string cypher2 = RSAEncrypt(keyPublic2, "程序员2"); // 加密
- string plain2 = RSADecrypt(keyPrivate, cypher2); // 解密, cer里面并没有私钥,所以这里使用前面得到的私钥来解密
- Debug.Assert(plain2 == "程序员2");
- // 生成一个pfx, 并且从store里面删除
- DataCertificate.ExportToPfxFile("foo", "d:\\mycert\\foo.pfx", "111", true);
- X509Certificate2 c3 = DataCertificate.GetCertificateFromPfxFile("d:\\mycert\\foo.pfx", "111");
- string keyPublic3 = c3.PublicKey.Key.ToXmlString(false); // 公钥
- string keyPrivate3 = c3.PrivateKey.ToXmlString(true); // 私钥
- string cypher3 = RSAEncrypt(keyPublic3, "程序员3"); // 加密
- string plain3 = RSADecrypt(keyPrivate3, cypher3); // 解密
- Debug.Assert(plain3 == "程序员3");
- }
- }
- }
cer, pfx 创建,并且读取公钥/密钥,加解密 (C#程序实现)的更多相关文章
- cer, pfx 创建,而且读取公钥/密钥,加解密 (C#程序实现)
PKI技术(public key infrastructure)里面,cer文件和pfx文件是非经常见的.通常cer文件中面保存着公钥以及用户的一些信息,pfx里面则含有私钥和公钥. 用makecer ...
- Java中RSA非对称密钥加解密使用示例
一.简介: RSA加密算法是最常用的非对称加密算法,CFCA在证书服务中离不了它.RSA是第一个比较完善的公开密钥算法,它既能用于加密,也能用于数字签名.这个算法经受住了多年深入的密码分析,虽然密码分 ...
- DH密钥加解密
一.概述 1.与对称加密算法的主要差别在于,加密和解密的密钥不相同,一个公开(公钥),一个保密(私钥).主要解决了对称加密算法密钥分配管理的问题,提高了算法安全性. 2.非对称加密算法的加密.解密的效 ...
- nodejs加解密
加密分类 可逆加密和不可逆加密 不可逆加密: 加密后不可解密,只能通过碰撞密文以极小的概率解密; 可逆加密: 加密后可以解密;包括对称加密与非对称加密; 对称加密双方采用共同密钥; 非对称加密: 这种 ...
- AES的256位密钥加解密报 java.security.InvalidKeyException: Illegal key size or default parameters 异常的处理及处理工具
一.出现的现象为了数据代码在传输过程中的安全,很多时候我们都会将要传输的数据进行加密,然后等对方拿到后再解密使用.我们在使用AES加解密的时候,在遇到128位密钥加解密的时候,没有进行什么特殊处理:然 ...
- Java实现RSA密钥对并在加解密、加签验签中应用的实例
一.项目结构 二.代码具体实现 1.密钥对生成的两种方式:一种生成公钥私文件,一种生成公钥私串 KeyPairGenUtil.java package com.wangjinxiang.genkey. ...
- 加解密、PKI与CA基础
介绍 这门知识如果以前尝过的各位想必都知道:枯燥无比!因此在文中我会尽量讲的生动些,举一些例子,并试图以一个完整的例子来贯穿整个讲述过程.今年又恰逢莎翁逝世400周年,一方面也为了纪念这位伟大的作家. ...
- 介绍一个很好用的Rsa加解密的.Net库 Kalix.ApiCrypto
Rsa非对称加密技术 这个就不说了,大家上网搜索都知道,公钥加密,私钥解密.当然大家也可以自己实现.这里就懒了,就去找一个现成的库,Nuget上搜索,GitHub上搜索,发现.Net的加解密库,下载量 ...
- CTF中编码与加解密总结
CTF中那些脑洞大开的编码和加密 转自:https://www.cnblogs.com/mq0036/p/6544055.html 0x00 前言 正文开始之前先闲扯几句吧,玩CTF的小伙伴也许会遇到 ...
随机推荐
- Maven实战四
转载:http://www.iteye.com/topic/1123231 为什么要定义Maven坐标 在我们开发Maven项目的时候,需要为其定义适当的坐标,这是Maven强制要求的.在这 ...
- 5451 HDU Best Solver
链接: Best Solver 题目分析: 这个题目的关键点是需知道“共轭”. 如 :(A√B + C√D) 和 (A√B - C√D) 是共轭的 这个有一个规律 (A√B + C√D)^n + ( ...
- 我的学习笔记之node----node.js+socket.io实时聊天(1) (谨此纪念博客开篇)
本想着从hello word开篇,也确实写了相关学习笔记.各种原因吧,现在又着急写出作品,便作罢. 这里将记录一个node.js+socket.io的实时聊天程序.(当然我也是跟着网上各种教程资料学习 ...
- hdu 1175 连连看 DFS
题目链接:http://acm.hdu.edu.cn/showproblem.php?pid=1175 解题思路:从出发点开始DFS.出发点与终点中间只能通过0相连,或者直接相连,判断能否找出这样的路 ...
- set和replace方法的区别
对已有值的元素处理上两者是相同的,但是对于一个不存在的元素,set的作用就和add相当,replace则是只能对已经存在的元素进行处理如:表中某个字段值是空(null),如果某个字段为空,则通过查询方 ...
- Linux 相关scsi命令
Linux 相关scsi命令 由于前段时间存储扩容,对存储操作较多,下面记录了常用的操作: lsscsi命令:显示scsi设备信息 #lsscsi [0:0:0:2] disk IBM ...
- Solr和IK分词器的整合
IK分词器相对于mmseg4J来说词典内容更加丰富,但是没有mmseg4J灵活,后者可以自定义自己的词语库.IK分词器的配置过程和mmseg4J一样简单,其过程如下: 1.引入IKAnalyzer.j ...
- Android--图片的三级缓存策略
三级缓存缓存(内存)--->本地磁盘---->网络1.首先看一下图片存储到本地磁盘 public class FileUtils { String path;//文件存储的地方 publi ...
- static作用——The static effect
1)在函数体内,一个被声明为静态的变量在这一函数被调用过程中维持其值不变(该变量存放在静态变量区). 2) 在模块内(但在函数体外),一个被声明为静态的变量可以被模块内所用函数访问,但不能被模块外其它 ...
- HDU 4287 Intelligent IME
Intelligent IME Time Limit: 2000/1000 MS (Java/Others) Memory Limit: 32768/32768 K (Java/Others) ...