Windows证书的生成导出以及使用证书验证文件是否被修改
2024-10-19 12:02:29
本文介绍了如何使用Windows自带的证书生成器生成,导出,使用证书。并以验证文件是否被修改举例
1.证书相关辅助类
public sealed class DataCertificate
{
#region 生成证书
/// <summary>
/// 根据指定的证书名和makecert全路径生成证书(包含公钥和私钥,并保存在MY存储区)
/// </summary>
/// <paramname="subjectName"></param>
/// <paramname="makecertPath"></param>
/// <returns></returns>
public static boolCreateCertWithPrivateKey(string subjectName, string makecertPath)
{
subjectName = "CN=" +subjectName;
string param = "-r -pe -n" + subjectName + " -b 01/01/2005 -sky exchange -ss my";
try
{
Process p = Process.Start(makecertPath,param);
p.WaitForExit();
p.Close();
}
catch (Exception e)
{
//LogRecord.putErrorLog(e.ToString(),"DataCerficate.CreateCertWithPrivateKey");
return false;
}
return true;
}
#endregion
#region 文件导入导出
/// <summary>
/// 从WINDOWS证书存储区的个人MY区找到主题为subjectName的证书,
/// 并导出为pfx文件,同时为其指定一个密码
/// 并将证书从个人区删除(如果isDelFromstor为true)
/// </summary>
/// <paramname="subjectName">证书主题,不包含CN=</param>
/// <paramname="pfxFileName">pfx文件名</param>
/// <paramname="password">pfx文件密码</param>
/// <paramname="isDelFromStore">是否从存储区删除</param>
/// <returns></returns>
public static bool ExportToPfxFile(stringsubjectName, string pfxFileName,
string password, boolisDelFromStore)
{
subjectName = "CN=" +subjectName;
X509Store store = new X509Store(StoreName.My,StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadWrite);
X509Certificate2Collectionstorecollection = (X509Certificate2Collection)store.Certificates;
foreach (X509Certificate2 x509 instorecollection)
{
if (x509.Subject ==subjectName)
{
Debug.Print(string.Format("certificatename: {0}", x509.Subject));
byte[] pfxByte =x509.Export(X509ContentType.Pfx, password);
using (FileStreamfileStream = new FileStream(pfxFileName, FileMode.Create))
{
// Write the data tothe file, byte by byte.
for (int i = ; i <pfxByte.Length; i++)
fileStream.WriteByte(pfxByte[i]);
// Set the streamposition to the beginning of the file.
fileStream.Seek(, SeekOrigin.Begin);
// Read and verify thedata.
for (int i = ; i <fileStream.Length; i++)
{
if (pfxByte[i] !=fileStream.ReadByte())
{
//LogRecord.putErrorLog("Exportpfx error while verify the pfx file!", "ExportToPfxFile");
fileStream.Close();
return false;
}
}
fileStream.Close();
}
if (isDelFromStore == true)
store.Remove(x509);
}
}
store.Close();
store = null;
storecollection = null;
return true;
}
/// <summary>
/// 从WINDOWS证书存储区的个人MY区找到主题为subjectName的证书,
/// 并导出为CER文件(即,只含公钥的)
/// </summary>
/// <paramname="subjectName"></param>
/// <paramname="cerFileName"></param>
/// <returns></returns>
public static bool ExportToCerFile(stringsubjectName, string cerFileName)
{
subjectName = "CN=" +subjectName;
X509Store store = new X509Store(StoreName.My,StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadWrite);
X509Certificate2Collectionstorecollection = (X509Certificate2Collection)store.Certificates;
foreach (X509Certificate2 x509 instorecollection)
{
if (x509.Subject ==subjectName)
{
Debug.Print(string.Format("certificatename: {0}", x509.Subject));
//byte[] pfxByte =x509.Export(X509ContentType.Pfx, password);
byte[] cerByte =x509.Export(X509ContentType.Cert);
using (FileStreamfileStream = new FileStream(cerFileName, FileMode.Create))
{
// Write the data tothe file, byte by byte.
for (int i = ; i <cerByte.Length; i++)
fileStream.WriteByte(cerByte[i]);
// Set the streamposition to the beginning of the file.
fileStream.Seek(, SeekOrigin.Begin);
// Read and verify thedata.
for (int i = ; i <fileStream.Length; i++)
{
if (cerByte[i] !=fileStream.ReadByte())
{
//LogRecord.putErrorLog("ExportCER error while verify the CERT file!", "ExportToCERFile");
fileStream.Close();
return false;
}
}
fileStream.Close();
}
}
}
store.Close();
store = null;
storecollection = null;
return true;
}
#endregion
#region 从证书中获取信息
/// <summary>
/// 根据私钥证书得到证书实体,得到实体后可以根据其公钥和私钥进行加解密
/// 加解密函数使用DEncrypt的RSACryption类
/// </summary>
/// <paramname="pfxFileName"></param>
/// <paramname="password"></param>
/// <returns></returns>
public static X509Certificate2GetCertificateFromPfxFile(string pfxFileName,
string password)
{
try
{
return new X509Certificate2(pfxFileName,password, X509KeyStorageFlags.Exportable);
}
catch (Exception e)
{
//LogRecord.putErrorLog("getcertificate from pfx" + pfxFileName + " error:" +e.ToString(),
// "GetCertificateFromPfxFile");
return null;
}
}
/// <summary>
/// 到存储区获取证书
/// </summary>
/// <paramname="subjectName"></param>
/// <returns></returns>
public static X509Certificate2GetCertificateFromStore(string subjectName)
{
subjectName = "CN=" +subjectName;
X509Store store = new X509Store(StoreName.My,StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadWrite);
X509Certificate2Collectionstorecollection = (X509Certificate2Collection)store.Certificates;
foreach (X509Certificate2 x509 instorecollection)
{
if (x509.Subject ==subjectName)
{
return x509;
}
}
store.Close();
store = null;
storecollection = null;
return null;
}
/// <summary>
/// 根据公钥证书,返回证书实体
/// </summary>
/// <paramname="cerPath"></param>
public static X509Certificate2GetCertFromCerFile(string cerPath)
{
try
{
return new X509Certificate2(cerPath);
}
catch (Exception e)
{
//LogRecord.putErrorLog(e.ToString(),"DataCertificate.LoadStudentPublicKey");
return null;
}
}
#endregion
#region 加解密
private static byte[] m_Bytes;
/// <summary>
/// 根据明文加密证书密码生成密文
/// </summary>
/// <paramname="mingwen"></param>
/// <paramname="pfxFileName"></param>
/// <paramname="password"></param>
/// <returns></returns>
public static string EncryptString(stringmingwen, string pfxFileName, string password)
{
UnicodeEncoding ByteConverter = newUnicodeEncoding();
byte[] mingwenBytes =ByteConverter.GetBytes(mingwen);
X509Certificate2 X509Certificate2 =GetCertificateFromPfxFile(pfxFileName, password);
RSACryptoServiceProvidermyRSACryptoServiceProvider = (RSACryptoServiceProvider)X509Certificate2.PrivateKey;
RSAParameters parameters =myRSACryptoServiceProvider.ExportParameters(true);
byte[] encryptedData =myRSACryptoServiceProvider.SignData(mingwenBytes, new SHA1CryptoServiceProvider());
return Convert.ToBase64String(encryptedData);
//returnRSAext.EncryptProcess(mingwen, parameters.D, parameters.Modulus);
//byte[] plaintextByte =myRSACryptoServiceProvider.Encrypt(mingwenBytes, false);
//m_Bytes = plaintextByte;
//string str = "";
//for (int i = 0; i <plaintextByte.Length; i++)
//{
// str +=plaintextByte[i].ToString("X2");
//}
//return str;
}
/// <summary>
/// 根据明文密文证书,验证文件是否被修改
/// </summary>
/// <paramname="yuanwen"></param>
/// <paramname="miwen"></param>
/// <paramname="cerPath"></param>
/// <returns></returns>
public static bool DecryptString(stringyuanwen, string miwen, string cerPath)
{
X509Certificate2 X509Certificate2 =GetCertFromCerFile(cerPath);
RSACryptoServiceProvidermyRSACryptoServiceProvider = (RSACryptoServiceProvider)X509Certificate2.PublicKey.Key;
//RSAParameters parameters =myRSACryptoServiceProvider.ExportParameters(true);
UnicodeEncoding ByteConverter = newUnicodeEncoding();
byte[] dataToVerifyBytes =ByteConverter.GetBytes(yuanwen);
byte[] signedDataBytes = Convert.FromBase64String(miwen);
returnmyRSACryptoServiceProvider.VerifyData(dataToVerifyBytes, new SHA1CryptoServiceProvider(),signedDataBytes);
//returnRSAext.DecryptProcess(miwen, parameters.Modulus, parameters.Exponent);
//byte[] plaintextByte =myRSACryptoServiceProvider.Decrypt(mingwenBytes, false);
//returnEncoding.UTF8.GetString(plaintextByte);
}
#endregion
}
2.使用举例
根据指定的证书名和makecert全路径生成证书(包含公钥和私钥,并保存在MY存储区)
stringMakeCert = @"C:\Program Files (x86)\WindowsKits\8.0\bin\x86\makecert.exe";
DataCertificate.CreateCertWithPrivateKey("digihail123",MakeCert);
从WINDOWS证书存储区的个人MY区找到主题为digihail123的证书,并使用密码生成pfx文件和导出cer文件
DataCertificate.ExportToPfxFile("digihail123","d:\\digihail456.pfx","123456",false);
DataCertificate.ExportToCerFile("digihail123","d:\\digihail456.cer");
根据明文 pfx文件 密码生成密文 并把明文 密文一起写入的文件,和cer证书下发给客户端
string miwen=DataCertificate.EncryptString(mingwen,"d:\\digihail456.pfx", "123456");
4.根据从文件读取的 明文 密文 和cer文件验证文件是否被修改
bool isok = DataCertificate.DecryptString(mingwen,miwen,"d:\\digihail456.cer");
最新文章
- PhoneGap/cordvoa如何添加Media插件
- 在MongoDB的MapReduce上踩过的坑
- html5 json的新用法
- register_shutdown_function AND fastcgi_finish_request
- 作业七:团队项目——Alpha版本冲刺阶段-08
- SQL--工作中遇到的
- Apache Commons 工具集
- Mesh Wifi
- Sublime Text 2 快捷键用法大全(转)
- 转:Jeff Atwood倾情推荐——程序员必读之书
- centos7配置mono和jexus5.6.2
- MyEclipse 选中属性或方法后 相同的不变色了?
- C#语言基础01
- 十二、BOOL冒泡
- symfony2 表单
- 表迁移工具的选型-复制ibd的方法
- [bzoj2333] [SCOI2011]棘手的操作 (可并堆)
- Rails Migration Data Model栏位修改及数据类型介绍
- 请求数据loading
- gradle 汉化