标签:
PKI技术(public key infrastructure)里面,cer文件和pfx文件是很常见的。通常cer文件里面保存着公钥以及用户的一些信息,pfx里面则含有私钥和公钥。
用makecert.exe可以创建公钥证书和私钥证书,具体看
http://msdn.microsoft.com/zh-cn/library/bfsktky3(v=vs.110).aspx
http://blog.csdn.net/hacode/article/details/4240238
这里使用程序的方法来创建。参考了http://www.cnblogs.com/luminji/archive/2010/10/28/1863179.html
下面的代码封装了一个类,可以在store里面创建一个认证,并且导出到cer,pfx,然后从store,cer,pfx读取信息
- public sealed class DataCertificate
- {
- #region 生成证书
-
-
-
-
-
-
- public static bool CreateCertWithPrivateKey(string subjectName, string makecertPath)
- {
- subjectName = "CN=" + subjectName;
- string param = " -pe -ss my -n \"" + subjectName + "\" ";
- try
- {
- Process p = Process.Start(makecertPath, param);
- p.WaitForExit();
- p.Close();
- }
- catch (Exception e)
- {
- return false;
- }
- return true;
- }
- #endregion
-
- #region 文件导入导出
-
-
-
-
-
-
-
-
-
-
- public static bool ExportToPfxFile(string subjectName, string pfxFileName,
- string password, bool isDelFromStore)
- {
- subjectName = "CN=" + subjectName;
- X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
- store.Open(OpenFlags.ReadWrite);
- X509Certificate2Collection storecollection = (X509Certificate2Collection)store.Certificates;
- foreach (X509Certificate2 x509 in storecollection)
- {
- if (x509.Subject == subjectName)
- {
- Debug.Print(string.Format("certificate name: {0}", x509.Subject));
-
- byte[] pfxByte = x509.Export(X509ContentType.Pfx, password);
- using (FileStream fileStream = new FileStream(pfxFileName, FileMode.Create))
- {
-
- for (int i = 0; i < pfxByte.Length; i++)
- fileStream.WriteByte(pfxByte[i]);
-
- fileStream.Seek(0, SeekOrigin.Begin);
-
- for (int i = 0; i < fileStream.Length; i++)
- {
- if (pfxByte[i] != fileStream.ReadByte())
- {
- fileStream.Close();
- return false;
- }
- }
- fileStream.Close();
- }
- if( isDelFromStore == true)
- store.Remove(x509);
- }
- }
- store.Close();
- store = null;
- storecollection = null;
- return true;
- }
-
-
-
-
-
-
-
- public static bool ExportToCerFile(string subjectName, string cerFileName)
- {
- subjectName = "CN=" + subjectName;
- X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
- store.Open(OpenFlags.ReadWrite);
- X509Certificate2Collection storecollection = (X509Certificate2Collection)store.Certificates;
- foreach (X509Certificate2 x509 in storecollection)
- {
- if (x509.Subject == subjectName)
- {
- Debug.Print(string.Format("certificate name: {0}", x509.Subject));
-
- byte[] cerByte = x509.Export(X509ContentType.Cert);
- using (FileStream fileStream = new FileStream(cerFileName, FileMode.Create))
- {
-
- for (int i = 0; i < cerByte.Length; i++)
- fileStream.WriteByte(cerByte[i]);
-
- fileStream.Seek(0, SeekOrigin.Begin);
-
- for (int i = 0; i < fileStream.Length; i++)
- {
- if (cerByte[i] != fileStream.ReadByte())
- {
- fileStream.Close();
- return false;
- }
- }
- fileStream.Close();
- }
- }
- }
- store.Close();
- store = null;
- storecollection = null;
- return true;
- }
- #endregion
-
- #region 从证书中获取信息
-
-
-
-
-
-
-
- public static X509Certificate2 GetCertificateFromPfxFile(string pfxFileName,
- string password)
- {
- try
- {
- return new X509Certificate2(pfxFileName, password, X509KeyStorageFlags.Exportable);
- }
- catch (Exception e)
- {
- return null;
- }
- }
-
-
-
-
-
- public static X509Certificate2 GetCertificateFromStore(string subjectName)
- {
- subjectName = "CN=" + subjectName;
- X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
- store.Open(OpenFlags.ReadWrite);
- X509Certificate2Collection storecollection = (X509Certificate2Collection)store.Certificates;
- foreach (X509Certificate2 x509 in storecollection)
- {
- if (x509.Subject == subjectName)
- {
- return x509;
- }
- }
- store.Close();
- store = null;
- storecollection = null;
- return null;
- }
-
-
-
-
- public static X509Certificate2 GetCertFromCerFile(string cerPath)
- {
- try
- {
- return new X509Certificate2(cerPath);
- }
- catch (Exception e)
- {
- return null;
- }
- }
- #endregion
- }
两个RSA加解密辅助函数:
- static string RSADecrypt(string xmlPrivateKey, string m_strDecryptString)
- {
- RSACryptoServiceProvider provider = new RSACryptoServiceProvider();
- provider.FromXmlString(xmlPrivateKey);
- byte[] rgb = Convert.FromBase64String(m_strDecryptString);
- byte[] bytes = provider.Decrypt(rgb, false);
- return new UnicodeEncoding().GetString(bytes);
- }
- static string RSAEncrypt(string xmlPublicKey, string m_strEncryptString)
- {
- RSACryptoServiceProvider provider = new RSACryptoServiceProvider();
- provider.FromXmlString(xmlPublicKey);
- byte[] bytes = new UnicodeEncoding().GetBytes(m_strEncryptString);
- return Convert.ToBase64String(provider.Encrypt(bytes, false));
- }
使用例子,下面的代码做了几个事情
1. 在个人store里面创建了一个认证, 从认证里面读取信息得到一个X509Certificate2的对象,这个对象内部包含公钥和私钥,然后做了次rsa加解密测试。
2. 从store里面导出一个cer文件,因为cer文件并没有私钥,只有公钥。测试代码就是用公钥加密然后用前面得到的私钥解密。
3. 导出一个pfx文件,pfx包括公钥和私钥,可以自己加解密。
这是个很简单的例子,但是对于理解cer文件和pfx文件已经公钥私钥应该有帮助。
- DataCertificate.CreateCertWithPrivateKey("foo", "C:\\Program Files (x86)\\Windows Kits\\8.1\\bin\\x64\\makecert.exe");
-
- X509Certificate2 c1 = DataCertificate.GetCertificateFromStore("foo");
-
- string keyPublic = c1.PublicKey.Key.ToXmlString(false);
- string keyPrivate = c1.PrivateKey.ToXmlString(true);
-
- string cypher = RSAEncrypt(keyPublic, "程序员");
- string plain = RSADecrypt(keyPrivate, cypher);
-
- Debug.Assert(plain == "程序员");
-
- DataCertificate.ExportToCerFile("foo", "d:\\mycert\\foo.cer");
-
- X509Certificate2 c2 = DataCertificate.GetCertFromCerFile("d:\\mycert\\foo.cer");
-
- string keyPublic2 = c2.PublicKey.Key.ToXmlString(false);
-
- bool b = keyPublic2 == keyPublic;
- string cypher2 = RSAEncrypt(keyPublic2, "程序员2");
- string plain2 = RSADecrypt(keyPrivate, cypher2);
-
- Debug.Assert(plain2 == "程序员2");
-
- DataCertificate.ExportToPfxFile("foo", "d:\\mycert\\foo.pfx", "111", true);
-
- X509Certificate2 c3 = DataCertificate.GetCertificateFromPfxFile("d:\\mycert\\foo.pfx", "111");
-
- string keyPublic3 = c3.PublicKey.Key.ToXmlString(false);
- string keyPrivate3 = c3.PrivateKey.ToXmlString(true);
-
- string cypher3 = RSAEncrypt(keyPublic3, "程序员3");
- string plain3 = RSADecrypt(keyPrivate3, cypher3);
-
- Debug.Assert(plain3 == "程序员3");
附:完整代码
- using System;
- using System.Collections.Generic;
- using System.Diagnostics;
- using System.IO;
- using System.Linq;
- using System.Security.Cryptography;
- using System.Security.Cryptography.X509Certificates;
- using System.Text;
-
-
- namespace ConsoleApplication1
- {
- public sealed class DataCertificate
- {
- #region 生成证书
-
-
-
-
-
-
- public static bool CreateCertWithPrivateKey(string subjectName, string makecertPath)
- {
- subjectName = "CN=" + subjectName;
- string param = " -pe -ss my -n \"" + subjectName + "\" ";
- try
- {
- Process p = Process.Start(makecertPath, param);
- p.WaitForExit();
- p.Close();
- }
- catch (Exception e)
- {
- return false;
- }
- return true;
- }
- #endregion
-
- #region 文件导入导出
-
-
-
-
-
-
-
-
-
-
- public static bool ExportToPfxFile(string subjectName, string pfxFileName,
- string password, bool isDelFromStore)
- {
- subjectName = "CN=" + subjectName;
- X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
- store.Open(OpenFlags.ReadWrite);
- X509Certificate2Collection storecollection = (X509Certificate2Collection)store.Certificates;
- foreach (X509Certificate2 x509 in storecollection)
- {
- if (x509.Subject == subjectName)
- {
- Debug.Print(string.Format("certificate name: {0}", x509.Subject));
-
- byte[] pfxByte = x509.Export(X509ContentType.Pfx, password);
- using (FileStream fileStream = new FileStream(pfxFileName, FileMode.Create))
- {
-
- for (int i = 0; i < pfxByte.Length; i++)
- fileStream.WriteByte(pfxByte[i]);
-
- fileStream.Seek(0, SeekOrigin.Begin);
-
- for (int i = 0; i < fileStream.Length; i++)
- {
- if (pfxByte[i] != fileStream.ReadByte())
- {
- fileStream.Close();
- return false;
- }
- }
- fileStream.Close();
- }
- if( isDelFromStore == true)
- store.Remove(x509);
- }
- }
- store.Close();
- store = null;
- storecollection = null;
- return true;
- }
-
-
-
-
-
-
-
- public static bool ExportToCerFile(string subjectName, string cerFileName)
- {
- subjectName = "CN=" + subjectName;
- X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
- store.Open(OpenFlags.ReadWrite);
- X509Certificate2Collection storecollection = (X509Certificate2Collection)store.Certificates;
- foreach (X509Certificate2 x509 in storecollection)
- {
- if (x509.Subject == subjectName)
- {
- Debug.Print(string.Format("certificate name: {0}", x509.Subject));
-
- byte[] cerByte = x509.Export(X509ContentType.Cert);
- using (FileStream fileStream = new FileStream(cerFileName, FileMode.Create))
- {
-
- for (int i = 0; i < cerByte.Length; i++)
- fileStream.WriteByte(cerByte[i]);
-
- fileStream.Seek(0, SeekOrigin.Begin);
-
- for (int i = 0; i < fileStream.Length; i++)
- {
- if (cerByte[i] != fileStream.ReadByte())
- {
- fileStream.Close();
- return false;
- }
- }
- fileStream.Close();
- }
- }
- }
- store.Close();
- store = null;
- storecollection = null;
- return true;
- }
- #endregion
-
- #region 从证书中获取信息
-
-
-
-
-
-
-
- public static X509Certificate2 GetCertificateFromPfxFile(string pfxFileName,
- string password)
- {
- try
- {
- return new X509Certificate2(pfxFileName, password, X509KeyStorageFlags.Exportable);
- }
- catch (Exception e)
- {
- return null;
- }
- }
-
-
-
-
-
- public static X509Certificate2 GetCertificateFromStore(string subjectName)
- {
- subjectName = "CN=" + subjectName;
- X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
- store.Open(OpenFlags.ReadWrite);
- X509Certificate2Collection storecollection = (X509Certificate2Collection)store.Certificates;
- foreach (X509Certificate2 x509 in storecollection)
- {
- if (x509.Subject == subjectName)
- {
- return x509;
- }
- }
- store.Close();
- store = null;
- storecollection = null;
- return null;
- }
-
-
-
-
- public static X509Certificate2 GetCertFromCerFile(string cerPath)
- {
- try
- {
- return new X509Certificate2(cerPath);
- }
- catch (Exception e)
- {
- return null;
- }
- }
- #endregion
- }
-
- class Program
- {
- static string RSADecrypt(string xmlPrivateKey, string m_strDecryptString)
- {
- RSACryptoServiceProvider provider = new RSACryptoServiceProvider();
- provider.FromXmlString(xmlPrivateKey);
- byte[] rgb = Convert.FromBase64String(m_strDecryptString);
- byte[] bytes = provider.Decrypt(rgb, false);
- return new UnicodeEncoding().GetString(bytes);
- }
-
-
-
-
-
-
- static string RSAEncrypt(string xmlPublicKey, string m_strEncryptString)
- {
- RSACryptoServiceProvider provider = new RSACryptoServiceProvider();
- provider.FromXmlString(xmlPublicKey);
- byte[] bytes = new UnicodeEncoding().GetBytes(m_strEncryptString);
- return Convert.ToBase64String(provider.Encrypt(bytes, false));
- }
-
- static void Main(string[] args)
- {
-
- DataCertificate.CreateCertWithPrivateKey("foo", "C:\\Program Files (x86)\\Windows Kits\\8.1\\bin\\x64\\makecert.exe");
-
-
- X509Certificate2 c1 = DataCertificate.GetCertificateFromStore("foo");
-
- string keyPublic = c1.PublicKey.Key.ToXmlString(false);
- string keyPrivate = c1.PrivateKey.ToXmlString(true);
-
- string cypher = RSAEncrypt(keyPublic, "程序员");
- string plain = RSADecrypt(keyPrivate, cypher);
-
- Debug.Assert(plain == "程序员");
-
-
- DataCertificate.ExportToCerFile("foo", "d:\\mycert\\foo.cer");
-
- X509Certificate2 c2 = DataCertificate.GetCertFromCerFile("d:\\mycert\\foo.cer");
-
- string keyPublic2 = c2.PublicKey.Key.ToXmlString(false);
-
- bool b = keyPublic2 == keyPublic;
- string cypher2 = RSAEncrypt(keyPublic2, "程序员2");
- string plain2 = RSADecrypt(keyPrivate, cypher2);
-
- Debug.Assert(plain2 == "程序员2");
-
-
- DataCertificate.ExportToPfxFile("foo", "d:\\mycert\\foo.pfx", "111", true);
-
- X509Certificate2 c3 = DataCertificate.GetCertificateFromPfxFile("d:\\mycert\\foo.pfx", "111");
-
- string keyPublic3 = c3.PublicKey.Key.ToXmlString(false);
- string keyPrivate3 = c3.PrivateKey.ToXmlString(true);
-
- string cypher3 = RSAEncrypt(keyPublic3, "程序员3");
- string plain3 = RSADecrypt(keyPrivate3, cypher3);
-
- Debug.Assert(plain3 == "程序员3");
- }
- }
- }
cer, pfx 创建,并且读取公钥/密钥,加解密 (C#程序实现)
标签:
原文地址:http://www.cnblogs.com/aiqingqing/p/4503049.html
