类X509Certificate2
X509Certificate2类的初始化。
参考:https://docs.microsoft.com/zh-cn/dotnet/api/system.security.cryptography.x509certificates.x509certificate2?redirectedfrom=MSDN&view=netframework-4.8
标题:X509Certificate2 类
下面的示例演示如何使用X509Certificate2对象对文件进行加密和解密。
using System;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using System.IO;
using System.Text; // To run this sample use the Certificate Creation Tool (Makecert.exe) to generate a test X.509 certificate and
// place it in the local user store.
// To generate an exchange key and make the key exportable run the following command from a Visual Studio command prompt: //makecert -r -pe -n "CN=CERT_SIGN_TEST_CERT" -b 01/01/2010 -e 01/01/2012 -sky exchange -ss my
namespace X509CertEncrypt
{
class Program
{ // Path variables for source, encryption, and
// decryption folders. Must end with a backslash.
private static string encrFolder = @"C:\Encrypt\";
private static string decrFolder = @"C:\Decrypt\";
private static string originalFile = "TestData.txt";
private static string encryptedFile = "TestData.enc"; static void Main(string[] args)
{ // Create an input file with test data.
StreamWriter sw = File.CreateText(originalFile);
sw.WriteLine("Test data to be encrypted");
sw.Close(); // Get the certifcate to use to encrypt the key.
X509Certificate2 cert = GetCertificateFromStore("CN=CERT_SIGN_TEST_CERT");
if (cert == null)
{
Console.WriteLine("Certificate 'CN=CERT_SIGN_TEST_CERT' not found.");
Console.ReadLine();
} // Encrypt the file using the public key from the certificate.
EncryptFile(originalFile, (RSACryptoServiceProvider)cert.PublicKey.Key); // Decrypt the file using the private key from the certificate.
DecryptFile(encryptedFile, (RSACryptoServiceProvider)cert.PrivateKey); //Display the original data and the decrypted data.
Console.WriteLine("Original: {0}", File.ReadAllText(originalFile));
Console.WriteLine("Round Trip: {0}", File.ReadAllText(decrFolder + originalFile));
Console.WriteLine("Press the Enter key to exit.");
Console.ReadLine();
}
private static X509Certificate2 GetCertificateFromStore(string certName)
{ // Get the certificate store for the current user.
X509Store store = new X509Store(StoreLocation.CurrentUser);
try
{
store.Open(OpenFlags.ReadOnly); // Place all certificates in an X509Certificate2Collection object.
X509Certificate2Collection certCollection = store.Certificates;
// If using a certificate with a trusted root you do not need to FindByTimeValid, instead:
// currentCerts.Find(X509FindType.FindBySubjectDistinguishedName, certName, true);
X509Certificate2Collection currentCerts = certCollection.Find(X509FindType.FindByTimeValid, DateTime.Now, false);
X509Certificate2Collection signingCert = currentCerts.Find(X509FindType.FindBySubjectDistinguishedName, certName, false);
if (signingCert.Count == )
return null;
// Return the first certificate in the collection, has the right name and is current.
return signingCert[];
}
finally
{
store.Close();
} } // Encrypt a file using a public key.
private static void EncryptFile(string inFile, RSACryptoServiceProvider rsaPublicKey)
{
using (AesManaged aesManaged = new AesManaged())
{
// Create instance of AesManaged for
// symetric encryption of the data.
aesManaged.KeySize = ;
aesManaged.BlockSize = ;
aesManaged.Mode = CipherMode.CBC;
using (ICryptoTransform transform = aesManaged.CreateEncryptor())
{
RSAPKCS1KeyExchangeFormatter keyFormatter = new RSAPKCS1KeyExchangeFormatter(rsaPublicKey);
byte[] keyEncrypted = keyFormatter.CreateKeyExchange(aesManaged.Key, aesManaged.GetType()); // Create byte arrays to contain
// the length values of the key and IV.
byte[] LenK = new byte[];
byte[] LenIV = new byte[]; int lKey = keyEncrypted.Length;
LenK = BitConverter.GetBytes(lKey);
int lIV = aesManaged.IV.Length;
LenIV = BitConverter.GetBytes(lIV); // Write the following to the FileStream
// for the encrypted file (outFs):
// - length of the key
// - length of the IV
// - ecrypted key
// - the IV
// - the encrypted cipher content int startFileName = inFile.LastIndexOf("\\") + ;
// Change the file's extension to ".enc"
string outFile = encrFolder + inFile.Substring(startFileName, inFile.LastIndexOf(".") - startFileName) + ".enc";
Directory.CreateDirectory(encrFolder); using (FileStream outFs = new FileStream(outFile, FileMode.Create))
{ outFs.Write(LenK, , );
outFs.Write(LenIV, , );
outFs.Write(keyEncrypted, , lKey);
outFs.Write(aesManaged.IV, , lIV); // Now write the cipher text using
// a CryptoStream for encrypting.
using (CryptoStream outStreamEncrypted = new CryptoStream(outFs, transform, CryptoStreamMode.Write))
{ // By encrypting a chunk at
// a time, you can save memory
// and accommodate large files.
int count = ;
int offset = ; // blockSizeBytes can be any arbitrary size.
int blockSizeBytes = aesManaged.BlockSize / ;
byte[] data = new byte[blockSizeBytes];
int bytesRead = ; using (FileStream inFs = new FileStream(inFile, FileMode.Open))
{
do
{
count = inFs.Read(data, offset, blockSizeBytes);
offset += count;
outStreamEncrypted.Write(data, , count);
bytesRead += count;
}
while (count > );
inFs.Close();
}
outStreamEncrypted.FlushFinalBlock();
outStreamEncrypted.Close();
}
outFs.Close();
}
}
}
} // Decrypt a file using a private key.
private static void DecryptFile(string inFile, RSACryptoServiceProvider rsaPrivateKey)
{ // Create instance of AesManaged for
// symetric decryption of the data.
using (AesManaged aesManaged = new AesManaged())
{
aesManaged.KeySize = ;
aesManaged.BlockSize = ;
aesManaged.Mode = CipherMode.CBC; // Create byte arrays to get the length of
// the encrypted key and IV.
// These values were stored as 4 bytes each
// at the beginning of the encrypted package.
byte[] LenK = new byte[];
byte[] LenIV = new byte[]; // Consruct the file name for the decrypted file.
string outFile = decrFolder + inFile.Substring(, inFile.LastIndexOf(".")) + ".txt"; // Use FileStream objects to read the encrypted
// file (inFs) and save the decrypted file (outFs).
using (FileStream inFs = new FileStream(encrFolder + inFile, FileMode.Open))
{ inFs.Seek(, SeekOrigin.Begin);
inFs.Seek(, SeekOrigin.Begin);
inFs.Read(LenK, , );
inFs.Seek(, SeekOrigin.Begin);
inFs.Read(LenIV, , ); // Convert the lengths to integer values.
int lenK = BitConverter.ToInt32(LenK, );
int lenIV = BitConverter.ToInt32(LenIV, ); // Determine the start postition of
// the ciphter text (startC)
// and its length(lenC).
int startC = lenK + lenIV + ;
int lenC = (int)inFs.Length - startC; // Create the byte arrays for
// the encrypted AesManaged key,
// the IV, and the cipher text.
byte[] KeyEncrypted = new byte[lenK];
byte[] IV = new byte[lenIV]; // Extract the key and IV
// starting from index 8
// after the length values.
inFs.Seek(, SeekOrigin.Begin);
inFs.Read(KeyEncrypted, , lenK);
inFs.Seek( + lenK, SeekOrigin.Begin);
inFs.Read(IV, , lenIV);
Directory.CreateDirectory(decrFolder);
// Use RSACryptoServiceProvider
// to decrypt the AesManaged key.
byte[] KeyDecrypted = rsaPrivateKey.Decrypt(KeyEncrypted, false); // Decrypt the key.
using (ICryptoTransform transform = aesManaged.CreateDecryptor(KeyDecrypted, IV))
{ // Decrypt the cipher text from
// from the FileSteam of the encrypted
// file (inFs) into the FileStream
// for the decrypted file (outFs).
using (FileStream outFs = new FileStream(outFile, FileMode.Create))
{ int count = ;
int offset = ; int blockSizeBytes = aesManaged.BlockSize / ;
byte[] data = new byte[blockSizeBytes]; // By decrypting a chunk a time,
// you can save memory and
// accommodate large files. // Start at the beginning
// of the cipher text.
inFs.Seek(startC, SeekOrigin.Begin);
using (CryptoStream outStreamDecrypted = new CryptoStream(outFs, transform, CryptoStreamMode.Write))
{
do
{
count = inFs.Read(data, offset, blockSizeBytes);
offset += count;
outStreamDecrypted.Write(data, , count);
}
while (count > ); outStreamDecrypted.FlushFinalBlock();
outStreamDecrypted.Close();
}
outFs.Close();
}
inFs.Close();
} } }
} }
}
下面的示例创建一个命令行可执行文件, 该命令行可执行文件将证书文件作为参数, 并将各种证书属性打印到控制台。
using System;
using System.Security.Cryptography;
using System.Security.Permissions;
using System.IO;
using System.Security.Cryptography.X509Certificates; class CertInfo
{
//Reads a file.
internal static byte[] ReadFile (string fileName)
{
FileStream f = new FileStream(fileName, FileMode.Open, FileAccess.Read);
int size = (int)f.Length;
byte[] data = new byte[size];
size = f.Read(data, , size);
f.Close();
return data;
}
//Main method begins here.
static void Main(string[] args)
{
//Test for correct number of arguments.
if (args.Length < )
{
Console.WriteLine("Usage: CertInfo <filename>");
return;
}
try
{
X509Certificate2 x509 = new X509Certificate2();
//Create X509Certificate2 object from .cer file.
byte[] rawData = ReadFile(args[]);
x509.Import(rawData); //Print to console information contained in the certificate.
Console.WriteLine("{0}Subject: {1}{0}", Environment.NewLine, x509.Subject);
Console.WriteLine("{0}Issuer: {1}{0}", Environment.NewLine, x509.Issuer);
Console.WriteLine("{0}Version: {1}{0}", Environment.NewLine, x509.Version);
Console.WriteLine("{0}Valid Date: {1}{0}", Environment.NewLine, x509.NotBefore);
Console.WriteLine("{0}Expiry Date: {1}{0}", Environment.NewLine, x509.NotAfter);
Console.WriteLine("{0}Thumbprint: {1}{0}", Environment.NewLine, x509.Thumbprint);
Console.WriteLine("{0}Serial Number: {1}{0}", Environment.NewLine, x509.SerialNumber);
Console.WriteLine("{0}Friendly Name: {1}{0}", Environment.NewLine, x509.PublicKey.Oid.FriendlyName);
Console.WriteLine("{0}Public Key Format: {1}{0}", Environment.NewLine, x509.PublicKey.EncodedKeyValue.Format(true));
Console.WriteLine("{0}Raw Data Length: {1}{0}", Environment.NewLine, x509.RawData.Length);
Console.WriteLine("{0}Certificate to string: {1}{0}", Environment.NewLine, x509.ToString(true));
Console.WriteLine("{0}Certificate to XML String: {1}{0}", Environment.NewLine, x509.PublicKey.Key.ToXmlString(false)); //Add the certificate to a X509Store.
X509Store store = new X509Store();
store.Open(OpenFlags.MaxAllowed);
store.Add(x509);
store.Close();
}
catch (DirectoryNotFoundException)
{
Console.WriteLine("Error: The directory specified could not be found.");
}
catch (IOException)
{
Console.WriteLine("Error: A file in the directory could not be accessed.");
}
catch (NullReferenceException)
{
Console.WriteLine("File must be a .cer file. Program does not have access to that type of file.");
}
}
}
X.509 结构源自国际标准化组织 (ISO) 工作组。The X.509 structure originated in the International Organization for Standardization (ISO) working groups. 此结构可用于表示各种类型的信息, 包括标识、权利和持有者属性 (权限、年龄、性别、位置、从属关系, 等等)。This structure can be used to represent various types of information including identity, entitlement, and holder attributes (permissions, age, sex, location, affiliation, and so forth). 尽管 ISO 规范在结构本身上是最丰富的信息, X509Certificate2但类设计用于根据 Internet 工程任务组 (IETF) 公钥基础结构 x.509 (PKIX) 工作组。Although the ISO specifications are most informative on the structure itself, the X509Certificate2 class is designed to model the usage scenarios defined in specifications issued by the Internet Engineering Task Force (IETF) Public Key Infrastructure, X.509 (PKIX) working group. 这些规范的最重要信息是 RFC 3280 "证书和证书吊销列表 (CRL) 配置文件"。
重要
从开始IDisposable , 此类型实现接口。 .NET Framework 4.6.NET Framework 4.6Starting with the .NET Framework 4.6.NET Framework 4.6, this type implements the IDisposable interface. 在使用完类型后,您应直接或间接释放类型。When you have finished using the type, you should dispose of it either directly or indirectly. 若要直接Dispose释放类型, 请try / catch在块中调用其方法。To dispose of the type directly, call its Dispose method in a try/catch block. 若要间接释放类型,请使用 using(在 C# 中)或 Using(在 Visual Basic 中)等语言构造。To dispose of it indirectly, use a language construct such as using (in C#) or Using (in Visual Basic). 有关详细信息, 请参阅IDisposable接口主题中的 "使用实现 IDisposable 的对象" 一节。For more information, see the "Using an Object that Implements IDisposable" section in the IDisposable interface topic.
对于面向.NET Framework 4.5.2.NET Framework 4.5.2和更早版本的应用X509Certificate2 , IDisposable类不实现接口, 因此不具有Dispose方法。
类X509Certificate2的更多相关文章
- 出现了内部错误-网站中X509Certificate2加载证书时出错
今天给网站配置了加密证书文件,用类X509Certificate2加载证书文件时,一直报出现了内部错误,但是Demo中用控制台程序加载证书没任何问题 读取证书文件的语句: X509Certificat ...
- 微信支付,退款时,出现了内部错误-网站中X509Certificate2加载证书时出错
今天给阿里云,虚拟主机 网站配置了加密证书文件,用类X509Certificate2加载证书文件时,一直报出现了内部错误,但是Demo中用控制台程序加载证书没任何问题 读取证书文件的语句: X509C ...
- Java类的继承与多态特性-入门笔记
相信对于继承和多态的概念性我就不在怎么解释啦!不管你是.Net还是Java面向对象编程都是比不缺少一堂课~~Net如此Java亦也有同样的思想成分包含其中. 继承,多态,封装是Java面向对象的3大特 ...
- BouncyCastle产生一个PKCS#12规范的PFX/p12证书
RT,在C#中实现,依赖.netFramework2.0 BouncyCastle中提供了PKCS12Store,Pkcs12StoreBuilder,AsymmetricKeyEntry,X509C ...
- 使用X509Certificate2类操作证书文件
public class CertHelper { string pfxPath = @"E:\开发辅助项目\cert\taisuyuanqing.pfx"; string cer ...
- HttpWebRequest后台读取网页类
using System;using System.Linq;using System.Collections.Generic;using System.Web;using System.Config ...
- 关于 X509Certificate2 程序发布IIS后找不到文件路径的问题
有很多支付类.物联网等平台调用接口时需要用到证书: 通过X509Certificate2 类加载证书在程序发布之后发现无法找到证书路径,但是通过文件查找方法又可以检测到该文件. X509Certifi ...
- C# 最牛逼的Utility工具类
完整代码: using System; using System.Collections.Specialized; using System.IO; using System.Net; using S ...
- 一桩由X509Certificate2引发的血案
A process serving application pool '. The data field contains the error number. 在某次网站更新后,发现wcf服务不可用了 ...
随机推荐
- 快速读取TXT几百万行数据, 然后插入到数据,SqlBulkCopy功能的确是有效率
public static void Main(string[] args) { string strPath = "F:\\Download\\600.txt"; int lin ...
- Android 问题解决 HorizontalScrollView显示不全(转)
原链接:https://www.jianshu.com/p/003adbcaff9d Android 问题解决 HorizontalScrollView显示不全 <HorizontalScrol ...
- mysql笔记7--一句查询语句的过程
1 sql语句示例 select *from A where id=1 2 mysql基本架构图 (1)Mysql分为Server层和引擎层两个部分 (2)Server层包括连接器,查询缓存,分析器, ...
- LVDS接口液晶屏点屏流程
使用MStar的TSUM系列的芯片,主要是用来驱动LVDS的屏.在硬件设置无误的情况下(屏开关口.屏电压.PWM等),按照屏规格书上的参数配置屏参,就可以完成点屏了.大概分为几个步骤,确定屏供电电压, ...
- 手撕面试官系列(十):面试必备之常问Dubbo29题+MySQL55题
Dubbo专题 (面试题+答案领取方式见侧边栏) 1.Dubbo 支持哪些协议,每种协议的应用场景,优缺点?2.Dubbo 超时时间怎样设置?3.Dubbo 有些哪些注册中心?4.Dubbo 集群的负 ...
- SQLite接口函数 - C核心api实践与总结
SQLite核心源代码由C语言写就,同时提供了很多的扩展包可应用于其他编程语言和类库,如Python.Ruby.Java.Perl..Net/C#.Qt和ODBC.在很多情况下,针对一种语言有很多扩展 ...
- SSM整合学习 三
三:整合Mybatis 完整的项目如下 一:下载所需的jar包 <!--日志--><dependency> <groupId>log4j</groupId&g ...
- python_并发与通信
独立的进程内存空间与共享的服务器进程空间 知识点一: 进程间通信的限制 进程是独立的,互不干扰的独立内存空间我们想不能修改变量但是,深层次问题是,这个进程与那个进程完全失去了联系 import mul ...
- Django中ORM过滤时objects.filter()无法对月份过滤
django中的filter日期查询属性有:year.month.day.week_day.hour.minute.second 在做复习博客项目时,我把项目从linux移到了windows,然后博客 ...
- Huber Loss 介绍
Huber Loss 是一个用于回归问题的带参损失函数, 优点是能增强平方误差损失函数(MSE, mean square error)对离群点的鲁棒性. 当预测偏差小于 δ 时,它采用平方误差,当预测 ...