Windows证书的生成导出以及使用证书验证文件是否被修改
本文介绍了如何使用Windows自带的证书生成器生成,导出,使用证书。并以验证文件是否被修改举例
1.证书相关辅助类
public sealed class DataCertificate
{
#region 生成证书
/// <summary>
/// 根据指定的证书名和makecert全路径生成证书(包含公钥和私钥,并保存在MY存储区)
/// </summary>
/// <paramname="subjectName"></param>
/// <paramname="makecertPath"></param>
/// <returns></returns>
public static boolCreateCertWithPrivateKey(string subjectName, string makecertPath)
{
subjectName = "CN=" +subjectName;
string param = "-r -pe -n" + subjectName + " -b 01/01/2005 -sky exchange -ss my";
try
{
Process p = Process.Start(makecertPath,param);
p.WaitForExit();
p.Close();
}
catch (Exception e)
{
//LogRecord.putErrorLog(e.ToString(),"DataCerficate.CreateCertWithPrivateKey");
return false;
}
return true;
}
#endregion
#region 文件导入导出
/// <summary>
/// 从WINDOWS证书存储区的个人MY区找到主题为subjectName的证书,
/// 并导出为pfx文件,同时为其指定一个密码
/// 并将证书从个人区删除(如果isDelFromstor为true)
/// </summary>
/// <paramname="subjectName">证书主题,不包含CN=</param>
/// <paramname="pfxFileName">pfx文件名</param>
/// <paramname="password">pfx文件密码</param>
/// <paramname="isDelFromStore">是否从存储区删除</param>
/// <returns></returns>
public static bool ExportToPfxFile(stringsubjectName, string pfxFileName,
string password, boolisDelFromStore)
{
subjectName = "CN=" +subjectName;
X509Store store = new X509Store(StoreName.My,StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadWrite);
X509Certificate2Collectionstorecollection = (X509Certificate2Collection)store.Certificates;
foreach (X509Certificate2 x509 instorecollection)
{
if (x509.Subject ==subjectName)
{
Debug.Print(string.Format("certificatename: {0}", x509.Subject));
byte[] pfxByte =x509.Export(X509ContentType.Pfx, password);
using (FileStreamfileStream = new FileStream(pfxFileName, FileMode.Create))
{
// Write the data tothe file, byte by byte.
for (int i = ; i <pfxByte.Length; i++)
fileStream.WriteByte(pfxByte[i]);
// Set the streamposition to the beginning of the file.
fileStream.Seek(, SeekOrigin.Begin);
// Read and verify thedata.
for (int i = ; i <fileStream.Length; i++)
{
if (pfxByte[i] !=fileStream.ReadByte())
{
//LogRecord.putErrorLog("Exportpfx error while verify the pfx file!", "ExportToPfxFile");
fileStream.Close();
return false;
}
}
fileStream.Close();
}
if (isDelFromStore == true)
store.Remove(x509);
}
}
store.Close();
store = null;
storecollection = null;
return true;
}
/// <summary>
/// 从WINDOWS证书存储区的个人MY区找到主题为subjectName的证书,
/// 并导出为CER文件(即,只含公钥的)
/// </summary>
/// <paramname="subjectName"></param>
/// <paramname="cerFileName"></param>
/// <returns></returns>
public static bool ExportToCerFile(stringsubjectName, string cerFileName)
{
subjectName = "CN=" +subjectName;
X509Store store = new X509Store(StoreName.My,StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadWrite);
X509Certificate2Collectionstorecollection = (X509Certificate2Collection)store.Certificates;
foreach (X509Certificate2 x509 instorecollection)
{
if (x509.Subject ==subjectName)
{
Debug.Print(string.Format("certificatename: {0}", x509.Subject));
//byte[] pfxByte =x509.Export(X509ContentType.Pfx, password);
byte[] cerByte =x509.Export(X509ContentType.Cert);
using (FileStreamfileStream = new FileStream(cerFileName, FileMode.Create))
{
// Write the data tothe file, byte by byte.
for (int i = ; i <cerByte.Length; i++)
fileStream.WriteByte(cerByte[i]);
// Set the streamposition to the beginning of the file.
fileStream.Seek(, SeekOrigin.Begin);
// Read and verify thedata.
for (int i = ; i <fileStream.Length; i++)
{
if (cerByte[i] !=fileStream.ReadByte())
{
//LogRecord.putErrorLog("ExportCER error while verify the CERT file!", "ExportToCERFile");
fileStream.Close();
return false;
}
}
fileStream.Close();
}
}
}
store.Close();
store = null;
storecollection = null;
return true;
}
#endregion
#region 从证书中获取信息
/// <summary>
/// 根据私钥证书得到证书实体,得到实体后可以根据其公钥和私钥进行加解密
/// 加解密函数使用DEncrypt的RSACryption类
/// </summary>
/// <paramname="pfxFileName"></param>
/// <paramname="password"></param>
/// <returns></returns>
public static X509Certificate2GetCertificateFromPfxFile(string pfxFileName,
string password)
{
try
{
return new X509Certificate2(pfxFileName,password, X509KeyStorageFlags.Exportable);
}
catch (Exception e)
{
//LogRecord.putErrorLog("getcertificate from pfx" + pfxFileName + " error:" +e.ToString(),
// "GetCertificateFromPfxFile");
return null;
}
}
/// <summary>
/// 到存储区获取证书
/// </summary>
/// <paramname="subjectName"></param>
/// <returns></returns>
public static X509Certificate2GetCertificateFromStore(string subjectName)
{
subjectName = "CN=" +subjectName;
X509Store store = new X509Store(StoreName.My,StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadWrite);
X509Certificate2Collectionstorecollection = (X509Certificate2Collection)store.Certificates;
foreach (X509Certificate2 x509 instorecollection)
{
if (x509.Subject ==subjectName)
{
return x509;
}
}
store.Close();
store = null;
storecollection = null;
return null;
}
/// <summary>
/// 根据公钥证书,返回证书实体
/// </summary>
/// <paramname="cerPath"></param>
public static X509Certificate2GetCertFromCerFile(string cerPath)
{
try
{
return new X509Certificate2(cerPath);
}
catch (Exception e)
{
//LogRecord.putErrorLog(e.ToString(),"DataCertificate.LoadStudentPublicKey");
return null;
}
}
#endregion
#region 加解密
private static byte[] m_Bytes;
/// <summary>
/// 根据明文加密证书密码生成密文
/// </summary>
/// <paramname="mingwen"></param>
/// <paramname="pfxFileName"></param>
/// <paramname="password"></param>
/// <returns></returns>
public static string EncryptString(stringmingwen, string pfxFileName, string password)
{
UnicodeEncoding ByteConverter = newUnicodeEncoding();
byte[] mingwenBytes =ByteConverter.GetBytes(mingwen);
X509Certificate2 X509Certificate2 =GetCertificateFromPfxFile(pfxFileName, password);
RSACryptoServiceProvidermyRSACryptoServiceProvider = (RSACryptoServiceProvider)X509Certificate2.PrivateKey;
RSAParameters parameters =myRSACryptoServiceProvider.ExportParameters(true);
byte[] encryptedData =myRSACryptoServiceProvider.SignData(mingwenBytes, new SHA1CryptoServiceProvider());
return Convert.ToBase64String(encryptedData);
//returnRSAext.EncryptProcess(mingwen, parameters.D, parameters.Modulus);
//byte[] plaintextByte =myRSACryptoServiceProvider.Encrypt(mingwenBytes, false);
//m_Bytes = plaintextByte;
//string str = "";
//for (int i = 0; i <plaintextByte.Length; i++)
//{
// str +=plaintextByte[i].ToString("X2");
//}
//return str;
}
/// <summary>
/// 根据明文密文证书,验证文件是否被修改
/// </summary>
/// <paramname="yuanwen"></param>
/// <paramname="miwen"></param>
/// <paramname="cerPath"></param>
/// <returns></returns>
public static bool DecryptString(stringyuanwen, string miwen, string cerPath)
{
X509Certificate2 X509Certificate2 =GetCertFromCerFile(cerPath);
RSACryptoServiceProvidermyRSACryptoServiceProvider = (RSACryptoServiceProvider)X509Certificate2.PublicKey.Key;
//RSAParameters parameters =myRSACryptoServiceProvider.ExportParameters(true);
UnicodeEncoding ByteConverter = newUnicodeEncoding();
byte[] dataToVerifyBytes =ByteConverter.GetBytes(yuanwen);
byte[] signedDataBytes = Convert.FromBase64String(miwen);
returnmyRSACryptoServiceProvider.VerifyData(dataToVerifyBytes, new SHA1CryptoServiceProvider(),signedDataBytes);
//returnRSAext.DecryptProcess(miwen, parameters.Modulus, parameters.Exponent);
//byte[] plaintextByte =myRSACryptoServiceProvider.Decrypt(mingwenBytes, false);
//returnEncoding.UTF8.GetString(plaintextByte);
}
#endregion
}
2.使用举例
根据指定的证书名和makecert全路径生成证书(包含公钥和私钥,并保存在MY存储区)
stringMakeCert = @"C:\Program Files (x86)\WindowsKits\8.0\bin\x86\makecert.exe";
DataCertificate.CreateCertWithPrivateKey("digihail123",MakeCert);
从WINDOWS证书存储区的个人MY区找到主题为digihail123的证书,并使用密码生成pfx文件和导出cer文件
DataCertificate.ExportToPfxFile("digihail123","d:\\digihail456.pfx","123456",false);
DataCertificate.ExportToCerFile("digihail123","d:\\digihail456.cer");
根据明文 pfx文件 密码生成密文 并把明文 密文一起写入的文件,和cer证书下发给客户端
string miwen=DataCertificate.EncryptString(mingwen,"d:\\digihail456.pfx", "123456");
4.根据从文件读取的 明文 密文 和cer文件验证文件是否被修改
bool isok = DataCertificate.DecryptString(mingwen,miwen,"d:\\digihail456.cer");
Windows证书的生成导出以及使用证书验证文件是否被修改的更多相关文章
- Linux、Windows 下手动生成 sha256 等类型的校验文件
目录 1 - 校验文件的作用 2 - Linux 下生成校验文件 3 - Windows 下生成校验文件 参考资料 版权声明 1 - 校验文件的作用 从网服务器下载文件,尤其是比较大的文件时,很容易由 ...
- 如何在Win8.1和Win2012上运用PowerShell快速生成、安装、导出自签名证书 (Self-Signed Certificate)
自签名证书用途很广,测试,开发,本地或者云端网站(比如Microsoft Azure Web Site)都会使用到.本文会介绍一种在Win8.1和Win2012 R2上使用PowerShell快速生成 ...
- iOS推送小结(证书的生成、客户端的开发、服务端的开发)
1.推送过程简介 1.1.App启动过程中,使用UIApplication::registerForRemoteNotificationTypes函数与苹果的APNS服务器通信,发出注册远程推送的申请 ...
- 用Keytool和OpenSSL生成和签发数字证书
一)keytool生成私钥文件(.key)和签名请求文件(.csr),openssl签发数字证书 J2SDK在目录%JAVA_HOME%/bin提供了密钥库管理工具Keytool,用于管理密 ...
- membership DB生成 & dll 强命名 & 证书生成
UPD(Membership)数据库安装1.使用 Aspnet_regsql.exe 安装数据库 在 C:\WINDOWS\Microsoft.NET\Framework\\aspnet_regsql ...
- Apache Nifi在Windows环境下搭建伪群集及证书登录
代码地址如下:http://www.demodashi.com/demo/11986.html 前些时间做了关于Apache Nifi分布式集群的搭建分享,但很多时候要搭建分布式集群机器资源是个问题, ...
- windows下如何制作和应用数字签名证书 全流程
目前我们在发布应用程序时,有时用户下载后会被360杀毒当做木马直接隔离.为应用程序可执行文件打上数字签名可以让360杀毒放宽检测规则.下文是讲述如何制作数字签名证书的过程. 需要准备的工具:makec ...
- JAVA调用 keytool 生成keystore 和 cer 证书
keytool是一个Java数据证书的管理工具, keytool将密钥(key)和证书(certificates)存在一个称为keystore的文件中在keystore里, 包含两种数据: 密钥实体( ...
- JAVA数字证书制作生成
1.加密算法 为了网络通讯中的报文安全,一般需要对报文进行加密,目前常用的加密算法有: 非对称加密算法:又称公钥加密算法,如RSA.DSA/DSS,最常用的就是RSA算法(算法公开,可自行百度了解算法 ...
随机推荐
- Android中HandlerThread的使用及源代码解析
关于Hanlder的基本使用能够參见博文<Android中Handler的使用>,假设想了解Handler.Looper.Thread等的相互关系以及内部实现原理能够參见博文<深入源 ...
- Go语言:正則表達式的使用
Go语言的正則表達式使用非常easy.演示样例代码: package test import ( "fmt" "regexp" ) func RegixBase ...
- combobox添加选项
如果不需要绑定字段,只需要显示列表 cmb_Type.Items.AddRange(new object[] {"姓名","年龄","性别" ...
- No USB devices or running emulators detected”
每次重装系统之后,安装andorid studio后,使用真机调试代码,就会出现"No USB devices or running emulators detected"的错误, ...
- 设置Oracle tnslsnr监听器口令
绿盟扫描提示引用程序脆弱账号 Oracle tnslsnr 监听器,加密主要为了防止监听被恶意远程关闭.关于这个安全问题的详细说明参见文字结尾转载的说明<Oracle的监听口令及监听器安全&g ...
- 关于undefind
var undefined = "东方云游"; alert(undefined); // undefined 不一定为undefined ie8(包含ie8)以下会返回 " ...
- 如何更好的利用redis
原文地址http://oldblog.antirez.com/post/take-advantage-of-redis-adding-it-to-your-stack.html @(syoka)[re ...
- DragControl
原文:DragControl 版权声明:本文为博主原创文章,未经博主允许不得转载. https://blog.csdn.net/Vblegend_2013/article/details/837911 ...
- Latex 琐碎
χ(\chi),Ξ(\Xi),ξ(\xi) 0. 加颜色 x2+y2=z2({\color{Red} {x^2+y^2=z^2}}) Magenta, Cyan, Emerald(宝石绿) 1. 斜杠 ...
- 《北京IT报道》你可以成为下一个《万万没有想到》?
10一个月29当天上午,一位名为<北京IT报道>在视频短剧IT朋友谁快速刷新的互联网商业圈.这种制作粗糙.演员表情僵硬.安置赤裸网络剧,但对布局和内容因IT互联网从业者的生活,深受广大用户 ...