本文介绍了如何使用Windows自带的证书生成器生成,导出,使用证书。并以验证文件是否被修改举例

1.证书相关辅助类

  public sealed class DataCertificate

    {

        #region 生成证书

        /// <summary>   

        /// 根据指定的证书名和makecert全路径生成证书(包含公钥和私钥,并保存在MY存储区)   

        /// </summary>   

        /// <paramname="subjectName"></param>  

        /// <paramname="makecertPath"></param>   

        /// <returns></returns>   

        public static boolCreateCertWithPrivateKey(string subjectName, string makecertPath)

        {

            subjectName = "CN=" +subjectName;

            string param = "-r -pe -n" + subjectName + " -b 01/01/2005 -sky exchange -ss my";

            try

            {

                Process p = Process.Start(makecertPath,param);

                p.WaitForExit();

                p.Close();

            }

            catch (Exception e)

            {

                //LogRecord.putErrorLog(e.ToString(),"DataCerficate.CreateCertWithPrivateKey");   

                return false;

            }

            return true;

        }

        #endregion

        #region 文件导入导出

        /// <summary>   

        /// 从WINDOWS证书存储区的个人MY区找到主题为subjectName的证书,   

        /// 并导出为pfx文件,同时为其指定一个密码   

        /// 并将证书从个人区删除(如果isDelFromstor为true)   

        /// </summary>   

        /// <paramname="subjectName">证书主题,不包含CN=</param>   

        /// <paramname="pfxFileName">pfx文件名</param>   

        /// <paramname="password">pfx文件密码</param>   

        /// <paramname="isDelFromStore">是否从存储区删除</param>   

        /// <returns></returns>   

        public static bool ExportToPfxFile(stringsubjectName, string pfxFileName,

            string password, boolisDelFromStore)

        {

            subjectName = "CN=" +subjectName;

            X509Store store = new X509Store(StoreName.My,StoreLocation.CurrentUser);

            store.Open(OpenFlags.ReadWrite);

            X509Certificate2Collectionstorecollection = (X509Certificate2Collection)store.Certificates;

            foreach (X509Certificate2 x509 instorecollection)

            {

                if (x509.Subject ==subjectName)

                {

                    Debug.Print(string.Format("certificatename: {0}", x509.Subject));

                    byte[] pfxByte =x509.Export(X509ContentType.Pfx, password);

                    using (FileStreamfileStream = new FileStream(pfxFileName, FileMode.Create))

                    {

                        // Write the data tothe file, byte by byte.   

                        for (int i = ; i <pfxByte.Length; i++)

                           fileStream.WriteByte(pfxByte[i]);

                        // Set the streamposition to the beginning of the file.   

                        fileStream.Seek(, SeekOrigin.Begin);

                        // Read and verify thedata.   

                        for (int i = ; i <fileStream.Length; i++)

                        {

                            if (pfxByte[i] !=fileStream.ReadByte())

                            {

                                //LogRecord.putErrorLog("Exportpfx error while verify the pfx file!", "ExportToPfxFile");   

                               fileStream.Close();

                                return false;

                            }

                        }

                        fileStream.Close();

                    }

                    if (isDelFromStore == true)

                        store.Remove(x509);

                }

            }

            store.Close();

            store = null;

            storecollection = null;

            return true;

        }

        /// <summary>   

        /// 从WINDOWS证书存储区的个人MY区找到主题为subjectName的证书,   

        /// 并导出为CER文件(即,只含公钥的)   

        /// </summary>   

        /// <paramname="subjectName"></param>  

        /// <paramname="cerFileName"></param>  

        /// <returns></returns>   

        public static bool ExportToCerFile(stringsubjectName, string cerFileName)

        {

            subjectName = "CN=" +subjectName;

            X509Store store = new X509Store(StoreName.My,StoreLocation.CurrentUser);

            store.Open(OpenFlags.ReadWrite);

            X509Certificate2Collectionstorecollection = (X509Certificate2Collection)store.Certificates;

            foreach (X509Certificate2 x509 instorecollection)

            {

                if (x509.Subject ==subjectName)

                {

                    Debug.Print(string.Format("certificatename: {0}", x509.Subject));

                    //byte[] pfxByte =x509.Export(X509ContentType.Pfx, password);  

                    byte[] cerByte =x509.Export(X509ContentType.Cert);

                    using (FileStreamfileStream = new FileStream(cerFileName, FileMode.Create))

                    {

                        // Write the data tothe file, byte by byte.   

                        for (int i = ; i <cerByte.Length; i++)

                           fileStream.WriteByte(cerByte[i]);

                        // Set the streamposition to the beginning of the file.   

                        fileStream.Seek(, SeekOrigin.Begin);

                        // Read and verify thedata.   

                        for (int i = ; i <fileStream.Length; i++)

                        {

                            if (cerByte[i] !=fileStream.ReadByte())

                            {

                                //LogRecord.putErrorLog("ExportCER error while verify the CERT file!", "ExportToCERFile");   

                               fileStream.Close();

                                return false;

                            }

                        }

                        fileStream.Close();

                    }

                }

            }

            store.Close();

            store = null;

            storecollection = null;

            return true;

        }

        #endregion

        #region 从证书中获取信息

        /// <summary>   

        /// 根据私钥证书得到证书实体,得到实体后可以根据其公钥和私钥进行加解密   

        /// 加解密函数使用DEncrypt的RSACryption类   

        /// </summary>   

        /// <paramname="pfxFileName"></param>  

        /// <paramname="password"></param>  

        /// <returns></returns>   

        public static X509Certificate2GetCertificateFromPfxFile(string pfxFileName,

            string password)

        {

            try

            {

                return new X509Certificate2(pfxFileName,password, X509KeyStorageFlags.Exportable);

            }

            catch (Exception e)

            {

                //LogRecord.putErrorLog("getcertificate from pfx" + pfxFileName + " error:" +e.ToString(),   

                //   "GetCertificateFromPfxFile");   

                return null;

            }

        }

        /// <summary>   

        /// 到存储区获取证书   

        /// </summary>   

        /// <paramname="subjectName"></param>  

        /// <returns></returns>   

        public static X509Certificate2GetCertificateFromStore(string subjectName)

        {

            subjectName = "CN=" +subjectName;

            X509Store store = new X509Store(StoreName.My,StoreLocation.CurrentUser);

            store.Open(OpenFlags.ReadWrite);

            X509Certificate2Collectionstorecollection = (X509Certificate2Collection)store.Certificates;

            foreach (X509Certificate2 x509 instorecollection)

            {

                if (x509.Subject ==subjectName)

                {

                    return x509;

                }

            }

            store.Close();

            store = null;

            storecollection = null;

            return null;

        }

        /// <summary>   

        /// 根据公钥证书,返回证书实体   

        /// </summary>   

        /// <paramname="cerPath"></param>  

        public static X509Certificate2GetCertFromCerFile(string cerPath)

        {

            try

            {

                return new X509Certificate2(cerPath);

            }

            catch (Exception e)

            {

                //LogRecord.putErrorLog(e.ToString(),"DataCertificate.LoadStudentPublicKey");   

                return null;

            }

        }

        #endregion

        #region 加解密

        private static byte[] m_Bytes;

        /// <summary>

        /// 根据明文加密证书密码生成密文

        /// </summary>

        /// <paramname="mingwen"></param>

        /// <paramname="pfxFileName"></param>

        /// <paramname="password"></param>

        /// <returns></returns>

        public static string EncryptString(stringmingwen, string pfxFileName, string password)

        {

            UnicodeEncoding ByteConverter = newUnicodeEncoding();

            byte[] mingwenBytes =ByteConverter.GetBytes(mingwen);

            X509Certificate2 X509Certificate2 =GetCertificateFromPfxFile(pfxFileName, password);

            RSACryptoServiceProvidermyRSACryptoServiceProvider = (RSACryptoServiceProvider)X509Certificate2.PrivateKey;

            RSAParameters parameters =myRSACryptoServiceProvider.ExportParameters(true);

            byte[] encryptedData =myRSACryptoServiceProvider.SignData(mingwenBytes, new SHA1CryptoServiceProvider());

            return Convert.ToBase64String(encryptedData);

            //returnRSAext.EncryptProcess(mingwen, parameters.D, parameters.Modulus);

            //byte[] plaintextByte =myRSACryptoServiceProvider.Encrypt(mingwenBytes, false);

            //m_Bytes = plaintextByte;

            //string str = "";

            //for (int i = 0; i <plaintextByte.Length; i++)

            //{

            //    str +=plaintextByte[i].ToString("X2");

            //}

            //return str;

        }

        /// <summary>

        /// 根据明文密文证书,验证文件是否被修改

        /// </summary>

        /// <paramname="yuanwen"></param>

        /// <paramname="miwen"></param>

        /// <paramname="cerPath"></param>

        /// <returns></returns>

        public static bool DecryptString(stringyuanwen, string miwen, string cerPath)

        {

            X509Certificate2 X509Certificate2 =GetCertFromCerFile(cerPath);

            RSACryptoServiceProvidermyRSACryptoServiceProvider = (RSACryptoServiceProvider)X509Certificate2.PublicKey.Key;

            //RSAParameters parameters =myRSACryptoServiceProvider.ExportParameters(true);

            UnicodeEncoding ByteConverter = newUnicodeEncoding();

            byte[] dataToVerifyBytes =ByteConverter.GetBytes(yuanwen);

            byte[] signedDataBytes = Convert.FromBase64String(miwen);

            returnmyRSACryptoServiceProvider.VerifyData(dataToVerifyBytes, new SHA1CryptoServiceProvider(),signedDataBytes);

            //returnRSAext.DecryptProcess(miwen, parameters.Modulus, parameters.Exponent);

            //byte[] plaintextByte =myRSACryptoServiceProvider.Decrypt(mingwenBytes, false);

            //returnEncoding.UTF8.GetString(plaintextByte);

        }

        #endregion

}

2.使用举例

根据指定的证书名和makecert全路径生成证书(包含公钥和私钥,并保存在MY存储区)

stringMakeCert = @"C:\Program Files (x86)\WindowsKits\8.0\bin\x86\makecert.exe";

DataCertificate.CreateCertWithPrivateKey("digihail123",MakeCert);

从WINDOWS证书存储区的个人MY区找到主题为digihail123的证书,并使用密码生成pfx文件和导出cer文件

DataCertificate.ExportToPfxFile("digihail123","d:\\digihail456.pfx","123456",false);

DataCertificate.ExportToCerFile("digihail123","d:\\digihail456.cer");

根据明文 pfx文件 密码生成密文 并把明文 密文一起写入的文件,和cer证书下发给客户端

string miwen=DataCertificate.EncryptString(mingwen,"d:\\digihail456.pfx", "123456");

4.根据从文件读取的 明文 密文 和cer文件验证文件是否被修改

bool isok = DataCertificate.DecryptString(mingwen,miwen,"d:\\digihail456.cer");

Windows证书的生成导出以及使用证书验证文件是否被修改的更多相关文章

  1. Linux、Windows 下手动生成 sha256 等类型的校验文件

    目录 1 - 校验文件的作用 2 - Linux 下生成校验文件 3 - Windows 下生成校验文件 参考资料 版权声明 1 - 校验文件的作用 从网服务器下载文件,尤其是比较大的文件时,很容易由 ...

  2. 如何在Win8.1和Win2012上运用PowerShell快速生成、安装、导出自签名证书 (Self-Signed Certificate)

    自签名证书用途很广,测试,开发,本地或者云端网站(比如Microsoft Azure Web Site)都会使用到.本文会介绍一种在Win8.1和Win2012 R2上使用PowerShell快速生成 ...

  3. iOS推送小结(证书的生成、客户端的开发、服务端的开发)

    1.推送过程简介 1.1.App启动过程中,使用UIApplication::registerForRemoteNotificationTypes函数与苹果的APNS服务器通信,发出注册远程推送的申请 ...

  4. 用Keytool和OpenSSL生成和签发数字证书

    一)keytool生成私钥文件(.key)和签名请求文件(.csr),openssl签发数字证书      J2SDK在目录%JAVA_HOME%/bin提供了密钥库管理工具Keytool,用于管理密 ...

  5. membership DB生成 & dll 强命名 & 证书生成

    UPD(Membership)数据库安装1.使用 Aspnet_regsql.exe 安装数据库 在 C:\WINDOWS\Microsoft.NET\Framework\\aspnet_regsql ...

  6. Apache Nifi在Windows环境下搭建伪群集及证书登录

    代码地址如下:http://www.demodashi.com/demo/11986.html 前些时间做了关于Apache Nifi分布式集群的搭建分享,但很多时候要搭建分布式集群机器资源是个问题, ...

  7. windows下如何制作和应用数字签名证书 全流程

    目前我们在发布应用程序时,有时用户下载后会被360杀毒当做木马直接隔离.为应用程序可执行文件打上数字签名可以让360杀毒放宽检测规则.下文是讲述如何制作数字签名证书的过程. 需要准备的工具:makec ...

  8. JAVA调用 keytool 生成keystore 和 cer 证书

    keytool是一个Java数据证书的管理工具, keytool将密钥(key)和证书(certificates)存在一个称为keystore的文件中在keystore里, 包含两种数据: 密钥实体( ...

  9. JAVA数字证书制作生成

    1.加密算法 为了网络通讯中的报文安全,一般需要对报文进行加密,目前常用的加密算法有: 非对称加密算法:又称公钥加密算法,如RSA.DSA/DSS,最常用的就是RSA算法(算法公开,可自行百度了解算法 ...

随机推荐

  1. Django之分页显示文章

    1.项目:http://www.cnblogs.com/jasonhaven/p/7493422.html 2.任务描述:页面分页显示文章 3.源代码 后台: from django.core.pag ...

  2. [Jenkins] Creating Application builds

    After installing the jenkins, we start creating new job. 1. Give job names (your project name): 2. G ...

  3. [Git] Use git add --patch for better commit history and mitigating bugs

    Let's split our changes into separate commits. We'll be able to check over our changes before stagin ...

  4. kali 系统的源

    sources.list deb http://http.kali.org/kali kali-rolling main non-free contrib deb http://mirrors.ust ...

  5. Java实现的并发任务处理实例

    本文实例讲述了Java实现的并发任务处理方法.分享给大家供大家参考,具体如下: public void init() { super.init(); this.ioThreadPool = new T ...

  6. AndroidClipSquare安卓实现方形头像裁剪

    安卓实现方形头像裁剪 实现思路.界面可见区域为2层View 最顶层的View是显示层,主要绘制半透明边框区域和白色裁剪区域,代码比較easy. 第二层继承ImageView,使用ImageView的M ...

  7. Python 库的使用 —— dis

    dis:Disassembler of Python byte code into mnemonics. Java.Python.Ruby 1.9 这些语言均使用了栈机器型的 VM.因为是基于栈的实现 ...

  8. epoll 和select

    epoll 水平触发和边缘触发的区别 EPOLLLT——水平触发EPOLLET——边缘触发 epoll有EPOLLLT和EPOLLET两种触发模式,LT是默认的模式,ET是“高速”模式.LT模式下,只 ...

  9. 小强的HTML5移动开发之路(34)——jQuery中的选择器

    一.jQuery是什么? jQuery是由美国人John Resig创建,至今吸引了来自世界各地的众多javascript高手加入其中. jQuery的创始人和技术领袖,目前在Mozilla担任Jav ...

  10. linux服务器集群重复批量操作脚本实现

    http://blog.csdn.net/flyinmind/article/details/8074863  在服务器集群的维护中,经常会遇到同样的操作重复执行很多遍的情况,“登录服务器->做 ...