本文介绍了如何使用Windows自带的证书生成器生成,导出,使用证书。并以验证文件是否被修改举例

1.证书相关辅助类

  public sealed class DataCertificate

    {

        #region 生成证书

        /// <summary>   

        /// 根据指定的证书名和makecert全路径生成证书(包含公钥和私钥,并保存在MY存储区)   

        /// </summary>   

        /// <paramname="subjectName"></param>  

        /// <paramname="makecertPath"></param>   

        /// <returns></returns>   

        public static boolCreateCertWithPrivateKey(string subjectName, string makecertPath)

        {

            subjectName = "CN=" +subjectName;

            string param = "-r -pe -n" + subjectName + " -b 01/01/2005 -sky exchange -ss my";

            try

            {

                Process p = Process.Start(makecertPath,param);

                p.WaitForExit();

                p.Close();

            }

            catch (Exception e)

            {

                //LogRecord.putErrorLog(e.ToString(),"DataCerficate.CreateCertWithPrivateKey");   

                return false;

            }

            return true;

        }

        #endregion

        #region 文件导入导出

        /// <summary>   

        /// 从WINDOWS证书存储区的个人MY区找到主题为subjectName的证书,   

        /// 并导出为pfx文件,同时为其指定一个密码   

        /// 并将证书从个人区删除(如果isDelFromstor为true)   

        /// </summary>   

        /// <paramname="subjectName">证书主题,不包含CN=</param>   

        /// <paramname="pfxFileName">pfx文件名</param>   

        /// <paramname="password">pfx文件密码</param>   

        /// <paramname="isDelFromStore">是否从存储区删除</param>   

        /// <returns></returns>   

        public static bool ExportToPfxFile(stringsubjectName, string pfxFileName,

            string password, boolisDelFromStore)

        {

            subjectName = "CN=" +subjectName;

            X509Store store = new X509Store(StoreName.My,StoreLocation.CurrentUser);

            store.Open(OpenFlags.ReadWrite);

            X509Certificate2Collectionstorecollection = (X509Certificate2Collection)store.Certificates;

            foreach (X509Certificate2 x509 instorecollection)

            {

                if (x509.Subject ==subjectName)

                {

                    Debug.Print(string.Format("certificatename: {0}", x509.Subject));

                    byte[] pfxByte =x509.Export(X509ContentType.Pfx, password);

                    using (FileStreamfileStream = new FileStream(pfxFileName, FileMode.Create))

                    {

                        // Write the data tothe file, byte by byte.   

                        for (int i = ; i <pfxByte.Length; i++)

                           fileStream.WriteByte(pfxByte[i]);

                        // Set the streamposition to the beginning of the file.   

                        fileStream.Seek(, SeekOrigin.Begin);

                        // Read and verify thedata.   

                        for (int i = ; i <fileStream.Length; i++)

                        {

                            if (pfxByte[i] !=fileStream.ReadByte())

                            {

                                //LogRecord.putErrorLog("Exportpfx error while verify the pfx file!", "ExportToPfxFile");   

                               fileStream.Close();

                                return false;

                            }

                        }

                        fileStream.Close();

                    }

                    if (isDelFromStore == true)

                        store.Remove(x509);

                }

            }

            store.Close();

            store = null;

            storecollection = null;

            return true;

        }

        /// <summary>   

        /// 从WINDOWS证书存储区的个人MY区找到主题为subjectName的证书,   

        /// 并导出为CER文件(即,只含公钥的)   

        /// </summary>   

        /// <paramname="subjectName"></param>  

        /// <paramname="cerFileName"></param>  

        /// <returns></returns>   

        public static bool ExportToCerFile(stringsubjectName, string cerFileName)

        {

            subjectName = "CN=" +subjectName;

            X509Store store = new X509Store(StoreName.My,StoreLocation.CurrentUser);

            store.Open(OpenFlags.ReadWrite);

            X509Certificate2Collectionstorecollection = (X509Certificate2Collection)store.Certificates;

            foreach (X509Certificate2 x509 instorecollection)

            {

                if (x509.Subject ==subjectName)

                {

                    Debug.Print(string.Format("certificatename: {0}", x509.Subject));

                    //byte[] pfxByte =x509.Export(X509ContentType.Pfx, password);  

                    byte[] cerByte =x509.Export(X509ContentType.Cert);

                    using (FileStreamfileStream = new FileStream(cerFileName, FileMode.Create))

                    {

                        // Write the data tothe file, byte by byte.   

                        for (int i = ; i <cerByte.Length; i++)

                           fileStream.WriteByte(cerByte[i]);

                        // Set the streamposition to the beginning of the file.   

                        fileStream.Seek(, SeekOrigin.Begin);

                        // Read and verify thedata.   

                        for (int i = ; i <fileStream.Length; i++)

                        {

                            if (cerByte[i] !=fileStream.ReadByte())

                            {

                                //LogRecord.putErrorLog("ExportCER error while verify the CERT file!", "ExportToCERFile");   

                               fileStream.Close();

                                return false;

                            }

                        }

                        fileStream.Close();

                    }

                }

            }

            store.Close();

            store = null;

            storecollection = null;

            return true;

        }

        #endregion

        #region 从证书中获取信息

        /// <summary>   

        /// 根据私钥证书得到证书实体,得到实体后可以根据其公钥和私钥进行加解密   

        /// 加解密函数使用DEncrypt的RSACryption类   

        /// </summary>   

        /// <paramname="pfxFileName"></param>  

        /// <paramname="password"></param>  

        /// <returns></returns>   

        public static X509Certificate2GetCertificateFromPfxFile(string pfxFileName,

            string password)

        {

            try

            {

                return new X509Certificate2(pfxFileName,password, X509KeyStorageFlags.Exportable);

            }

            catch (Exception e)

            {

                //LogRecord.putErrorLog("getcertificate from pfx" + pfxFileName + " error:" +e.ToString(),   

                //   "GetCertificateFromPfxFile");   

                return null;

            }

        }

        /// <summary>   

        /// 到存储区获取证书   

        /// </summary>   

        /// <paramname="subjectName"></param>  

        /// <returns></returns>   

        public static X509Certificate2GetCertificateFromStore(string subjectName)

        {

            subjectName = "CN=" +subjectName;

            X509Store store = new X509Store(StoreName.My,StoreLocation.CurrentUser);

            store.Open(OpenFlags.ReadWrite);

            X509Certificate2Collectionstorecollection = (X509Certificate2Collection)store.Certificates;

            foreach (X509Certificate2 x509 instorecollection)

            {

                if (x509.Subject ==subjectName)

                {

                    return x509;

                }

            }

            store.Close();

            store = null;

            storecollection = null;

            return null;

        }

        /// <summary>   

        /// 根据公钥证书,返回证书实体   

        /// </summary>   

        /// <paramname="cerPath"></param>  

        public static X509Certificate2GetCertFromCerFile(string cerPath)

        {

            try

            {

                return new X509Certificate2(cerPath);

            }

            catch (Exception e)

            {

                //LogRecord.putErrorLog(e.ToString(),"DataCertificate.LoadStudentPublicKey");   

                return null;

            }

        }

        #endregion

        #region 加解密

        private static byte[] m_Bytes;

        /// <summary>

        /// 根据明文加密证书密码生成密文

        /// </summary>

        /// <paramname="mingwen"></param>

        /// <paramname="pfxFileName"></param>

        /// <paramname="password"></param>

        /// <returns></returns>

        public static string EncryptString(stringmingwen, string pfxFileName, string password)

        {

            UnicodeEncoding ByteConverter = newUnicodeEncoding();

            byte[] mingwenBytes =ByteConverter.GetBytes(mingwen);

            X509Certificate2 X509Certificate2 =GetCertificateFromPfxFile(pfxFileName, password);

            RSACryptoServiceProvidermyRSACryptoServiceProvider = (RSACryptoServiceProvider)X509Certificate2.PrivateKey;

            RSAParameters parameters =myRSACryptoServiceProvider.ExportParameters(true);

            byte[] encryptedData =myRSACryptoServiceProvider.SignData(mingwenBytes, new SHA1CryptoServiceProvider());

            return Convert.ToBase64String(encryptedData);

            //returnRSAext.EncryptProcess(mingwen, parameters.D, parameters.Modulus);

            //byte[] plaintextByte =myRSACryptoServiceProvider.Encrypt(mingwenBytes, false);

            //m_Bytes = plaintextByte;

            //string str = "";

            //for (int i = 0; i <plaintextByte.Length; i++)

            //{

            //    str +=plaintextByte[i].ToString("X2");

            //}

            //return str;

        }

        /// <summary>

        /// 根据明文密文证书,验证文件是否被修改

        /// </summary>

        /// <paramname="yuanwen"></param>

        /// <paramname="miwen"></param>

        /// <paramname="cerPath"></param>

        /// <returns></returns>

        public static bool DecryptString(stringyuanwen, string miwen, string cerPath)

        {

            X509Certificate2 X509Certificate2 =GetCertFromCerFile(cerPath);

            RSACryptoServiceProvidermyRSACryptoServiceProvider = (RSACryptoServiceProvider)X509Certificate2.PublicKey.Key;

            //RSAParameters parameters =myRSACryptoServiceProvider.ExportParameters(true);

            UnicodeEncoding ByteConverter = newUnicodeEncoding();

            byte[] dataToVerifyBytes =ByteConverter.GetBytes(yuanwen);

            byte[] signedDataBytes = Convert.FromBase64String(miwen);

            returnmyRSACryptoServiceProvider.VerifyData(dataToVerifyBytes, new SHA1CryptoServiceProvider(),signedDataBytes);

            //returnRSAext.DecryptProcess(miwen, parameters.Modulus, parameters.Exponent);

            //byte[] plaintextByte =myRSACryptoServiceProvider.Decrypt(mingwenBytes, false);

            //returnEncoding.UTF8.GetString(plaintextByte);

        }

        #endregion

}

2.使用举例

根据指定的证书名和makecert全路径生成证书(包含公钥和私钥,并保存在MY存储区)

stringMakeCert = @"C:\Program Files (x86)\WindowsKits\8.0\bin\x86\makecert.exe";

DataCertificate.CreateCertWithPrivateKey("digihail123",MakeCert);

从WINDOWS证书存储区的个人MY区找到主题为digihail123的证书,并使用密码生成pfx文件和导出cer文件

DataCertificate.ExportToPfxFile("digihail123","d:\\digihail456.pfx","123456",false);

DataCertificate.ExportToCerFile("digihail123","d:\\digihail456.cer");

根据明文 pfx文件 密码生成密文 并把明文 密文一起写入的文件,和cer证书下发给客户端

string miwen=DataCertificate.EncryptString(mingwen,"d:\\digihail456.pfx", "123456");

4.根据从文件读取的 明文 密文 和cer文件验证文件是否被修改

bool isok = DataCertificate.DecryptString(mingwen,miwen,"d:\\digihail456.cer");

Windows证书的生成导出以及使用证书验证文件是否被修改的更多相关文章

  1. Linux、Windows 下手动生成 sha256 等类型的校验文件

    目录 1 - 校验文件的作用 2 - Linux 下生成校验文件 3 - Windows 下生成校验文件 参考资料 版权声明 1 - 校验文件的作用 从网服务器下载文件,尤其是比较大的文件时,很容易由 ...

  2. 如何在Win8.1和Win2012上运用PowerShell快速生成、安装、导出自签名证书 (Self-Signed Certificate)

    自签名证书用途很广,测试,开发,本地或者云端网站(比如Microsoft Azure Web Site)都会使用到.本文会介绍一种在Win8.1和Win2012 R2上使用PowerShell快速生成 ...

  3. iOS推送小结(证书的生成、客户端的开发、服务端的开发)

    1.推送过程简介 1.1.App启动过程中,使用UIApplication::registerForRemoteNotificationTypes函数与苹果的APNS服务器通信,发出注册远程推送的申请 ...

  4. 用Keytool和OpenSSL生成和签发数字证书

    一)keytool生成私钥文件(.key)和签名请求文件(.csr),openssl签发数字证书      J2SDK在目录%JAVA_HOME%/bin提供了密钥库管理工具Keytool,用于管理密 ...

  5. membership DB生成 & dll 强命名 & 证书生成

    UPD(Membership)数据库安装1.使用 Aspnet_regsql.exe 安装数据库 在 C:\WINDOWS\Microsoft.NET\Framework\\aspnet_regsql ...

  6. Apache Nifi在Windows环境下搭建伪群集及证书登录

    代码地址如下:http://www.demodashi.com/demo/11986.html 前些时间做了关于Apache Nifi分布式集群的搭建分享,但很多时候要搭建分布式集群机器资源是个问题, ...

  7. windows下如何制作和应用数字签名证书 全流程

    目前我们在发布应用程序时,有时用户下载后会被360杀毒当做木马直接隔离.为应用程序可执行文件打上数字签名可以让360杀毒放宽检测规则.下文是讲述如何制作数字签名证书的过程. 需要准备的工具:makec ...

  8. JAVA调用 keytool 生成keystore 和 cer 证书

    keytool是一个Java数据证书的管理工具, keytool将密钥(key)和证书(certificates)存在一个称为keystore的文件中在keystore里, 包含两种数据: 密钥实体( ...

  9. JAVA数字证书制作生成

    1.加密算法 为了网络通讯中的报文安全,一般需要对报文进行加密,目前常用的加密算法有: 非对称加密算法:又称公钥加密算法,如RSA.DSA/DSS,最常用的就是RSA算法(算法公开,可自行百度了解算法 ...

随机推荐

  1. Windows环境搭建Web自己主动化測试框架Watir(基于Ruby)

    web自己主动化測试一直是一个比較迫切的问题 图1-1 须要安装的工具 http://railsinstaller.org/ 由于安装Ruby还须要用到其它的一些开发工具集.所以建议从站点http:/ ...

  2. Cocos2d-x学习笔记(16)(常见22种特效)

    1.CCShaky3D::create(int range.bool shakeZ,const ccGridSize& gridSize,float duration)//创建一个3D晃动的特 ...

  3. html5-6 Frame框架窗口类型

    html5-6  Frame框架窗口类型 一.总结 一句话总结: 1.点左侧的a链接如何打开右侧页面? <a href='user/index.html' target='right'>& ...

  4. Use Word 2010's Navigation Pane to quickly reorganize documents

    Use Word 2010's Navigation Pane to quickly reorganize documents http://www.techrepublic.com/blog/mic ...

  5. Fragment使用LocalBroadcastManager接收广播消息

    这种方式不用在配置文件加东西 变量声明 LocalBroadcastManager broadcastManager; IntentFilter intentFilter; BroadcastRece ...

  6. Android 判断软键盘弹出并隐藏的简单完美解决方案

    最近项目中有一个编辑框,下面是个ListView.在触发编辑框弹出软键盘后,ListView还能滑动,并且ListView的item还能响应单击.这样的体验效果很不好.于是便想在滑动或单击item时判 ...

  7. 【t075】郁闷的记者

    Time Limit: 1 second Memory Limit: 128 MB [问题描述] 你是一个体育报社的记者,你接受到一个艰难的任务:有N支足球队参加足球比赛,现在给你一些比赛的结果,需要 ...

  8. Codeforces Round #313 (Div. 2) 560C Gerald&#39;s Hexagon(脑洞)

    C. Gerald's Hexagon time limit per test 2 seconds memory limit per test 256 megabytes input standard ...

  9. ZBar 是款桌面电脑用条形码/二维码扫描工具

    ZBar 是款桌面电脑用条形码/二维码扫描工具 windows平台python 2.7环境编译安装zbar   最近一个项目需要识别二维码,找来找去找到了zbar和zxing,中间越过无数坑,总算基本 ...

  10. WPF Chart 图标

    DevExpress: <dxc:ChartControl.Diagram> <dxc:XYDiagram2D.SeriesTemplate> </dxc:XYDiagr ...