C#创建数字证书并导出为pfx,并使用pfx进行非对称加解密

本文源程序下载:http://download.csdn.net/source/2444494

我的项目当中,考虑到安全性,需要为每个客户端分发一个数字证书,同时使用数字证书中的公私钥来进行数据的加解密。为了完成这个安全模块,特写了如下一个DEMO程序,该DEMO程序包含的功能有:

1:调用.NET2.0的MAKECERT创建含有私钥的数字证书,并存储到个人证书区;

2:将该证书导出为pfx文件,并为其指定一个用来打开pfx文件的password;

3:读取pfx文件,导出pfx中公钥和私钥;

4:用pfx证书中的公钥进行数据的加密,用私钥进行数据的解密;

系统界面:

 

代码如下:

view plaincopy to clipboardprint?
/// <summary>  
        /// 将证书从证书存储区导出,并存储为pfx文件,同时为pfx文件指定打开的密码  
        /// 本函数同时也演示如何用公钥进行加密,私钥进行解密  
        /// </summary>  
        /// <param name="sender"></param>  
        /// <param name="e"></param>  
        private void btn_toPfxFile_Click(object sender, EventArgs e)  
        {  
            X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);  
            store.Open(OpenFlags.ReadWrite);  
            X509Certificate2Collection storecollection = (X509Certificate2Collection)store.Certificates;  
            foreach (X509Certificate2 x509 in storecollection)  
            {  
                if (x509.Subject == "CN=luminji")  
                {  
                    Debug.Print(string.Format("certificate name: {0}", x509.Subject));  
                    byte[] pfxByte = x509.Export(X509ContentType.Pfx, "123");  
                    using (FileStream  fileStream = new FileStream("luminji.pfx", FileMode.Create))  
                    {  
                        // Write the data to the file, byte by byte.  
                        for (int i = 0; i < pfxByte.Length; i++)  
                            fileStream.WriteByte(pfxByte[i]);  
                        // Set the stream position to the beginning of the file.  
                        fileStream.Seek(0, SeekOrigin.Begin);  
                        // Read and verify the data.  
                        for (int i = 0; i < fileStream.Length; i++)  
                        {  
                            if (pfxByte[i] != fileStream.ReadByte())  
                            {  
                                Debug.Print("Error writing data.");  
                                return;  
                            }  
                        }  
                        fileStream.Close();  
                        Debug.Print("The data was written to {0} " +  
                            "and verified.", fileStream.Name);  
                    }  
                    string myname = "my name is luminji! and i love huzhonghua!";  
                    string enStr = this.RSAEncrypt(x509.PublicKey.Key.ToXmlString(false), myname);  
                    MessageBox.Show("密文是:" + enStr);  
                    string deStr = this.RSADecrypt(x509.PrivateKey.ToXmlString(true), enStr);  
                    MessageBox.Show("明文是:" + deStr);  
                }  
            }  
            store.Close();  
            store = null;  
            storecollection = null;  
        }  
        /// <summary>  
        /// 创建还有私钥的证书  
        /// </summary>  
        /// <param name="sender"></param>  
        /// <param name="e"></param>  
        private void btn_createPfx_Click(object sender, EventArgs e)  
        {  
            string MakeCert = "C://Program Files//Microsoft Visual Studio 8//SDK//v2.0//Bin//makecert.exe";  
            string x509Name = "CN=luminji";  
            string param = " -pe -ss my -n /"" + x509Name + "/" " ;  
            Process p = Process.Start(MakeCert, param);  
            p.WaitForExit();  
            p.Close();  
            MessageBox.Show("over");  
        }  
        /// <summary>  
        /// 从pfx文件读取证书信息  
        /// </summary>  
        /// <param name="sender"></param>  
        /// <param name="e"></param>  
        private void btn_readFromPfxFile(object sender, EventArgs e)  
        {  
            X509Certificate2 pc = new X509Certificate2("luminji.pfx", "123");  
            MessageBox.Show("name:" + pc.SubjectName.Name);  
            MessageBox.Show("public:" + pc.PublicKey.ToString());  
            MessageBox.Show("private:" + pc.PrivateKey.ToString());  
            pc = null;  
        }  
        /// <summary>  
        /// RSA解密  
        /// </summary>  
        /// <param name="xmlPrivateKey"></param>  
        /// <param name="m_strDecryptString"></param>  
        /// <returns></returns>  
        public string RSADecrypt(string xmlPrivateKey, string m_strDecryptString)  
        {  
            RSACryptoServiceProvider provider = new RSACryptoServiceProvider();  
            provider.FromXmlString(xmlPrivateKey);  
            byte[] rgb = Convert.FromBase64String(m_strDecryptString);  
            byte[] bytes = provider.Decrypt(rgb, false);  
            return new UnicodeEncoding().GetString(bytes);  
        }  
        /// <summary>  
        /// RSA加密  
        /// </summary>  
        /// <param name="xmlPublicKey"></param>  
        /// <param name="m_strEncryptString"></param>  
        /// <returns></returns>  
        public string RSAEncrypt(string xmlPublicKey, string m_strEncryptString)  
        {  
            RSACryptoServiceProvider provider = new RSACryptoServiceProvider();  
            provider.FromXmlString(xmlPublicKey);  
            byte[] bytes = new UnicodeEncoding().GetBytes(m_strEncryptString);  
            return Convert.ToBase64String(provider.Encrypt(bytes, false));  
        } 
/// <summary>
        /// 将证书从证书存储区导出,并存储为pfx文件,同时为pfx文件指定打开的密码
        /// 本函数同时也演示如何用公钥进行加密,私钥进行解密
        /// </summary>
        /// <param name="sender"></param>
        /// <param name="e"></param>
        private void btn_toPfxFile_Click(object sender, EventArgs e)
        {
            X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
            store.Open(OpenFlags.ReadWrite);
            X509Certificate2Collection storecollection = (X509Certificate2Collection)store.Certificates;
            foreach (X509Certificate2 x509 in storecollection)
            {
                if (x509.Subject == "CN=luminji")
                {
                    Debug.Print(string.Format("certificate name: {0}", x509.Subject));
                    byte[] pfxByte = x509.Export(X509ContentType.Pfx, "123");
                    using (FileStream  fileStream = new FileStream("luminji.pfx", FileMode.Create))
                    {
                        // Write the data to the file, byte by byte.
                        for (int i = 0; i < pfxByte.Length; i++)
                            fileStream.WriteByte(pfxByte[i]);
                        // Set the stream position to the beginning of the file.
                        fileStream.Seek(0, SeekOrigin.Begin);
                        // Read and verify the data.
                        for (int i = 0; i < fileStream.Length; i++)
                        {
                            if (pfxByte[i] != fileStream.ReadByte())
                            {
                                Debug.Print("Error writing data.");
                                return;
                            }
                        }
                        fileStream.Close();
                        Debug.Print("The data was written to {0} " +
                            "and verified.", fileStream.Name);
                    }
                    string myname = "my name is luminji! and i love huzhonghua!";
                    string enStr = this.RSAEncrypt(x509.PublicKey.Key.ToXmlString(false), myname);
                    MessageBox.Show("密文是:" + enStr);
                    string deStr = this.RSADecrypt(x509.PrivateKey.ToXmlString(true), enStr);
                    MessageBox.Show("明文是:" + deStr);
                }
            }
            store.Close();
            store = null;
            storecollection = null;
        }
        /// <summary>
        /// 创建还有私钥的证书
        /// </summary>
        /// <param name="sender"></param>
        /// <param name="e"></param>
        private void btn_createPfx_Click(object sender, EventArgs e)
        {
            string MakeCert = "C://Program Files//Microsoft Visual Studio 8//SDK//v2.0//Bin//makecert.exe";
            string x509Name = "CN=luminji";
            string param = " -pe -ss my -n /"" + x509Name + "/" " ;
            Process p = Process.Start(MakeCert, param);
            p.WaitForExit();
            p.Close();
            MessageBox.Show("over");
        }
        /// <summary>
        /// 从pfx文件读取证书信息
        /// </summary>
        /// <param name="sender"></param>
        /// <param name="e"></param>
        private void btn_readFromPfxFile(object sender, EventArgs e)
        {
            X509Certificate2 pc = new X509Certificate2("luminji.pfx", "123");
            MessageBox.Show("name:" + pc.SubjectName.Name);
            MessageBox.Show("public:" + pc.PublicKey.ToString());
            MessageBox.Show("private:" + pc.PrivateKey.ToString());
            pc = null;
        }
        /// <summary>
        /// RSA解密
        /// </summary>
        /// <param name="xmlPrivateKey"></param>
        /// <param name="m_strDecryptString"></param>
        /// <returns></returns>
        public string RSADecrypt(string xmlPrivateKey, string m_strDecryptString)
        {
            RSACryptoServiceProvider provider = new RSACryptoServiceProvider();
            provider.FromXmlString(xmlPrivateKey);
            byte[] rgb = Convert.FromBase64String(m_strDecryptString);
            byte[] bytes = provider.Decrypt(rgb, false);
            return new UnicodeEncoding().GetString(bytes);
        }
        /// <summary>
        /// RSA加密
        /// </summary>
        /// <param name="xmlPublicKey"></param>
        /// <param name="m_strEncryptString"></param>
        /// <returns></returns>
        public string RSAEncrypt(string xmlPublicKey, string m_strEncryptString)
        {
            RSACryptoServiceProvider provider = new RSACryptoServiceProvider();
            provider.FromXmlString(xmlPublicKey);
            byte[] bytes = new UnicodeEncoding().GetBytes(m_strEncryptString);
            return Convert.ToBase64String(provider.Encrypt(bytes, false));
        }

上文是一个示例程序,一个完整的证书工具类如下:

view plaincopy to clipboardprint?
·········10········20········30········40········50········60········70········80········90········100·······110·······120·······130·······140·······150
public sealed class DataCertificate  
    { 
        #region 生成证书  
        /// <summary>  
        /// 根据指定的证书名和makecert全路径生成证书(包含公钥和私钥,并保存在MY存储区)  
        /// </summary>  
        /// <param name="subjectName"></param>  
        /// <param name="makecertPath"></param>  
        /// <returns></returns>  
        public static bool CreateCertWithPrivateKey(string subjectName, string makecertPath)  
        {  
            subjectName = "CN=" + subjectName;  
            string param = " -pe -ss my -n /"" + subjectName + "/" ";  
            try 
            {  
                Process p = Process.Start(makecertPath, param);  
                p.WaitForExit();  
                p.Close();  
            }  
            catch (Exception e)  
            {  
                LogRecord.putErrorLog(e.ToString(), "DataCerficate.CreateCertWithPrivateKey");  
                return false;  
            }  
            return true;  
        } 
        #endregion 
 
        #region 文件导入导出  
        /// <summary>  
        /// 从WINDOWS证书存储区的个人MY区找到主题为subjectName的证书,  
        /// 并导出为pfx文件,同时为其指定一个密码  
        /// 并将证书从个人区删除(如果isDelFromstor为true)  
        /// </summary>  
        /// <param name="subjectName">证书主题,不包含CN=</param>  
        /// <param name="pfxFileName">pfx文件名</param>  
        /// <param name="password">pfx文件密码</param>  
        /// <param name="isDelFromStore">是否从存储区删除</param>  
        /// <returns></returns>  
        public static bool ExportToPfxFile(string subjectName, string pfxFileName,  
            string password, bool isDelFromStore)  
        {  
            subjectName = "CN=" + subjectName;  
            X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);  
            store.Open(OpenFlags.ReadWrite);  
            X509Certificate2Collection storecollection = (X509Certificate2Collection)store.Certificates;  
            foreach (X509Certificate2 x509 in storecollection)  
            {  
                if (x509.Subject == subjectName)  
                {  
                    Debug.Print(string.Format("certificate name: {0}", x509.Subject));  
 
                    byte[] pfxByte = x509.Export(X509ContentType.Pfx, password);  
                    using (FileStream fileStream = new FileStream(pfxFileName, FileMode.Create))  
                    {  
                        // Write the data to the file, byte by byte.  
                        for (int i = 0; i < pfxByte.Length; i++)  
                            fileStream.WriteByte(pfxByte[i]);  
                        // Set the stream position to the beginning of the file.  
                        fileStream.Seek(0, SeekOrigin.Begin);  
                        // Read and verify the data.  
                        for (int i = 0; i < fileStream.Length; i++)  
                        {  
                            if (pfxByte[i] != fileStream.ReadByte())  
                            {  
                                LogRecord.putErrorLog("Export pfx error while verify the pfx file!", "ExportToPfxFile");  
                                fileStream.Close();  
                                return false;  
                            }  
                        }  
                        fileStream.Close();  
                    }  
                    if( isDelFromStore == true)  
                        store.Remove(x509);  
                }  
            }  
            store.Close();  
            store = null;  
            storecollection = null;  
            return true;  
        }  
        /// <summary>  
        /// 从WINDOWS证书存储区的个人MY区找到主题为subjectName的证书,  
        /// 并导出为CER文件(即,只含公钥的)  
        /// </summary>  
        /// <param name="subjectName"></param>  
        /// <param name="cerFileName"></param>  
        /// <returns></returns>  
        public static bool ExportToCerFile(string subjectName, string cerFileName)  
        {  
            subjectName = "CN=" + subjectName;  
            X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);  
            store.Open(OpenFlags.ReadWrite);  
            X509Certificate2Collection storecollection = (X509Certificate2Collection)store.Certificates;  
            foreach (X509Certificate2 x509 in storecollection)  
            {  
                if (x509.Subject == subjectName)  
                {  
                    Debug.Print(string.Format("certificate name: {0}", x509.Subject));  
                    //byte[] pfxByte = x509.Export(X509ContentType.Pfx, password);  
                    byte[] cerByte = x509.Export(X509ContentType.Cert);  
                    using (FileStream fileStream = new FileStream(cerFileName, FileMode.Create))  
                    {  
                        // Write the data to the file, byte by byte.  
                        for (int i = 0; i < cerByte.Length; i++)  
                            fileStream.WriteByte(cerByte[i]);  
                        // Set the stream position to the beginning of the file.  
                        fileStream.Seek(0, SeekOrigin.Begin);  
                        // Read and verify the data.  
                        for (int i = 0; i < fileStream.Length; i++)  
                        {  
                            if (cerByte[i] != fileStream.ReadByte())  
                            {  
                                LogRecord.putErrorLog("Export CER error while verify the CERT file!", "ExportToCERFile");  
                                fileStream.Close();  
                                return false;  
                            }  
                        }  
                        fileStream.Close();  
                    }  
                }  
            }  
            store.Close();  
            store = null;  
            storecollection = null;  
            return true;  
        } 
        #endregion 
 
        #region 从证书中获取信息  
        /// <summary>  
        /// 根据私钥证书得到证书实体,得到实体后可以根据其公钥和私钥进行加解密  
        /// 加解密函数使用DEncrypt的RSACryption类  
        /// </summary>  
        /// <param name="pfxFileName"></param>  
        /// <param name="password"></param>  
        /// <returns></returns>  
        public static X509Certificate2 GetCertificateFromPfxFile(string pfxFileName,  
            string password)  
        {  
            try 
            {  
                return new X509Certificate2(pfxFileName, password, X509KeyStorageFlags.Exportable);  
            }  
            catch (Exception e)  
            {  
                LogRecord.putErrorLog("get certificate from pfx" + pfxFileName + " error:" + e.ToString(),  
                    "GetCertificateFromPfxFile");  
                return null;  
            }  
        }  
        /// <summary>  
        /// 到存储区获取证书  
        /// </summary>  
        /// <param name="subjectName"></param>  
        /// <returns></returns>  
        public static X509Certificate2 GetCertificateFromStore(string subjectName)  
        {  
            subjectName = "CN=" + subjectName;  
            X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);  
            store.Open(OpenFlags.ReadWrite);  
            X509Certificate2Collection storecollection = (X509Certificate2Collection)store.Certificates;  
            foreach (X509Certificate2 x509 in storecollection)  
            {  
                if (x509.Subject == subjectName)  
                {  
                    return x509;  
                }  
            }  
            store.Close();  
            store = null;  
            storecollection = null;  
            return null;  
        }  
        /// <summary>  
        /// 根据公钥证书,返回证书实体  
        /// </summary>  
        /// <param name="cerPath"></param>  
        public static X509Certificate2 GetCertFromCerFile(string cerPath)  
        {  
            try 
            {  
                return new X509Certificate2(cerPath);  
            }  
            catch (Exception e)  
            {  
                LogRecord.putErrorLog(e.ToString(), "DataCertificate.LoadStudentPublicKey");  
                return null;  
            }              
        } 
        #endregion         
    } 

 

本文来自CSDN博客,转载请标明出处:http://blog.csdn.net/luminji/archive/2009/03/05/3960308.aspx

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值