当前位置: 文江博客话题详情

如何在 C# 中创建 PKCS12 .p12 文件?

发布于 2024-08-17 08:41:51 字数 5955 浏览 11 评论 0原文

这可能是一个n00b问题,但我在这方面确实没有任何经验。

我需要创建一个包含 X509 证书和私钥的 p12 捆绑包。我当前有两个对象:X509Certificate2 和包含关键信息的 RSAParameters 对象。如何将它们合并到 p12 文件中?

我只是找不到任何与此相关的信息。

我还有一个 RSACryptoServiceProvider 对象,其中包含导入到其中的 RSAParameters 参数(如果有帮助的话)。

一些额外的背景。我从我们在这里安装的 VeriSign 注册机构获取证书。这是通过创建 PCKS#10 证书请求来完成的。我通过读取 RA 放入数据库的数据字节数组来创建我的证书对象。

RsaPrivateCrtKeyParameters KeyParams = (RsaPrivateCrtKeyParameters)this.KeyPair.Private;
RSAParameters rsaParameters = new RSAParameters();

rsaParameters.Modulus = KeyParams.Modulus.ToByteArrayUnsigned();
rsaParameters.P = KeyParams.P.ToByteArrayUnsigned();
rsaParameters.Q = KeyParams.Q.ToByteArrayUnsigned();
rsaParameters.DP = KeyParams.DP.ToByteArrayUnsigned();
rsaParameters.DQ = KeyParams.DQ.ToByteArrayUnsigned();
rsaParameters.InverseQ = KeyParams.QInv.ToByteArrayUnsigned();
rsaParameters.D = KeyParams.Exponent.ToByteArrayUnsigned();
rsaParameters.Exponent = KeyParams.PublicExponent.ToByteArrayUnsigned();

RSACryptoServiceProvider rsaKey = new RSACryptoServiceProvider();
rsaKey.ImportParameters(rsaParameters);

this.Certificate.PrivateKey = rsaKey;

byte[] p12 = this.Certificate.Export(X509ContentType.Pkcs12, "password");

File.WriteAllBytes(fileName, p12);

PKCS10 生成(使用 bouncycastle 库)

509Name name = new X509Name(String.Concat(SubjectCommonName, "=", firstName, " ", lastName));
RsaKeyPairGenerator rkpg = new RsaKeyPairGenerator();
rkpg.Init(new KeyGenerationParameters(new SecureRandom(), 1024));
this.KeyPair = rkpg.GenerateKeyPair();

// PKCS #10 Certificate Signing Request
Pkcs10CertificationRequest csr = new Pkcs10CertificationRequest("SHA1WITHRSA", name, this.KeyPair.Public, null, this.KeyPair.Private);
byte[] request = Base64.Encode(csr.GetEncoded());
ASCIIEncoding encoder  = new ASCIIEncoding();
return encoder.GetString(request);

证书请求(减去 http post 标头)。 public_key 参数是 base64 编码、pkcs10 格式的 CSR。 (我在每个参数后面添加了换行符,这样更容易在这里阅读,它们在实际的 http 帖子中并不存在)

operation=AutoAuthOSUserSubmit&
form_file=..%2ffdf%2fclient%2fuserEnrollMS.fdf&
authenticate=NO&
public_key_format=pkcs10&
country=NZ&
mail_firstName=Daniel&
mail_lastName=Mapletoft&
[email protected]&
challenge=1234&
public_key=MIIBTzCBuwIBADAUMRIwEAYDVQQDDAlTaW1vbiBEb2UwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANZD8M7gjUq1vBWq4w25x3SNhet4T+uCV3ebnAB5ws9f2YQevd9QeSfoPWw/pyJ/mJRDZDLjYzG63VQUzrXyBx3PZhmWqWaDECAYSssOYTfTMWPns0sRsyg1f35f4mh0ZXieiPYdv8r9CVjG9woa15LA1cYI0b93alM/z+OoMLxNAgMBAAEwCwYJKoZIhvcNAQEFA4GBAIB9buu5sycjdAgyV+UMAlzYKlENrQmI2/36ZZ4q3sx5bIyLm9tOEexbNzkk86kcGQhL2w/0oA5UpUCUU4IIf9u+lhpMoUlbHKH4tosswMwVEiFpfIWrL4M9X7+TW4Lj1aGf2T+xgKhWeo+cBSGexxvHo27OaH9d1NVDozEJ6c7i

这是来自 Certificate.GetRawCertDataString() 的输出,

3082036F30820257A003020102021034914BB0AF5A48704B56C89DE8B1BBFD300D06092A864886F70D0101050500304D310B3009060355040613024E5A31283026060355040A131F4669727374204D6F727467616765205365727669636573204C696D69746564311430120603550403130B464D5320526F6F74204341301E170D3130303132313030303030305A170D3131303132313233353935395A305B31243022060355040A141B4669727374204D6F727467616765205365727669636573204C7464311F301D060355040B1416466F72205465737420507572706F736573204F6E6C79311230100603550403140953696D6F6E20446F6530819F300D06092A864886F70D010101050003818D0030818902818100D643F0CEE08D4AB5BC15AAE30DB9C7748D85EB784FEB8257779B9C0079C2CF5FD9841EBDDF507927E83D6C3FA7227F9894436432E36331BADD5414CEB5F2071DCF661996A966831020184ACB0E6137D33163E7B34B11B328357F7E5FE2687465789E88F61DBFCAFD0958C6F70A1AD792C0D5C608D1BF776A533FCFE3A830BC4D0203010001A381C03081BD30090603551D1304023000300E0603551D0F0101FF0404030205A030600603551D1F0101FF045630543052A050A04E864C687474703A2F2F6F6E7369746563726C2E766572697369676E2E636F6D2F46697273744D6F72746761676553657276696365734C746450726F70656C6C632F4C617465737443524C2E63726C301F0603551D230418301680148B2A2C583903B2619F16E73D3DF1704DB1F3D4E2301D0603551D0E0416041411A6D5EBC14D7C226502EC340F70237D23431D0B300D06092A864886F70D010105050003820101008EFD93EF777F2D196FC8633C5A8347CA886320E59AF8AF8D3AA901AEF0ADF75EDD2D3C4495CF70F1E4516AA224F3731B6EE66DCB332FD88C03255DA9D12202DD3DF619EE55443F53773FD03C808B5B66AEEB39A3E20B866DC22D92010785A2729C269E35ED6B2036014628850B8E8A40A501F3C7EECA49A4B7E957B496ECD8A27702D7230C40580F94C69E83A0AEFD9347625B529E3ACDD2A5FEB7B946BEE9BE9DA9AA52E14AEC790C66E8A670AA1D53518DEFB66FE6BC33A57BB6A59C75C6DFADE5E961A9A03C3FFDC559FC9ADD565D345975B99BEF5F973D331E60A3FEFEF713C6C630D80222AD9541BC12F1E92379EF5CBECE81CA5E327FD32FDC28AB52D7

这是来自的数组的内容 byte[] array1 = certKey.ExportCspBlob(false);

6,2,0,0,0,164,0,0,82,83,65,49,0,4,0,0,1,0,1,0,77,188,48,168,227,207,63,83,106,119,191,209,8,198,213,192,146,215,26,10,247,198,88,9,253,202,191,29,246,136,158,120,101,116,104,226,95,126,127,53,40,179,17,75,179,231,99,49,211,55,97,14,203,74,24,32,16,131,102,169,150,25,102,207,29,7,242,181,206,20,84,221,186,49,99,227,50,100,67,148,152,127,34,167,63,108,61,232,39,121,80,223,189,30,132,217,95,207,194,121,0,156,155,119,87,130,235,79,120,235,133,141,116,199,185,13,227,170,21,188,181,74,141,224,206,240,67,214

这是数组的内容 byte[] array2 = rsaKey.ExportCspBlob(false);

6,2,0,0,0,164,0,0,82,83,65,49,0,4,0,0,1,0,1,0,77,188,48,168,227,207,63,83,106,119,191,209,8,198,213,192,146,215,26,10,247,198,88,9,253,202,191,29,246,136,158,120,101,116,104,226,95,126,127,53,40,179,17,75,179,231,99,49,211,55,97,14,203,74,24,32,16,131,102,169,150,25,102,207,29,7,242,181,206,20,84,221,186,49,99,227,50,100,67,148,152,127,34,167,63,108,61,232,39,121,80,223,189,30,132,217,95,207,194,121,0,156,155,119,87,130,235,79,120,235,133,141,116,199,185,13,227,170,21,188,181,74,141,224,206,240,67,214
原文

this is probably a n00b question, but I don't really have any experience in this area.

I need to create a p12 bundle containing an X509 certificate and the private key. I currently have two objects, the X509Certificate2, and the RSAParameters object which contains key information. How do I combine these into a p12 file?

I just cannot find any information regarding this.

I also have a RSACryptoServiceProvider object that has the parameters from the RSAParameters imported into it if that helps.

Some additional background. I am getting my certificate from a VeriSign Registration Authority we have installed here. This is done by creating a PCKS#10 certificate request. I create my certificate object by reading in a byte array of data the RA puts into a database.

RsaPrivateCrtKeyParameters KeyParams = (RsaPrivateCrtKeyParameters)this.KeyPair.Private;
RSAParameters rsaParameters = new RSAParameters();

rsaParameters.Modulus = KeyParams.Modulus.ToByteArrayUnsigned();
rsaParameters.P = KeyParams.P.ToByteArrayUnsigned();
rsaParameters.Q = KeyParams.Q.ToByteArrayUnsigned();
rsaParameters.DP = KeyParams.DP.ToByteArrayUnsigned();
rsaParameters.DQ = KeyParams.DQ.ToByteArrayUnsigned();
rsaParameters.InverseQ = KeyParams.QInv.ToByteArrayUnsigned();
rsaParameters.D = KeyParams.Exponent.ToByteArrayUnsigned();
rsaParameters.Exponent = KeyParams.PublicExponent.ToByteArrayUnsigned();

RSACryptoServiceProvider rsaKey = new RSACryptoServiceProvider();
rsaKey.ImportParameters(rsaParameters);

this.Certificate.PrivateKey = rsaKey;

byte[] p12 = this.Certificate.Export(X509ContentType.Pkcs12, "password");

File.WriteAllBytes(fileName, p12);

PKCS10 generation (using the bouncycastle library)

509Name name = new X509Name(String.Concat(SubjectCommonName, "=", firstName, " ", lastName));
RsaKeyPairGenerator rkpg = new RsaKeyPairGenerator();
rkpg.Init(new KeyGenerationParameters(new SecureRandom(), 1024));
this.KeyPair = rkpg.GenerateKeyPair();

// PKCS #10 Certificate Signing Request
Pkcs10CertificationRequest csr = new Pkcs10CertificationRequest("SHA1WITHRSA", name, this.KeyPair.Public, null, this.KeyPair.Private);
byte[] request = Base64.Encode(csr.GetEncoded());
ASCIIEncoding encoder  = new ASCIIEncoding();
return encoder.GetString(request);

The cert request (minus the http post headers). the public_key parameter is the base64 encoded, pkcs10 formatted CSR. (I've put the line breaks after each parameter just so it's easier to read here, they are not there in the actual http post)

operation=AutoAuthOSUserSubmit&
form_file=..%2ffdf%2fclient%2fuserEnrollMS.fdf&
authenticate=NO&
public_key_format=pkcs10&
country=NZ&
mail_firstName=Daniel&
mail_lastName=Mapletoft&
[email protected]&
challenge=1234&
public_key=MIIBTzCBuwIBADAUMRIwEAYDVQQDDAlTaW1vbiBEb2UwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANZD8M7gjUq1vBWq4w25x3SNhet4T+uCV3ebnAB5ws9f2YQevd9QeSfoPWw/pyJ/mJRDZDLjYzG63VQUzrXyBx3PZhmWqWaDECAYSssOYTfTMWPns0sRsyg1f35f4mh0ZXieiPYdv8r9CVjG9woa15LA1cYI0b93alM/z+OoMLxNAgMBAAEwCwYJKoZIhvcNAQEFA4GBAIB9buu5sycjdAgyV+UMAlzYKlENrQmI2/36ZZ4q3sx5bIyLm9tOEexbNzkk86kcGQhL2w/0oA5UpUCUU4IIf9u+lhpMoUlbHKH4tosswMwVEiFpfIWrL4M9X7+TW4Lj1aGf2T+xgKhWeo+cBSGexxvHo27OaH9d1NVDozEJ6c7i

This is the output from Certificate.GetRawCertDataString()

3082036F30820257A003020102021034914BB0AF5A48704B56C89DE8B1BBFD300D06092A864886F70D0101050500304D310B3009060355040613024E5A31283026060355040A131F4669727374204D6F727467616765205365727669636573204C696D69746564311430120603550403130B464D5320526F6F74204341301E170D3130303132313030303030305A170D3131303132313233353935395A305B31243022060355040A141B4669727374204D6F727467616765205365727669636573204C7464311F301D060355040B1416466F72205465737420507572706F736573204F6E6C79311230100603550403140953696D6F6E20446F6530819F300D06092A864886F70D010101050003818D0030818902818100D643F0CEE08D4AB5BC15AAE30DB9C7748D85EB784FEB8257779B9C0079C2CF5FD9841EBDDF507927E83D6C3FA7227F9894436432E36331BADD5414CEB5F2071DCF661996A966831020184ACB0E6137D33163E7B34B11B328357F7E5FE2687465789E88F61DBFCAFD0958C6F70A1AD792C0D5C608D1BF776A533FCFE3A830BC4D0203010001A381C03081BD30090603551D1304023000300E0603551D0F0101FF0404030205A030600603551D1F0101FF045630543052A050A04E864C687474703A2F2F6F6E7369746563726C2E766572697369676E2E636F6D2F46697273744D6F72746761676553657276696365734C746450726F70656C6C632F4C617465737443524C2E63726C301F0603551D230418301680148B2A2C583903B2619F16E73D3DF1704DB1F3D4E2301D0603551D0E0416041411A6D5EBC14D7C226502EC340F70237D23431D0B300D06092A864886F70D010105050003820101008EFD93EF777F2D196FC8633C5A8347CA886320E59AF8AF8D3AA901AEF0ADF75EDD2D3C4495CF70F1E4516AA224F3731B6EE66DCB332FD88C03255DA9D12202DD3DF619EE55443F53773FD03C808B5B66AEEB39A3E20B866DC22D92010785A2729C269E35ED6B2036014628850B8E8A40A501F3C7EECA49A4B7E957B496ECD8A27702D7230C40580F94C69E83A0AEFD9347625B529E3ACDD2A5FEB7B946BEE9BE9DA9AA52E14AEC790C66E8A670AA1D53518DEFB66FE6BC33A57BB6A59C75C6DFADE5E961A9A03C3FFDC559FC9ADD565D345975B99BEF5F973D331E60A3FEFEF713C6C630D80222AD9541BC12F1E92379EF5CBECE81CA5E327FD32FDC28AB52D7

this is the contents of array from
byte[] array1 = certKey.ExportCspBlob(false);

6,2,0,0,0,164,0,0,82,83,65,49,0,4,0,0,1,0,1,0,77,188,48,168,227,207,63,83,106,119,191,209,8,198,213,192,146,215,26,10,247,198,88,9,253,202,191,29,246,136,158,120,101,116,104,226,95,126,127,53,40,179,17,75,179,231,99,49,211,55,97,14,203,74,24,32,16,131,102,169,150,25,102,207,29,7,242,181,206,20,84,221,186,49,99,227,50,100,67,148,152,127,34,167,63,108,61,232,39,121,80,223,189,30,132,217,95,207,194,121,0,156,155,119,87,130,235,79,120,235,133,141,116,199,185,13,227,170,21,188,181,74,141,224,206,240,67,214

this is the contents of the array from
byte[] array2 = rsaKey.ExportCspBlob(false);

6,2,0,0,0,164,0,0,82,83,65,49,0,4,0,0,1,0,1,0,77,188,48,168,227,207,63,83,106,119,191,209,8,198,213,192,146,215,26,10,247,198,88,9,253,202,191,29,246,136,158,120,101,116,104,226,95,126,127,53,40,179,17,75,179,231,99,49,211,55,97,14,203,74,24,32,16,131,102,169,150,25,102,207,29,7,242,181,206,20,84,221,186,49,99,227,50,100,67,148,152,127,34,167,63,108,61,232,39,121,80,223,189,30,132,217,95,207,194,121,0,156,155,119,87,130,235,79,120,235,133,141,116,199,185,13,227,170,21,188,181,74,141,224,206,240,67,214

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

林空鹿饮溪 2024-08-24 08:41:51

试试这个:

RSACryptoServiceProvider rsaKey = new RSACryptoServiceProvider();
rsaKey.ImportParameters(rsaParameters);

X509Certificate2 cert = ...

cert.PrivateKey = rsaKey;

cert.Export(X509ContentType.Pkcs12, "password");

由于您仍然得到不匹配的结果,但找不到密钥之间的任何差异,请尝试插入此检查(它应该复制 .NET 框架内部的操作):

RSACryptoServiceProvider certKey = (RSACryptoServiceProvider) cert.PublicKey.Key;
byte[] array1 = certKey.ExportCspBlob(false);
byte[] array2 = rsaKey.ExportCspBlob(false);
if(array1.Length!=array2.Length)
  throw new Exception("key mismatch");
for (int i = 8; i < array1.Length; i++){ // skip blobheader
  if (array1[i] != array2[i]){
    throw new Exception("key mismatch");
  }
}

看起来您的密钥出了问题。您是否可能在发出证书请求和接收证书之间生成新的 RSA 密钥?

这是您的证书请求的转储:

0 30  342: SEQUENCE {
   4 30  194:   SEQUENCE {
   7 02    1:     INTEGER 0
  10 30   27:     SEQUENCE {
  12 31   25:       SET {
  14 30   23:         SEQUENCE {
  16 06    3:           OBJECT IDENTIFIER commonName (2 5 4 3)
  21 0C   16:           UTF8String 'Daniel Mapletoft'
            :           }
            :         }
            :       }
  39 30  159:     SEQUENCE {
  42 30   13:       SEQUENCE {
  44 06    9:         OBJECT IDENTIFIER rsaEncryption (1 2 840 113549 1 1 1)
  55 05    0:         NULL
            :         }
  57 03  141:       BIT STRING 0 unused bits, encapsulates {
  61 30  137:           SEQUENCE {
  64 02  129:             INTEGER
            :               00 95 83 2A AB 16 9D 7F 16 87 40 A4 09 74 5F 9D
            :               81 04 B0 41 C1 75 9C C9 CD D0 52 EF 61 09 EF F5
            :               9B 40 1D D4 79 E0 4B 17 6C 1E 62 73 38 D8 69 92
            :               31 C4 E0 84 07 4B 2E FD 53 6D 24 95 59 12 43 8E
            :               82 35 1D 62 79 89 C2 88 38 57 3D 1F 15 8D B9 CC
            :               FA F4 41 23 BA FD ED 51 69 F7 7A E7 03 72 A2 DA
            :               A9 08 65 17 DA 90 E3 7B C4 2C 85 6A 3F AF 83 AC
            :               E5 00 37 7A 98 14 03 EE 68 37 CB E7 0A 1A 49 5F
            :                       [ Another 1 bytes skipped ]
 196 02    3:             INTEGER 65537
            :             }
            :           }
            :       }
            :     }
 201 30   11:   SEQUENCE {
 203 06    9:     OBJECT IDENTIFIER
            :       sha1withRSAEncryption (1 2 840 113549 1 1 5)
            :     }
 214 03  129:   BIT STRING 0 unused bits
            :     70 D5 29 EB F3 2A 34 13 3F E6 DE 78 35 FB 79 BD
            :     6D ED 8E 89 D9 B0 8F C1 7C 7D 42 37 B8 3E 5B 00
            :     C2 26 A4 E5 77 26 01 86 63 E1 BB 4D 9C CE 7A 10
            :     FF 8E BF 77 1B 0E F9 EE 38 1F 1F A1 04 24 D7 6A
            :     B6 28 3A 88 F5 54 D0 88 46 92 6E 5D 7E 7C CE 87
            :     99 F9 DC 85 99 33 8C 9D BD 73 E2 23 8A 9A 97 B0
            :     3A 9B 36 51 58 FD B7 0F 60 3D FB 5F 4F 06 A0 CE
            :     30 7F 56 B6 53 5E FE 64 7D 8A 30 92 FB BA A4 C6
            :   }

这是您的证书的转储:

   0 30  886: SEQUENCE {
   4 30  606:   SEQUENCE {
   8 A0    3:     [0] {
  10 02    1:       INTEGER 2
            :       }
  13 02   16:     INTEGER
            :       6E F0 A9 78 7D 3C D4 05 4E 90 13 DC 9D 34 77 2C
  31 30   13:     SEQUENCE {
  33 06    9:       OBJECT IDENTIFIER
            :         sha1withRSAEncryption (1 2 840 113549 1 1 5)
  44 05    0:       NULL
            :       }
  46 30   77:     SEQUENCE {
  48 31   11:       SET {
  50 30    9:         SEQUENCE {
  52 06    3:           OBJECT IDENTIFIER countryName (2 5 4 6)
  57 13    2:           PrintableString 'NZ'
            :           }
            :         }
  61 31   40:       SET {
  63 30   38:         SEQUENCE {
  65 06    3:           OBJECT IDENTIFIER organizationName (2 5 4 10)
  70 13   31:           PrintableString 'First Mortgage Services Limited'
            :           }
            :         }
 103 31   20:       SET {
 105 30   18:         SEQUENCE {
 107 06    3:           OBJECT IDENTIFIER commonName (2 5 4 3)
 112 13   11:           PrintableString 'FMS Root CA'
            :           }
            :         }
            :       }
 125 30   30:     SEQUENCE {
 127 17   13:       UTCTime '091222000000Z'
 142 17   13:       UTCTime '101222235959Z'
            :       }
 157 30   98:     SEQUENCE {
 159 31   36:       SET {
 161 30   34:         SEQUENCE {
 163 06    3:           OBJECT IDENTIFIER organizationName (2 5 4 10)
 168 14   27:           TeletexString 'First Mortgage Services Ltd'
            :           }
            :         }
 197 31   31:       SET {
 199 30   29:         SEQUENCE {
 201 06    3:           OBJECT IDENTIFIER organizationalUnitName (2 5 4 11)
 206 14   22:           TeletexString 'For Test Purposes Only'
            :           }
            :         }
 230 31   25:       SET {
 232 30   23:         SEQUENCE {
 234 06    3:           OBJECT IDENTIFIER commonName (2 5 4 3)
 239 14   16:           TeletexString 'Daniel Mapletoft'
            :           }
            :         }
            :       }
 257 30  159:     SEQUENCE {
 260 30   13:       SEQUENCE {
 262 06    9:         OBJECT IDENTIFIER rsaEncryption (1 2 840 113549 1 1 1)
 273 05    0:         NULL
            :         }
 275 03  141:       BIT STRING 0 unused bits, encapsulates {
 279 30  137:           SEQUENCE {
 282 02  129:             INTEGER
            :               00 CD 08 AE 3E E3 5A E4 5E 50 28 29 5E 65 05 DA
            :               1A E1 9C 50 44 4A F0 06 AA 75 1A 8F F0 75 4C AA
            :               47 4B D5 8F 04 B5 CE 98 C5 0D 99 54 36 E9 EF 2E
            :               7D CD DF FA 46 B2 7D 76 E5 74 19 AD 3E F0 52 52
            :               C7 F8 86 E6 78 32 90 EB 2F 12 3F 7A 31 4B 15 E9
            :               2A 9D 75 91 EA 31 9F 4E 98 A6 06 81 DD 98 1B 1A
            :               DB FE 1F 2E BD 2E 32 60 5A 54 7C 0E 48 6A AB 6C
            :               C6 F6 E2 F2 FD 4A BE 5A BD E0 DF 0C 21 B6 4C 9E
            :                       [ Another 1 bytes skipped ]
 414 02    3:             INTEGER 65537
            :             }
            :           }
            :       }
 419 A3  192:     [3] {
 422 30  189:       SEQUENCE {
 425 30    9:         SEQUENCE {
 427 06    3:           OBJECT IDENTIFIER basicConstraints (2 5 29 19)
 432 04    2:           OCTET STRING, encapsulates {
 434 30    0:               SEQUENCE {}
            :               }
            :           }
 436 30   14:         SEQUENCE {
 438 06    3:           OBJECT IDENTIFIER keyUsage (2 5 29 15)
 443 01    1:           BOOLEAN TRUE
 446 04    4:           OCTET STRING, encapsulates {
 448 03    2:               BIT STRING 5 unused bits
            :                 '101'B
            :               }
            :           }
 452 30   96:         SEQUENCE {
 454 06    3:           OBJECT IDENTIFIER cRLDistributionPoints (2 5 29 31)
 459 01    1:           BOOLEAN TRUE
 462 04   86:           OCTET STRING, encapsulates {
 464 30   84:               SEQUENCE {
 466 30   82:                 SEQUENCE {
 468 A0   80:                   [0] {
 470 A0   78:                     [0] {
 472 86   76:                       [6]
            :                   'http://onsitecrl.verisign.com/FirstMortgageServi'
            :                   'cesLtdPropellc/LatestCRL.crl'
            :                       }
            :                     }
            :                   }
            :                 }
            :               }
            :           }
 550 30   31:         SEQUENCE {
 552 06    3:           OBJECT IDENTIFIER authorityKeyIdentifier (2 5 29 35)
 557 04   24:           OCTET STRING, encapsulates {
 559 30   22:               SEQUENCE {
 561 80   20:                 [0]
            :                   8B 2A 2C 58 39 03 B2 61 9F 16 E7 3D 3D F1 70 4D
            :                   B1 F3 D4 E2
            :                 }
            :               }
            :           }
 583 30   29:         SEQUENCE {
 585 06    3:           OBJECT IDENTIFIER subjectKeyIdentifier (2 5 29 14)
 590 04   22:           OCTET STRING, encapsulates {
 592 04   20:               OCTET STRING
            :                 3E 91 DB A0 9C B4 A1 CB 68 CC 70 D0 0A 29 D6 BF
            :                 4E 68 10 AB
            :               }
            :           }
            :         }
            :       }
            :     }
 614 30   13:   SEQUENCE {
 616 06    9:     OBJECT IDENTIFIER
            :       sha1withRSAEncryption (1 2 840 113549 1 1 5)
 627 05    0:     NULL
            :     }
 629 03  257:   BIT STRING 0 unused bits
            :     3E C3 A3 F3 5F 3E 29 37 4D 33 E3 F5 F2 89 42 78
            :     AC CD 59 14 E9 CC FF 20 8F 98 34 7B F0 F4 D2 96
            :     EC 58 53 61 E4 3E D0 02 CF FF 30 C8 77 D0 6F 94
            :     37 72 3C B7 90 6E 38 10 59 8C F8 06 B0 61 55 65
            :     58 96 30 7B 9A 58 FF DB 15 7C FA F9 1F 64 5E DC
            :     E8 63 EE EE 90 B1 18 3C 6A 11 62 73 91 CF DE DB
            :     34 F5 67 4F C9 89 77 5C 36 71 FC 11 27 07 C5 76
            :     BB 79 B8 8E 19 E8 E2 5B D7 A5 23 BA D8 19 7C 74
            :             [ Another 128 bytes skipped ]
            :   }

请求中以“00 95 83 2A”开头且证书中以“00 CD 08 AE”开头的整数是公共的 RSA 模数钥匙。

ExportCspBlob 输出中的值是相反的,因为 Microsoft 使用小端格式,但如果从 certKey.ExportCspBlob(false) 的末尾开始,您应该识别:205=0xCD, 8= 0x08、174=0xAE。
另一方面,rsaKey.ExportCspBlob(false) 包含 166=0xA6、154=0x9A、180=0xB4,这是另一个 RSA 模数。

您确定所有转储的值都来自同一证书颁发过程吗?

Try this:

RSACryptoServiceProvider rsaKey = new RSACryptoServiceProvider();
rsaKey.ImportParameters(rsaParameters);

X509Certificate2 cert = ...

cert.PrivateKey = rsaKey;

cert.Export(X509ContentType.Pkcs12, "password");

Since you still get the mismatch, but cannot find any difference between the keys, try to insert this check (it should replicate what the .NET framework does internally):

RSACryptoServiceProvider certKey = (RSACryptoServiceProvider) cert.PublicKey.Key;
byte[] array1 = certKey.ExportCspBlob(false);
byte[] array2 = rsaKey.ExportCspBlob(false);
if(array1.Length!=array2.Length)
  throw new Exception("key mismatch");
for (int i = 8; i < array1.Length; i++){ // skip blobheader
  if (array1[i] != array2[i]){
    throw new Exception("key mismatch");
  }
}

It looks like something is going wrong with your keys. Are you perhaps generating a new RSA key between issuing the certificate-request and receiving the certificate?

Here is a dump of your certificate-request:

0 30  342: SEQUENCE {
   4 30  194:   SEQUENCE {
   7 02    1:     INTEGER 0
  10 30   27:     SEQUENCE {
  12 31   25:       SET {
  14 30   23:         SEQUENCE {
  16 06    3:           OBJECT IDENTIFIER commonName (2 5 4 3)
  21 0C   16:           UTF8String 'Daniel Mapletoft'
            :           }
            :         }
            :       }
  39 30  159:     SEQUENCE {
  42 30   13:       SEQUENCE {
  44 06    9:         OBJECT IDENTIFIER rsaEncryption (1 2 840 113549 1 1 1)
  55 05    0:         NULL
            :         }
  57 03  141:       BIT STRING 0 unused bits, encapsulates {
  61 30  137:           SEQUENCE {
  64 02  129:             INTEGER
            :               00 95 83 2A AB 16 9D 7F 16 87 40 A4 09 74 5F 9D
            :               81 04 B0 41 C1 75 9C C9 CD D0 52 EF 61 09 EF F5
            :               9B 40 1D D4 79 E0 4B 17 6C 1E 62 73 38 D8 69 92
            :               31 C4 E0 84 07 4B 2E FD 53 6D 24 95 59 12 43 8E
            :               82 35 1D 62 79 89 C2 88 38 57 3D 1F 15 8D B9 CC
            :               FA F4 41 23 BA FD ED 51 69 F7 7A E7 03 72 A2 DA
            :               A9 08 65 17 DA 90 E3 7B C4 2C 85 6A 3F AF 83 AC
            :               E5 00 37 7A 98 14 03 EE 68 37 CB E7 0A 1A 49 5F
            :                       [ Another 1 bytes skipped ]
 196 02    3:             INTEGER 65537
            :             }
            :           }
            :       }
            :     }
 201 30   11:   SEQUENCE {
 203 06    9:     OBJECT IDENTIFIER
            :       sha1withRSAEncryption (1 2 840 113549 1 1 5)
            :     }
 214 03  129:   BIT STRING 0 unused bits
            :     70 D5 29 EB F3 2A 34 13 3F E6 DE 78 35 FB 79 BD
            :     6D ED 8E 89 D9 B0 8F C1 7C 7D 42 37 B8 3E 5B 00
            :     C2 26 A4 E5 77 26 01 86 63 E1 BB 4D 9C CE 7A 10
            :     FF 8E BF 77 1B 0E F9 EE 38 1F 1F A1 04 24 D7 6A
            :     B6 28 3A 88 F5 54 D0 88 46 92 6E 5D 7E 7C CE 87
            :     99 F9 DC 85 99 33 8C 9D BD 73 E2 23 8A 9A 97 B0
            :     3A 9B 36 51 58 FD B7 0F 60 3D FB 5F 4F 06 A0 CE
            :     30 7F 56 B6 53 5E FE 64 7D 8A 30 92 FB BA A4 C6
            :   }

and here is a dump of your certificate:

   0 30  886: SEQUENCE {
   4 30  606:   SEQUENCE {
   8 A0    3:     [0] {
  10 02    1:       INTEGER 2
            :       }
  13 02   16:     INTEGER
            :       6E F0 A9 78 7D 3C D4 05 4E 90 13 DC 9D 34 77 2C
  31 30   13:     SEQUENCE {
  33 06    9:       OBJECT IDENTIFIER
            :         sha1withRSAEncryption (1 2 840 113549 1 1 5)
  44 05    0:       NULL
            :       }
  46 30   77:     SEQUENCE {
  48 31   11:       SET {
  50 30    9:         SEQUENCE {
  52 06    3:           OBJECT IDENTIFIER countryName (2 5 4 6)
  57 13    2:           PrintableString 'NZ'
            :           }
            :         }
  61 31   40:       SET {
  63 30   38:         SEQUENCE {
  65 06    3:           OBJECT IDENTIFIER organizationName (2 5 4 10)
  70 13   31:           PrintableString 'First Mortgage Services Limited'
            :           }
            :         }
 103 31   20:       SET {
 105 30   18:         SEQUENCE {
 107 06    3:           OBJECT IDENTIFIER commonName (2 5 4 3)
 112 13   11:           PrintableString 'FMS Root CA'
            :           }
            :         }
            :       }
 125 30   30:     SEQUENCE {
 127 17   13:       UTCTime '091222000000Z'
 142 17   13:       UTCTime '101222235959Z'
            :       }
 157 30   98:     SEQUENCE {
 159 31   36:       SET {
 161 30   34:         SEQUENCE {
 163 06    3:           OBJECT IDENTIFIER organizationName (2 5 4 10)
 168 14   27:           TeletexString 'First Mortgage Services Ltd'
            :           }
            :         }
 197 31   31:       SET {
 199 30   29:         SEQUENCE {
 201 06    3:           OBJECT IDENTIFIER organizationalUnitName (2 5 4 11)
 206 14   22:           TeletexString 'For Test Purposes Only'
            :           }
            :         }
 230 31   25:       SET {
 232 30   23:         SEQUENCE {
 234 06    3:           OBJECT IDENTIFIER commonName (2 5 4 3)
 239 14   16:           TeletexString 'Daniel Mapletoft'
            :           }
            :         }
            :       }
 257 30  159:     SEQUENCE {
 260 30   13:       SEQUENCE {
 262 06    9:         OBJECT IDENTIFIER rsaEncryption (1 2 840 113549 1 1 1)
 273 05    0:         NULL
            :         }
 275 03  141:       BIT STRING 0 unused bits, encapsulates {
 279 30  137:           SEQUENCE {
 282 02  129:             INTEGER
            :               00 CD 08 AE 3E E3 5A E4 5E 50 28 29 5E 65 05 DA
            :               1A E1 9C 50 44 4A F0 06 AA 75 1A 8F F0 75 4C AA
            :               47 4B D5 8F 04 B5 CE 98 C5 0D 99 54 36 E9 EF 2E
            :               7D CD DF FA 46 B2 7D 76 E5 74 19 AD 3E F0 52 52
            :               C7 F8 86 E6 78 32 90 EB 2F 12 3F 7A 31 4B 15 E9
            :               2A 9D 75 91 EA 31 9F 4E 98 A6 06 81 DD 98 1B 1A
            :               DB FE 1F 2E BD 2E 32 60 5A 54 7C 0E 48 6A AB 6C
            :               C6 F6 E2 F2 FD 4A BE 5A BD E0 DF 0C 21 B6 4C 9E
            :                       [ Another 1 bytes skipped ]
 414 02    3:             INTEGER 65537
            :             }
            :           }
            :       }
 419 A3  192:     [3] {
 422 30  189:       SEQUENCE {
 425 30    9:         SEQUENCE {
 427 06    3:           OBJECT IDENTIFIER basicConstraints (2 5 29 19)
 432 04    2:           OCTET STRING, encapsulates {
 434 30    0:               SEQUENCE {}
            :               }
            :           }
 436 30   14:         SEQUENCE {
 438 06    3:           OBJECT IDENTIFIER keyUsage (2 5 29 15)
 443 01    1:           BOOLEAN TRUE
 446 04    4:           OCTET STRING, encapsulates {
 448 03    2:               BIT STRING 5 unused bits
            :                 '101'B
            :               }
            :           }
 452 30   96:         SEQUENCE {
 454 06    3:           OBJECT IDENTIFIER cRLDistributionPoints (2 5 29 31)
 459 01    1:           BOOLEAN TRUE
 462 04   86:           OCTET STRING, encapsulates {
 464 30   84:               SEQUENCE {
 466 30   82:                 SEQUENCE {
 468 A0   80:                   [0] {
 470 A0   78:                     [0] {
 472 86   76:                       [6]
            :                   'http://onsitecrl.verisign.com/FirstMortgageServi'
            :                   'cesLtdPropellc/LatestCRL.crl'
            :                       }
            :                     }
            :                   }
            :                 }
            :               }
            :           }
 550 30   31:         SEQUENCE {
 552 06    3:           OBJECT IDENTIFIER authorityKeyIdentifier (2 5 29 35)
 557 04   24:           OCTET STRING, encapsulates {
 559 30   22:               SEQUENCE {
 561 80   20:                 [0]
            :                   8B 2A 2C 58 39 03 B2 61 9F 16 E7 3D 3D F1 70 4D
            :                   B1 F3 D4 E2
            :                 }
            :               }
            :           }
 583 30   29:         SEQUENCE {
 585 06    3:           OBJECT IDENTIFIER subjectKeyIdentifier (2 5 29 14)
 590 04   22:           OCTET STRING, encapsulates {
 592 04   20:               OCTET STRING
            :                 3E 91 DB A0 9C B4 A1 CB 68 CC 70 D0 0A 29 D6 BF
            :                 4E 68 10 AB
            :               }
            :           }
            :         }
            :       }
            :     }
 614 30   13:   SEQUENCE {
 616 06    9:     OBJECT IDENTIFIER
            :       sha1withRSAEncryption (1 2 840 113549 1 1 5)
 627 05    0:     NULL
            :     }
 629 03  257:   BIT STRING 0 unused bits
            :     3E C3 A3 F3 5F 3E 29 37 4D 33 E3 F5 F2 89 42 78
            :     AC CD 59 14 E9 CC FF 20 8F 98 34 7B F0 F4 D2 96
            :     EC 58 53 61 E4 3E D0 02 CF FF 30 C8 77 D0 6F 94
            :     37 72 3C B7 90 6E 38 10 59 8C F8 06 B0 61 55 65
            :     58 96 30 7B 9A 58 FF DB 15 7C FA F9 1F 64 5E DC
            :     E8 63 EE EE 90 B1 18 3C 6A 11 62 73 91 CF DE DB
            :     34 F5 67 4F C9 89 77 5C 36 71 FC 11 27 07 C5 76
            :     BB 79 B8 8E 19 E8 E2 5B D7 A5 23 BA D8 19 7C 74
            :             [ Another 128 bytes skipped ]
            :   }

The INTEGERs starting with "00 95 83 2A" in the request and with "00 CD 08 AE" in the certificate are the RSA moduluses of the public key.

The values in the output from ExportCspBlob are reversed, since Microsoft uses little-endian format, but if you start from the end of certKey.ExportCspBlob(false), you should recognize: 205=0xCD, 8=0x08, 174=0xAE.
rsaKey.ExportCspBlob(false) on the other hand contains 166=0xA6, 154=0x9A, 180=0xB4, which is yet another RSA modulus.

Are you sure that all of your dumped values were from the same certificate-issuing-process?

回复 原文
~没有更多了~

关于作者

剑心龙吟

暂无简介

0 文章
0 评论
378 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

1CH1MKgiKxn9p

文章 0 评论 0

ゞ记忆︶ㄣ

文章 0 评论 0

JackDx

文章 0 评论 0

信远

文章 0 评论 0

yaoduoduo1995

文章 0 评论 0

霞映澄塘

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文