使用 openssl/makecert 工具创建 x509 证书
我正在使用 makecert 使用以下参数创建 x509 证书:
makecert -r -pe -n "CN=Client" -ss MyApp
我想使用此证书通过 RSA 算法加密和解密数据。 我查看 Windows 证书存储中生成的证书,一切似乎都正常(它有一个私钥,公钥是一个 1024 位的 RSA 密钥,依此类推。)
现在我使用此 C# 代码来加密数据:
X509Store store = new X509Store("MyApp", StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly);
X509Certificate2Collection certs = store.Certificates.Find(X509FindType.FindBySubjectName, "Client", false);
X509Certificate2 _x509 = certs[0];
using (RSACryptoServiceProvider rsa = (RSACryptoServiceProvider)_x509.PublicKey.Key)
{
byte[] dataToEncrypt = Encoding.UTF8.GetBytes("hello");
_encryptedData = rsa.Encrypt(dataToEncrypt, true);
}
执行 Encrypt 方法时,我收到带有消息“错误密钥”的 CryptographicException。
我认为代码很好。可能我没有正确创建证书。 有什么意见吗? 谢谢
----------------编辑--------------
如果有人知道如何使用 OpenSsl 创建证书,这对我来说也是一个有效的答案。
I'm creating a x509 certificate using makecert with the following parameters:
makecert -r -pe -n "CN=Client" -ss MyApp
I want to use this certificate to encrypt and decrypt data with RSA algoritm.
I look to generated certificate in windows certificate store and everything seems ok (It has a private key, public key is a RSA key with 1024 bits and so on..)
Now i use this C# code to encrypt data:
X509Store store = new X509Store("MyApp", StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly);
X509Certificate2Collection certs = store.Certificates.Find(X509FindType.FindBySubjectName, "Client", false);
X509Certificate2 _x509 = certs[0];
using (RSACryptoServiceProvider rsa = (RSACryptoServiceProvider)_x509.PublicKey.Key)
{
byte[] dataToEncrypt = Encoding.UTF8.GetBytes("hello");
_encryptedData = rsa.Encrypt(dataToEncrypt, true);
}
When executing the Encrypt method, i receive a CryptographicException with message "Bad key".
I think the code is fine. Probably i'm not creating the certificate properly.
Any comments?
Thanks
---------------- EDIT --------------
If anyone know how to create the certificate using OpenSsl, its also a valid answer for me.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
要允许密钥用于加密,您应该使用
-sky-选项。默认情况下,“makecert”使用 AT_SIGNATURE 密钥规范,该规范不适用于加密/解密。相反,通过发出以下命令来使用 AT_KEYEXCHANGE 规范:(请记住删除以前的密钥或使用另一个容器名称)。
To allow the key to be used for encryption, you should use the
-sky-option. Per default ´makecert` uses the AT_SIGNATURE key specification, which will not work with encryption/decryption. Instead have it use the AT_KEYEXCHANGE specification by issuing the following command:(Remember to delete the previous key or use another container-name).
这是我在尝试使用 c# 查找 x509 证书和 rsa 的 makcert 用法示例时偶然发现的另一个页面,不幸的是它只提供了部分解决方案。我将所有内容放在人们可能感兴趣的博客条目中,可以在这里找到:
http://nick-howard.blogspot.com /2011/05/makecert-x509-certificates-and-rsa.html
This was another page I stumbled across when I was trying to find examples of makcert usage with x509 certificates and rsa using c#, and unfortunately it only provided part of the solution. I put all the bits together in a blog entry that people might be interested in, and it can be found here:
http://nick-howard.blogspot.com/2011/05/makecert-x509-certificates-and-rsa.html