为什么多次调用 X509Certificate2.Export(Pkcs12) 返回不同的结果?
这是一个测试:
var decoded = Convert.FromBase64String(certificateBase64Encoded);
var certificate = new X509Certificate2(decoded, (string)null, X509KeyStorageFlags.Exportable);
var x = Convert.ToBase64String(certificate.Export(X509ContentType.Pkcs12));
var y = Convert.ToBase64String(certificate.Export(X509ContentType.Pkcs12));
Console.WriteLine(x == y);
当使用 X509ContentType.Cert 调用时,该值始终相同,因此控制台打印“True”。但当使用 Pkcs12 选项时,该值总是有很大不同。为什么会这样,有没有办法让它们相同?
Here is a test:
var decoded = Convert.FromBase64String(certificateBase64Encoded);
var certificate = new X509Certificate2(decoded, (string)null, X509KeyStorageFlags.Exportable);
var x = Convert.ToBase64String(certificate.Export(X509ContentType.Pkcs12));
var y = Convert.ToBase64String(certificate.Export(X509ContentType.Pkcs12));
Console.WriteLine(x == y);
When called using X509ContentType.Cert, the value is always the same, and so the console prints 'True'. But when using the Pkcs12 option, the value is always quite different. Why is that, and is there a way to make them the same?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
即使您提供了空密码,PKCS#12 文件(数据)也是加密的,因此每次都会(从随机数据)生成一个新的初始化向量 (IV),因此输出永远不会相同。因此,通过多次调用 Export,您将无法使它们相同。
OTOH 证书是由证书颁发机构 (CA) 签名的,并且在不破坏其签名的情况下无法更改。它们将永远是相同的。
注意:我不记得了,但可能定义了其他随机结构(例如与包相关的),PKCS#12 规范有点大。
The PKCS#12 file (data) is encrypted, even if you supplied a null password, so a new initialization vector (IV) will be generated each time (from random data) so the output will never be the same. As such you'll not be able to make them identical, from multiple calls to Export.
OTOH the certificates are signed from a certificate authority (CA) and cannot be changed without breaking their signature. They will always be identical.
Note: I don't recall offhand but there could be other random structures defined (e.g. bag-related), PKCS#12 specification is a bit large.