验证数字证书的颁发者?
我正在用 C++ 开发一个应用程序。这里我使用数字证书执行一些加密和解密。我的目标是只允许拥有有效数字证书的用户继续。这里有效的数字证书是指由CA(证书颁发机构)颁发的数字证书。例如,现在我们可以创建自己的数字证书,例如 这个。 我的目标是验证数字证书的颁发者并根据颁发者检查有效性。
我这里需要的是执行上述操作的确切 CryptoAPI?如果您有任何其他建议来实现上述目标,我将不胜感激。
预先感谢您的帮助。
I am developing an application in C++. Here i am performing some encryption and decryption using the digital certificates. My objective is that a user with an valid digital certificate should only be allow to proceed. Here a valid digital certificate means the one issued by CA(certificate authority). Now for example we can create our own digital certificate like this.
My objective is to verify the issuer of the digital certificate and check the validity based on the issuer.
What i need here is the exact CryptoAPI to perform above operation? If you have any other suggestion to achieve the above mentioned objective then i would be very grateful.
Thanks in advance for you help.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
CA 将提供其根证书,这将为您的用户证书提供信任。您将构建一个根证书链来实现此目的。请参阅证书链验证函数,
您还会发现其他相关功能将允许您使用 CRL/OCSP 验证证书本身。
如果您不熟悉 cryptoAPI,那么阅读这本书是一个好的开始,使用 CryptoAPI 执行 X.509 证书验证
The CA will supply its root certificate which will provide the trust for your user certificate. You will build a chain to your root certificate to achieve this. Refer to Certificate Chain Verification Functions
You will also find other relevant functions that will allow you to validate the certificate itself using either CRL/OCSP.
If you are not familiar with cryptoAPI, a good starting will be to go through this book, Performing X.509 Certificate Verification with CryptoAPI