首页 > 代码库 > C#创建数字证书并导出为pfx,并使用pfx进行非对称加解密

C#创建数字证书并导出为pfx,并使用pfx进行非对称加解密

本文源程序下载:http://download.csdn.net/source/2444494

 

我的项目当中,考虑到安全性,需要为每个客户端分发一个数字证书,同时使用数字证书中的公私钥来进行数据的加解密。为了完成这个安全模块,特写了如下一个DEMO程序,该DEMO程序包含的功能有:

1:调用.NET2.0的MAKECERT创建含有私钥的数字证书,并存储到个人证书区;

2:将该证书导出为pfx文件,并为其指定一个用来打开pfx文件的password;

3:读取pfx文件,导出pfx中公钥和私钥;

4:用pfx证书中的公钥进行数据的加密,用私钥进行数据的解密;

系统界面:

技术分享

 

代码如下:

/// <summary>          /// 将证书从证书存储区导出,并存储为pfx文件,同时为pfx文件指定打开的密码          /// 本函数同时也演示如何用公钥进行加密,私钥进行解密          /// </summary>          /// <param name="sender"></param>          /// <param name="e"></param>          private void btn_toPfxFile_Click(object sender, EventArgs e)          {              X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);              store.Open(OpenFlags.ReadWrite);              X509Certificate2Collection storecollection = (X509Certificate2Collection)store.Certificates;              foreach (X509Certificate2 x509 in storecollection)              {                  if (x509.Subject == "CN=luminji")                  {                      Debug.Print(string.Format("certificate name: {0}", x509.Subject));                      byte[] pfxByte = x509.Export(X509ContentType.Pfx, "123");                      using (FileStream  fileStream = new FileStream("luminji.pfx", FileMode.Create))                      {                          // Write the data to the file, byte by byte.                          for (int i = 0; i < pfxByte.Length; i++)                              fileStream.WriteByte(pfxByte[i]);                          // Set the stream position to the beginning of the file.                          fileStream.Seek(0, SeekOrigin.Begin);                          // Read and verify the data.                          for (int i = 0; i < fileStream.Length; i++)                          {                              if (pfxByte[i] != fileStream.ReadByte())                              {                                  Debug.Print("Error writing data.");                                  return;                              }                          }                          fileStream.Close();                          Debug.Print("The data was written to {0} " +                              "and verified.", fileStream.Name);                      }                      string myname = "my name is luminji! and i love huzhonghua!";                      string enStr = this.RSAEncrypt(x509.PublicKey.Key.ToXmlString(false), myname);                      MessageBox.Show("密文是:" + enStr);                      string deStr = this.RSADecrypt(x509.PrivateKey.ToXmlString(true), enStr);                      MessageBox.Show("明文是:" + deStr);                  }              }              store.Close();              store = null;              storecollection = null;          }          /// <summary>          /// 创建还有私钥的证书          /// </summary>          /// <param name="sender"></param>          /// <param name="e"></param>          private void btn_createPfx_Click(object sender, EventArgs e)          {              string MakeCert = "C://Program Files//Microsoft Visual Studio 8//SDK//v2.0//Bin//makecert.exe";              string x509Name = "CN=luminji";              string param = " -pe -ss my -n /"" + x509Name + "/" " ;              Process p = Process.Start(MakeCert, param);              p.WaitForExit();              p.Close();              MessageBox.Show("over");          }          /// <summary>          /// 从pfx文件读取证书信息          /// </summary>          /// <param name="sender"></param>          /// <param name="e"></param>          private void btn_readFromPfxFile(object sender, EventArgs e)          {              X509Certificate2 pc = new X509Certificate2("luminji.pfx", "123");              MessageBox.Show("name:" + pc.SubjectName.Name);              MessageBox.Show("public:" + pc.PublicKey.ToString());              MessageBox.Show("private:" + pc.PrivateKey.ToString());              pc = null;          }          /// <summary>          /// RSA解密          /// </summary>          /// <param name="xmlPrivateKey"></param>          /// <param name="m_strDecryptString"></param>          /// <returns></returns>          public string RSADecrypt(string xmlPrivateKey, string m_strDecryptString)          {              RSACryptoServiceProvider provider = new RSACryptoServiceProvider();              provider.FromXmlString(xmlPrivateKey);              byte[] rgb = Convert.FromBase64String(m_strDecryptString);              byte[] bytes = provider.Decrypt(rgb, false);              return new UnicodeEncoding().GetString(bytes);          }          /// <summary>          /// RSA加密          /// </summary>          /// <param name="xmlPublicKey"></param>          /// <param name="m_strEncryptString"></param>          /// <returns></returns>          public string RSAEncrypt(string xmlPublicKey, string m_strEncryptString)          {              RSACryptoServiceProvider provider = new RSACryptoServiceProvider();              provider.FromXmlString(xmlPublicKey);              byte[] bytes = new UnicodeEncoding().GetBytes(m_strEncryptString);              return Convert.ToBase64String(provider.Encrypt(bytes, false));          }  

  上文是一个示例程序,一个完整的证书工具类如下:

public sealed class DataCertificate      {          #region 生成证书          /// <summary>          /// 根据指定的证书名和makecert全路径生成证书(包含公钥和私钥,并保存在MY存储区)          /// </summary>          /// <param name="subjectName"></param>          /// <param name="makecertPath"></param>          /// <returns></returns>          public static bool CreateCertWithPrivateKey(string subjectName, string makecertPath)          {              subjectName = "CN=" + subjectName;              string param = " -pe -ss my -n /"" + subjectName + "/" ";              try              {                  Process p = Process.Start(makecertPath, param);                  p.WaitForExit();                  p.Close();              }              catch (Exception e)              {                  LogRecord.putErrorLog(e.ToString(), "DataCerficate.CreateCertWithPrivateKey");                  return false;              }              return true;          }          #endregion           #region 文件导入导出          /// <summary>          /// 从WINDOWS证书存储区的个人MY区找到主题为subjectName的证书,          /// 并导出为pfx文件,同时为其指定一个密码          /// 并将证书从个人区删除(如果isDelFromstor为true)          /// </summary>          /// <param name="subjectName">证书主题,不包含CN=</param>          /// <param name="pfxFileName">pfx文件名</param>          /// <param name="password">pfx文件密码</param>          /// <param name="isDelFromStore">是否从存储区删除</param>          /// <returns></returns>          public static bool ExportToPfxFile(string subjectName, string pfxFileName,              string password, bool isDelFromStore)          {              subjectName = "CN=" + subjectName;              X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);              store.Open(OpenFlags.ReadWrite);              X509Certificate2Collection storecollection = (X509Certificate2Collection)store.Certificates;              foreach (X509Certificate2 x509 in storecollection)              {                  if (x509.Subject == subjectName)                  {                      Debug.Print(string.Format("certificate name: {0}", x509.Subject));                        byte[] pfxByte = x509.Export(X509ContentType.Pfx, password);                      using (FileStream fileStream = new FileStream(pfxFileName, FileMode.Create))                      {                          // Write the data to the file, byte by byte.                          for (int i = 0; i < pfxByte.Length; i++)                              fileStream.WriteByte(pfxByte[i]);                          // Set the stream position to the beginning of the file.                          fileStream.Seek(0, SeekOrigin.Begin);                          // Read and verify the data.                          for (int i = 0; i < fileStream.Length; i++)                          {                              if (pfxByte[i] != fileStream.ReadByte())                              {                                  LogRecord.putErrorLog("Export pfx error while verify the pfx file!", "ExportToPfxFile");                                  fileStream.Close();                                  return false;                              }                          }                          fileStream.Close();                      }                      if( isDelFromStore == true)                          store.Remove(x509);                  }              }              store.Close();              store = null;              storecollection = null;              return true;          }          /// <summary>          /// 从WINDOWS证书存储区的个人MY区找到主题为subjectName的证书,          /// 并导出为CER文件(即,只含公钥的)          /// </summary>          /// <param name="subjectName"></param>          /// <param name="cerFileName"></param>          /// <returns></returns>          public static bool ExportToCerFile(string subjectName, string cerFileName)          {              subjectName = "CN=" + subjectName;              X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);              store.Open(OpenFlags.ReadWrite);              X509Certificate2Collection storecollection = (X509Certificate2Collection)store.Certificates;              foreach (X509Certificate2 x509 in storecollection)              {                  if (x509.Subject == subjectName)                  {                      Debug.Print(string.Format("certificate name: {0}", x509.Subject));                      //byte[] pfxByte = x509.Export(X509ContentType.Pfx, password);                      byte[] cerByte = x509.Export(X509ContentType.Cert);                      using (FileStream fileStream = new FileStream(cerFileName, FileMode.Create))                      {                          // Write the data to the file, byte by byte.                          for (int i = 0; i < cerByte.Length; i++)                              fileStream.WriteByte(cerByte[i]);                          // Set the stream position to the beginning of the file.                          fileStream.Seek(0, SeekOrigin.Begin);                          // Read and verify the data.                          for (int i = 0; i < fileStream.Length; i++)                          {                              if (cerByte[i] != fileStream.ReadByte())                              {                                  LogRecord.putErrorLog("Export CER error while verify the CERT file!", "ExportToCERFile");                                  fileStream.Close();                                  return false;                              }                          }                          fileStream.Close();                      }                  }              }              store.Close();              store = null;              storecollection = null;              return true;          }          #endregion           #region 从证书中获取信息          /// <summary>          /// 根据私钥证书得到证书实体,得到实体后可以根据其公钥和私钥进行加解密          /// 加解密函数使用DEncrypt的RSACryption类          /// </summary>          /// <param name="pfxFileName"></param>          /// <param name="password"></param>          /// <returns></returns>          public static X509Certificate2 GetCertificateFromPfxFile(string pfxFileName,              string password)          {              try              {                  return new X509Certificate2(pfxFileName, password, X509KeyStorageFlags.Exportable);              }              catch (Exception e)              {                  LogRecord.putErrorLog("get certificate from pfx" + pfxFileName + " error:" + e.ToString(),                      "GetCertificateFromPfxFile");                  return null;              }          }          /// <summary>          /// 到存储区获取证书          /// </summary>          /// <param name="subjectName"></param>          /// <returns></returns>          public static X509Certificate2 GetCertificateFromStore(string subjectName)          {              subjectName = "CN=" + subjectName;              X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);              store.Open(OpenFlags.ReadWrite);              X509Certificate2Collection storecollection = (X509Certificate2Collection)store.Certificates;              foreach (X509Certificate2 x509 in storecollection)              {                  if (x509.Subject == subjectName)                  {                      return x509;                  }              }              store.Close();              store = null;              storecollection = null;              return null;          }          /// <summary>          /// 根据公钥证书,返回证书实体          /// </summary>          /// <param name="cerPath"></param>          public static X509Certificate2 GetCertFromCerFile(string cerPath)          {              try              {                  return new X509Certificate2(cerPath);              }              catch (Exception e)              {                  LogRecord.putErrorLog(e.ToString(), "DataCertificate.LoadStudentPublicKey");                  return null;              }                      }          #endregion             }  

  

C#创建数字证书并导出为pfx,并使用pfx进行非对称加解密