堆栈内存溢出
  简体   繁体   English

使用.NET Standard 2.0生成自签名X509Certificate2

[英]Generate self-signed X509Certificate2 using .NET Standard 2.0

 原文  2018-08-04 10:57:20       .net/ x509/ x509certificate2/ .net-standard-2.0

问题描述

I am trying to generate new X509Certificate2 in .NET Standard 2.0 library, but I can't find any possible way of doing that. 我正在尝试在.NET Standard 2.0库中生成新的X509Certificate2 ,但找不到任何可行的方法。 I don't mind using NuGet packages unless they break portability. 我不介意使用NuGet软件包,除非它们破坏了可移植性。

Thanks. 谢谢。

1 个解决方案

解决方案1
 1 已采纳  2018-08-04 16:41:20

I have installed Portable.BouncyCastle 1.8.2 from NuGet, which is compatible with .net Standard >= 1.6.1 . 我已经从NuGet安装了Portable.BouncyCastle 1.8.2 ,它与.net Standard >= 1.6.1兼容。 With the library this solution works: https://stackoverflow.com/a/22237794/2976142 使用该库,此解决方案有效: https : //stackoverflow.com/a/22237794/2976142

Edit 编辑

I've found out, that X509Certificate2.PrivateKey isn't supported in .NET Standard 2.0. 我发现,.NET Standard 2.0不支持X509Certificate2.PrivateKey So I made my own solution with those libraries. 因此,我使用这些库制定了自己的解决方案。 (Just merge of these 2, if you wanted to understand it.): (如果您想了解这两个,只需合并即可。):

The solution 解决方案 

using System;
using System.Collections.Generic;
using System.IO;
using System.Net;
using System.Security.Cryptography.X509Certificates;
using System.Text;
using Org.BouncyCastle.Asn1;
using Org.BouncyCastle.Asn1.Pkcs;
using Org.BouncyCastle.Asn1.X509;
using Org.BouncyCastle.Crypto;
using Org.BouncyCastle.Crypto.Generators;
using Org.BouncyCastle.Crypto.Parameters;
using Org.BouncyCastle.Crypto.Prng;
using Org.BouncyCastle.Math;
using Org.BouncyCastle.OpenSsl;
using Org.BouncyCastle.Pkcs;
using Org.BouncyCastle.Security;
using Org.BouncyCastle.Utilities;
using Org.BouncyCastle.X509;

namespace Premy.Chatovatko.Client.Cryptography
{
    public static class X509Certificate2Generator
    {

        public static X509Certificate2 GenerateCACertificate(string subjectName = "CN=root ca", int keyStrength = 4096)
        {
            // Generating Random Numbers
            var randomGenerator = new CryptoApiRandomGenerator();
            var random = new SecureRandom(randomGenerator);

            // The Certificate Generator
            var certificateGenerator = new X509V3CertificateGenerator();

            // Serial Number
            var serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(Int64.MaxValue), random);
            certificateGenerator.SetSerialNumber(serialNumber);

            // Signature Algorithm
            const string signatureAlgorithm = "SHA256WithRSA";
            certificateGenerator.SetSignatureAlgorithm(signatureAlgorithm);

            // Issuer and Subject Name
            var subjectDN = new X509Name(subjectName);
            var issuerDN = subjectDN;
            certificateGenerator.SetIssuerDN(issuerDN);
            certificateGenerator.SetSubjectDN(subjectDN);

            // Valid For
            var notBefore = DateTime.UtcNow.Date;
            var notAfter = notBefore.AddYears(20);

            certificateGenerator.SetNotBefore(notBefore);
            certificateGenerator.SetNotAfter(notAfter);

            // Subject Public Key
            AsymmetricCipherKeyPair subjectKeyPair;
            var keyGenerationParameters = new KeyGenerationParameters(random, keyStrength);
            var keyPairGenerator = new RsaKeyPairGenerator();
            keyPairGenerator.Init(keyGenerationParameters);
            subjectKeyPair = keyPairGenerator.GenerateKeyPair();

            certificateGenerator.SetPublicKey(subjectKeyPair.Public);

            // Generating the Certificate
            var issuerKeyPair = subjectKeyPair;

            // selfsign certificate
            var certificate = certificateGenerator.Generate(issuerKeyPair.Private, random);

            // in-memory PFX stream
            var pkcs12Store = new Pkcs12Store();
            var certEntry = new X509CertificateEntry(certificate);
            pkcs12Store.SetCertificateEntry(subjectName, certEntry);
            pkcs12Store.SetKeyEntry(subjectName, new AsymmetricKeyEntry(subjectKeyPair.Private), new[] { certEntry });
            X509Certificate2 keyedCert;
            using (MemoryStream pfxStream = new MemoryStream())
            {
                pkcs12Store.Save(pfxStream, new char[0], new SecureRandom());
                pfxStream.Seek(0, SeekOrigin.Begin);
                keyedCert = new X509Certificate2(pfxStream.ToArray(), string.Empty, X509KeyStorageFlags.Exportable);
            }

            return keyedCert;

        }

    }
}

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用RSA AES提供程序生成自签名1024位X509Certificate2时出现问题 - Problems generating a self-signed 1024-bit X509Certificate2 using the RSA AES provider 生成带有私钥的自签名X509Certificate2证书 - Generating a self-signed X509Certificate2 certificate with its private key 如何使用X509Certificate或其他.NET类获取自签名证书的签名? - How to get the Signature of a Self-Signed Certificate using X509Certificate or other .NET Class? 以编程方式生成X.509(非自签名)客户端证书 - Generate X.509 (non self signed) Client Certificate Programmatically .net的自签名X509证书验证 - Self Signed X509Certificate verification with .net 即时生成自签名证书 - Generate a self-signed certificate on the fly 我尝试使用 dot-net 生成 X509Certificate2 密钥对,但缺少私钥 - I try to generate a X509Certificate2 key pair with dot-net but private key is missing 使用X509Certificate2验证证书密码 - Validate certificate password using X509Certificate2 使用HttpClient信任自签名证书 - Trusting Self-Signed Certificate using HttpClient 使用X509Certificate2和ECC公钥加载证书 - Load a Certificate Using X509Certificate2 with ECC Public Key
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM