[英]Create x509 certificate with openssl/makecert tool
I'm creating a x509 certificate using makecert with the following parameters: 我正在使用带有以下参数的makecert创建一个x509证书:
makecert -r -pe -n "CN=Client" -ss MyApp
makecert -r -pe -n“ CN = Client” -ss MyApp
I want to use this certificate to encrypt and decrypt data with RSA algoritm. 我想使用此证书通过RSA算法加密和解密数据。 I look to generated certificate in windows certificate store and everything seems ok (It has a private key, public key is a RSA key with 1024 bits and so on..)
我在Windows证书存储区中查看生成的证书,一切似乎都正常(它具有私钥,公钥是具有1024位的RSA密钥,依此类推。)
Now i use this C# code to encrypt data: 现在,我使用此C#代码加密数据:
X509Store store = new X509Store("MyApp", StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly);
X509Certificate2Collection certs = store.Certificates.Find(X509FindType.FindBySubjectName, "Client", false);
X509Certificate2 _x509 = certs[0];
using (RSACryptoServiceProvider rsa = (RSACryptoServiceProvider)_x509.PublicKey.Key)
{
byte[] dataToEncrypt = Encoding.UTF8.GetBytes("hello");
_encryptedData = rsa.Encrypt(dataToEncrypt, true);
}
When executing the Encrypt method, i receive a CryptographicException with message "Bad key". 当执行Encrypt方法时,我收到带有消息“ Bad key”的CryptographicException。
I think the code is fine. 我认为代码很好。 Probably i'm not creating the certificate properly.
可能我没有正确创建证书。 Any comments?
任何意见? Thanks
谢谢
---------------- EDIT -------------- ----------------编辑--------------
If anyone know how to create the certificate using OpenSsl, its also a valid answer for me. 如果有人知道如何使用OpenSsl创建证书,这对我也是一个有效的答案。
To allow the key to be used for encryption, you should use the -sky
-option . 要允许将密钥用于加密,应使用
-sky
-option 。 Per default ´makecert` uses the AT_SIGNATURE key specification, which will not work with encryption/decryption. 默认情况下,“ makecert”使用AT_SIGNATURE密钥规范,该规范不适用于加密/解密。 Instead have it use the AT_KEYEXCHANGE specification by issuing the following command:
而是通过发出以下命令来使用AT_KEYEXCHANGE规范:
makecert -r -pe -n "CN=Client" -ss MyApp -sky Exchange
(Remember to delete the previous key or use another container-name). (请记住删除前一个密钥或使用另一个容器名称)。
This was another page I stumbled across when I was trying to find examples of makcert usage with x509 certificates and rsa using c#, and unfortunately it only provided part of the solution. 这是我尝试使用c#查找x509证书和rsa的makcert用法示例时偶然发现的另一页,不幸的是,它仅提供了解决方案的一部分。 I put all the bits together in a blog entry that people might be interested in, and it can be found here: http://nick-howard.blogspot.com/2011/05/makecert-x509-certificates-and-rsa.html
我将所有内容汇总到了一个人们可能会感兴趣的博客条目中,可以在这里找到: http : //nick-howard.blogspot.com/2011/05/makecert-x509-certificates-and-rsa。 html
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.