[英]Importing an openssl-created self-signed cert into a X509Certificate2 (Mono): Can encrypt, can't decrypt
我在Fedora 14,MonoDevelop 2.4,Mono 2.6.7。 我這樣生成了我的自簽名證書:
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout mysitename.key -out mysitename.crt
然后我在C#中使用加密和解密。 我正在選擇.crt文件。 問題是正在創建的X509Certificate2沒有私鑰! 因此,加密操作順利進行,並解密炸彈。
我可能錯誤地運行openssl命令。 或者在創建X509Certificate2對象時是否有些微妙?
protected virtual void OnBtCertClicked (object sender, System.EventArgs e)
{
try
{
if (myCert == null)
{
myCert = new X509Certificate2(fchCert.Filename);
}
RSACryptoServiceProvider pubKey = (RSACryptoServiceProvider)myCert.PublicKey.Key;
byte[] myBlob = UTF8Encoding.Default.GetBytes(tbDisplay.Buffer.Text);
byte[] myEncryptedBlob = pubKey.Encrypt(myBlob, false);
tbDisplay.Buffer.Text = System.Convert.ToBase64String(myEncryptedBlob, Base64FormattingOptions.InsertLineBreaks);
}
catch (Exception excp)
{
tbDisplay.Buffer.Text = excp.GetType().ToString() + "\n\n" + excp.ToString();
}
}
protected virtual void OnBtCertDecClicked (object sender, System.EventArgs e)
{
try
{
if (myCert == null)
{
myCert = new X509Certificate2(fchCert.Filename);
}
if (!myCert.HasPrivateKey)
throw new CryptographicException("Certificate has no private key");
RSACryptoServiceProvider privKey = (RSACryptoServiceProvider)myCert.PrivateKey;
byte[] myEncryptedBlob = System.Convert.FromBase64String(tbDisplay.Buffer.Text);
byte[] myBlob = privKey.Decrypt(myEncryptedBlob, false);
tbDisplay.Buffer.Text = UTF8Encoding.UTF8.GetString(myBlob);
}
catch (Exception excp)
{
tbDisplay.Buffer.Text = excp.GetType().ToString() + "\n\n" + excp.ToString();
}
}
創建PKCS#12證書:
openssl pkcs12 -export -in yourcert.crt -inkey yourprivkey.key -out newcert.p12
它現在應該包含私鑰。
證書僅包含公鑰。 您使用的OpenSSL命令在文件mysitename.key中創建密鑰。 您必須單獨加載密鑰文件。 AFAIR生成的密鑰文件應包含PKCS#8格式的base64編碼RSA私鑰 - 由一些文本字符串( BEGIN / END RSA PRIVATE KEY )封裝。
生成帶有私鑰的自簽名X509Certificate2證書
[英]Generating a self-signed X509Certificate2 certificate with its private key
如何以編程方式創建有效的自簽名X509Certificate2,而不是從.NET Core中的文件加載
[英]How to create a valid, self-signed X509Certificate2 programmatically, not loading from file in .NET Core
使用RSA AES提供程序生成自簽名1024位X509Certificate2時出現問題
[英]Problems generating a self-signed 1024-bit X509Certificate2 using the RSA AES provider
從自簽名證書生成X.509 SubjectPublicKeyInfo / OpenSSL PEM公鑰
[英]Generate X.509 SubjectPublicKeyInfo/OpenSSL PEM public key from self-signed certificate
無法使用xml(X509Certificate2)中提供的證書公用密鑰來驗證簽名值
[英]Can't validate signature value using certificate public key provided in an xml (X509Certificate2)
為什么自簽名 PFX X509Certificate2 私鑰會引發 NotSupportedException?
[英]Why does self signed PFX X509Certificate2 private key raise a NotSupportedException?
如何將 BouncyCastle X509Certificate 轉換為 X509Certificate2?
[英]How can I convert a BouncyCastle X509Certificate to an X509Certificate2?
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.