C#创建数字证书并导出为pfx,并使用pfx进行非对称加解密

摘自: http://blog.csdn.net/yezheng5419/article/details/4263914

我的项目当中,考虑到安全性,需要为每个客户端分发一个数字证书,同时使用数字证书中的公私钥来进行数据的加解密。为了完成这个安全模块,特写了如下一个DEMO程序,该DEMO程序包含的功能有:

1:调用.NET2.0的MAKECERT创建含有私钥的数字证书,并存储到个人证书区;

2:将该证书导出为pfx文件,并为其指定一个用来打开pfx文件的password;

3:读取pfx文件,导出pfx中公钥和私钥;

4:用pfx证书中的公钥进行数据的加密,用私钥进行数据的解密;

代码如下:

[c-sharp] view plain copy print ?
  1. view plaincopy to clipboardprint? 
  2. /// <summary>     
  3.         /// 将证书从证书存储区导出,并存储为pfx文件,同时为pfx文件指定打开的密码     
  4.         /// 本函数同时也演示如何用公钥进行加密,私钥进行解密     
  5.         /// </summary>     
  6.         /// <param name="sender"></param>     
  7.         /// <param name="e"></param>     
  8.         privatevoid btn_toPfxFile_Click(object sender, EventArgs e)    
  9.         {    
  10.             X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);    
  11.             store.Open(OpenFlags.ReadWrite);    
  12.             X509Certificate2Collection storecollection = (X509Certificate2Collection)store.Certificates;    
  13.             foreach (X509Certificate2 x509 in storecollection)    
  14.             {    
  15.                 if (x509.Subject == "CN=luminji")    
  16.                 {    
  17.                     Debug.Print(string.Format("certificate name: {0}", x509.Subject));    
  18.                     byte[] pfxByte = x509.Export(X509ContentType.Pfx, "123");    
  19.                     using (FileStream  fileStream = new FileStream("luminji.pfx", FileMode.Create))    
  20.                     {    
  21.                         // Write the data to the file, byte by byte.     
  22.                         for (int i = 0; i < pfxByte.Length; i++)    
  23.                             fileStream.WriteByte(pfxByte[i]);    
  24.                         // Set the stream position to the beginning of the file.     
  25.                         fileStream.Seek(0, SeekOrigin.Begin);    
  26.                         // Read and verify the data.     
  27.                         for (int i = 0; i < fileStream.Length; i++)    
  28.                         {    
  29.                             if (pfxByte[i] != fileStream.ReadByte())    
  30.                             {    
  31.                                 Debug.Print("Error writing data.");    
  32.                                 return;    
  33.                             }    
  34.                         }    
  35.                         fileStream.Close();    
  36.                         Debug.Print("The data was written to {0} " +    
  37.                             "and verified.", fileStream.Name);    
  38.                     }    
  39.                     string myname = "my name is luminji! and i love huzhonghua!";    
  40.                     string enStr = this.RSAEncrypt(x509.PublicKey.Key.ToXmlString(false), myname);    
  41.                     MessageBox.Show("密文是:" + enStr);    
  42.                     string deStr = this.RSADecrypt(x509.PrivateKey.ToXmlString(true), enStr);    
  43.                     MessageBox.Show("明文是:" + deStr);    
  44.                 }    
  45.             }    
  46.             store.Close();    
  47.             store = null;    
  48.             storecollection = null;    
  49.         }    
  50.    
  51.         /// <summary>     
  52.         /// 创建还有私钥的证书     
  53.         /// </summary>     
  54.         /// <param name="sender"></param>     
  55.         /// <param name="e"></param>     
  56.         privatevoid btn_createPfx_Click(object sender, EventArgs e)    
  57.         {    
  58.             string MakeCert = "C://Program Files//Microsoft Visual Studio 8//SDK//v2.0//Bin//makecert.exe";    
  59.             string x509Name = "CN=luminji";    
  60.             string param = " -pe -ss my -n /"" + x509Name + "/" " ;    
  61.             Process p = Process.Start(MakeCert, param);    
  62.             p.WaitForExit();    
  63.             p.Close();    
  64.             MessageBox.Show("over");    
  65.         }    
  66.    
  67.         /// <summary>     
  68.         /// 从pfx文件读取证书信息     
  69.         /// </summary>     
  70.         /// <param name="sender"></param>     
  71.         /// <param name="e"></param>     
  72.         privatevoid btn_readFromPfxFile(object sender, EventArgs e)    
  73.         {    
  74.             X509Certificate2 pc = new X509Certificate2("luminji.pfx", "123");    
  75.             MessageBox.Show("name:" + pc.SubjectName.Name);    
  76.             MessageBox.Show("public:" + pc.PublicKey.ToString());    
  77.             MessageBox.Show("private:" + pc.PrivateKey.ToString());    
  78.             pc = null;    
  79.         }    
  80.    
  81.         /// <summary>     
  82.         /// RSA解密     
  83.         /// </summary>     
  84.         /// <param name="xmlPrivateKey"></param>     
  85.         /// <param name="m_strDecryptString"></param>     
  86.         /// <returns></returns>     
  87.         publicstring RSADecrypt(string xmlPrivateKey, string m_strDecryptString)    
  88.         {    
  89.             RSACryptoServiceProvider provider = new RSACryptoServiceProvider();    
  90.             provider.FromXmlString(xmlPrivateKey);    
  91.             byte[] rgb = Convert.FromBase64String(m_strDecryptString);    
  92.             byte[] bytes = provider.Decrypt(rgb, false);    
  93.             returnnew UnicodeEncoding().GetString(bytes);    
  94.         }    
  95.         /// <summary>     
  96.         /// RSA加密     
  97.         /// </summary>     
  98.         /// <param name="xmlPublicKey"></param>     
  99.         /// <param name="m_strEncryptString"></param>     
  100.         /// <returns></returns>     
  101.         publicstring RSAEncrypt(string xmlPublicKey, string m_strEncryptString)    
  102.         {    
  103.             RSACryptoServiceProvider provider = new RSACryptoServiceProvider();    
  104.             provider.FromXmlString(xmlPublicKey);    
  105.             byte[] bytes = new UnicodeEncoding().GetBytes(m_strEncryptString);    
  106.             return Convert.ToBase64String(provider.Encrypt(bytes, false));    
  107.         }   

你可能感兴趣的:(数字证书)