.net 证书的使用

下载OpenSSL

下载地址：https://sourceforge.net/projects/openssl/files/latest/download

创建SSL证书

-- 创建密钥（jieke.key）和公钥证书（jieke.crt）
openssl req -newkey rsa:2048 -nodes -keyout jieke.key -x509 -days 365 -out jieke.crt -subj "/C=CN/ST=JiangXi/L=NanChang/O=kf/OU=sf/CN=*.baidu.com/[email protected]"

-- 使用密钥和公钥证书创建带有公钥和私钥的证书（jieke.pfx）
openssl pkcs12 -export -out jieke.pfx -inkey jieke.key -in jieke.crt
-- 该命令会要求输入密码

部分命令参数解释如下：

• days 证书有效天数
• subj 证书签名内容

创建.net控制台程序

将上一步骤生成的公钥证书即带有公钥和私钥的证书拷贝到项目的Certificates目录下，并设置始终复制

加密解密及签名验签的测试代码如下：

using System;
using System.IO;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using System.Text;

class Program
{
        static void Main(string[] args)
        {
            TestForEncryptAndEncrypt();
            TestForSignDataAndVerificationSignature();
        }

        // 公钥加密、私钥解密
        static void TestForEncryptAndEncrypt()
        {
            string plainText = Guid.NewGuid().ToString();
            string encryptedText = string.Empty;
            {
                string certificatePath = Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "Certificates", "jieke.crt");
                string certificatePwd = "";
                X509Certificate2 x509Certificate2 = new X509Certificate2(certificatePath, certificatePwd, X509KeyStorageFlags.MachineKeySet);
                encryptedText = Encrypt(plainText, x509Certificate2);
            }

            string decryptedText = string.Empty;
            {
                string certificatePath = Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "Certificates", "jieke.pfx");
                string certificatePwd = "123456";
                X509Certificate2 x509Certificate2 = new X509Certificate2(certificatePath, certificatePwd, X509KeyStorageFlags.MachineKeySet);
                decryptedText = Decrypt(encryptedText, x509Certificate2);
            }
        }

        // 加密
        static string Encrypt(string plainText, X509Certificate2 cert)
        {
            RSACryptoServiceProvider publicKey = (RSACryptoServiceProvider)cert.PublicKey.Key;
            byte[] plainBytes = Encoding.UTF8.GetBytes(plainText);
            byte[] encryptedBytes = publicKey.Encrypt(plainBytes, false);
            string encryptedText = Convert.ToBase64String(encryptedBytes);
            return encryptedText;
        }

         // 解密
        static string Decrypt(string encryptedText, X509Certificate2 cert)
        {
            RSACryptoServiceProvider privateKey = (RSACryptoServiceProvider)cert.PrivateKey;
            byte[] encryptedBytes = Convert.FromBase64String(encryptedText);
            byte[] decryptedBytes = privateKey.Decrypt(encryptedBytes, false);
            string decryptedText = Encoding.UTF8.GetString(decryptedBytes);
            return decryptedText;
        }

        // 私钥签名、公钥验签
        static void TestForSignDataAndVerificationSignature()
        {
            string plainText = Guid.NewGuid().ToString();
            string signatureString = string.Empty;
            {
                string certificatePath = Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "Certificates", "jieke.pfx");
                string certificatePwd = "123456";
                X509Certificate2 x509Certificate2 = new X509Certificate2(certificatePath, certificatePwd, X509KeyStorageFlags.MachineKeySet);

                signatureString = SignData(x509Certificate2, plainText);
            }

            {
                string certificatePath = Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "Certificates", "jieke.crt");
                string certificatePwd = "123456";
                X509Certificate2 x509Certificate2 = new X509Certificate2(certificatePath, certificatePwd, X509KeyStorageFlags.MachineKeySet);

                bool vefified = VerificationSignature(x509Certificate2, plainText, signatureString);
                Console.WriteLine(vefified);
            }
        }

        // 验证签名
        static bool VerificationSignature(X509Certificate2 cert, string data, string signatureString)
        {
            byte[] dataBuffer = Encoding.UTF8.GetBytes(data);
            byte[] signatureBuffer = Convert.FromBase64String(signatureString);
            return (cert.PublicKey.Key as RSACryptoServiceProvider).VerifyData(dataBuffer, new SHA1CryptoServiceProvider(), signatureBuffer);
        }

        // 生成签名
        static string SignData(X509Certificate2 cert, string data)
        {
            if (cert.HasPrivateKey == false) return null;
            byte[] dataBuffer = Encoding.UTF8.GetBytes(data);
            byte[] signatureBuffer = (cert.PrivateKey as RSACryptoServiceProvider).SignData(dataBuffer, new SHA1CryptoServiceProvider());
            return Convert.ToBase64String(signatureBuffer);
        }
}