C#asp.net CERTENROLLLib创建PKCS10

时间:2016-11-09 22:11:15

标签: c# asp.net rsa certenroll

我正在尝试创建运行上述代码示例的密钥对。我在activex中运行它。我没有问题运行本地,但是当我在我的服务器上安装它时,它运行不正常,只有当我以管理员身份运行我的IE时它才有效。

  

System.UnauthorizedAccessException的:   CertEnroll :: CX509PrivateKey :: Create:Access Denied。 0x80070005(WIN32:   5)       em CERTENROLLLib.IX509PrivateKey.Create()

有关如何在没有adm权限的情况下运行此操作的任何提示或者还有其他方法可以创建密钥对,发送给CA并将证书写入智能卡吗?

我正在关注此代码: https://blogs.msdn.microsoft.com/alejacma/2008/09/05/how-to-create-a-certificate-request-with-certenroll-and-net-c/ 

public String CreateBase64KeyPair(string CN)    
{
    string msg = string.Empty;

    try
    {
        CX509CertificateRequestPkcs10 objPkcs10 = (CX509CertificateRequestPkcs10)Activator.CreateInstance(Type.GetTypeFromProgID("X509Enrollment.CX509CertificateRequestPkcs10"));
        IX509PrivateKey objPrivateKey = (IX509PrivateKey)Activator.CreateInstance(Type.GetTypeFromProgID("X509Enrollment.CX509PrivateKey"));
        CCspInformation objCSP = (CCspInformation)Activator.CreateInstance(Type.GetTypeFromProgID("X509Enrollment.CCspInformation"));
        CCspInformations objCSPs = (CCspInformations)Activator.CreateInstance(Type.GetTypeFromProgID("X509Enrollment.CCspInformations"));
        CX500DistinguishedName objDN = (CX500DistinguishedName)Activator.CreateInstance(Type.GetTypeFromProgID("X509Enrollment.CX500DistinguishedName"));
        CX509Enrollment objEnroll = (CX509Enrollment)Activator.CreateInstance(Type.GetTypeFromProgID("X509Enrollment.CX509Enrollment"));
        CObjectIds objObjectIds = (CObjectIds)Activator.CreateInstance(Type.GetTypeFromProgID("X509Enrollment.CObjectIds"));
        CObjectId objObjectId = (CObjectId)Activator.CreateInstance(Type.GetTypeFromProgID("X509Enrollment.CObjectId"));
        CX509ExtensionKeyUsage objExtensionKeyUsage = (CX509ExtensionKeyUsage)Activator.CreateInstance(Type.GetTypeFromProgID("X509Enrollment.CX509ExtensionKeyUsage"));
        CX509ExtensionEnhancedKeyUsage objX509ExtensionEnhancedKeyUsage = (CX509ExtensionEnhancedKeyUsage)Activator.CreateInstance(Type.GetTypeFromProgID("X509Enrollment.CX509ExtensionEnhancedKeyUsage"));

        //  Initialize the csp object using the desired Cryptograhic Service Provider (CSP)
        objCSP.InitializeFromName(YPSIDCSP_NAME);

        objCSP.GetDefaultSecurityDescriptor(true);
        //  Add this CSP object to the CSP collection object
        objCSPs.Add(objCSP);

        //Provide key container name, key length and key spec to the private key object
        objPrivateKey.Length = 1024; //KEY_LEN_MY_DEFAULT
        objPrivateKey.ProviderType = X509ProviderType.XCN_PROV_RSA_FULL; //XEnroll.ProviderType=1
        objPrivateKey.KeySpec = X509KeySpec.XCN_AT_SIGNATURE; //XEnroll.KeySpec=AT_KEYEXCHANGE
        objPrivateKey.KeyUsage = X509PrivateKeyUsageFlags.XCN_NCRYPT_ALLOW_ALL_USAGES;
        objPrivateKey.ExportPolicy = X509PrivateKeyExportFlags.XCN_NCRYPT_ALLOW_EXPORT_FLAG;
        objPrivateKey.MachineContext = false;

        //  Provide the CSP collection object (in this case containing only 1 CSP object) to the private key object
        objPrivateKey.CspInformations = objCSPs;
        //  Create the actual key pair
        objPrivateKey.Create();

        //  Initialize the PKCS#10 certificate request object based on the private key.
        //  Using the context, indicate that this is a user certificate request and don’t provide a template name
        objPkcs10.InitializeFromPrivateKey(X509CertificateEnrollmentContext.ContextUser, objPrivateKey, string.Empty);

        // Key Usage Extension
        objExtensionKeyUsage.InitializeEncode(
            CERTENROLLLib.X509KeyUsageFlags.XCN_CERT_DIGITAL_SIGNATURE_KEY_USAGE |
            CERTENROLLLib.X509KeyUsageFlags.XCN_CERT_KEY_ENCIPHERMENT_KEY_USAGE |
            CERTENROLLLib.X509KeyUsageFlags.XCN_CERT_DATA_ENCIPHERMENT_KEY_USAGE |
            CERTENROLLLib.X509KeyUsageFlags.XCN_CERT_NON_REPUDIATION_KEY_USAGE
        );

        objPkcs10.X509Extensions.Add((CX509Extension)objExtensionKeyUsage);

        // Enhanced Key Usage Extension
        objObjectId.InitializeFromValue("1.3.6.1.5.5.7.3.2"); // OID for Client Authentication usage
        objObjectIds.Add(objObjectId);

        objX509ExtensionEnhancedKeyUsage.InitializeEncode(objObjectIds);

        objPkcs10.X509Extensions.Add((CX509Extension)objX509ExtensionEnhancedKeyUsage);

        //  Encode the name in using the Distinguished Name object
        objDN.Encode("CN=" + CN.Trim(), X500NameFlags.XCN_CERT_NAME_STR_NONE);

        //  Assing the subject name by using the Distinguished Name object initialized above
        objPkcs10.Subject = objDN;

        // Create enrollment request
        objEnroll.InitializeFromRequest(objPkcs10);

        return objEnroll.CreateRequest(EncodingType.XCN_CRYPT_STRING_BASE64);
    }
    catch (Exception ex)
    {
        return ex.ToString();
    }
}

0 个答案:

没有答案
相关问题
最新问题