尝试使用Bouncycastle .net创建私钥和证书请求

时间:2014-04-05 12:16:09

标签: .net vb.net encryption openssl bouncycastle

我正在尝试为我公司的人员创建一个工具,以便轻松创建私钥和证书请求,我可以使用我们的内部CA签名。创建证书请求并对其进行签名很有效(在CentOS服务器上使用easy-rsa和Openssl)。但是在测试创建的密钥时,OpenSSL无法加载密钥......

我正在使用BouncyCastle和VB.Net以及此代码:

Private Sub cmdGenerate_Click(sender As Object, e As EventArgs) Handles cmdGenerate.Click
    Dim c = Me.Cursor
    Me.Cursor = Cursors.WaitCursor
    Dim rsa As New Crypto.Generators.RsaKeyPairGenerator()
    rsa.Init(New Crypto.KeyGenerationParameters(New Security.SecureRandom, 2048))
    Dim keyPair = rsa.GenerateKeyPair
    Dim Name As String = "Richard"
    Dim Folder As String = "C:"
    Dim filename_csr = Folder & "\" & Name & ".csr"
    Dim filename_key = Folder & "\" & Name & ".key"

    'CSR Request
    Dim x509Navn As New Asn1.X509.X509Name("CN=" & txtNavn.Text)
    Dim csr = New Pkcs.Pkcs10CertificationRequest("SHA1WITHRSA", x509Navn, keyPair.Public, Nothing, keyPair.Private)

    Dim IO As New FileStream(filename_csr, FileMode.Create, FileAccess.Write)
    Dim pemWr As New PemWriter(New StreamWriter(IO))
    Dim pemObj As New Utilities.IO.Pem.PemObject("CERTIFICATE REQUEST", csr.GetEncoded())
    pemWr.WriteObject(pemObj)
    pemWr.Writer.Close()

    'Private key
    IO = New FileStream(filename_key, FileMode.Create, FileAccess.Write)
    pemWr = New PemWriter(New StreamWriter(IO))
    Dim priv As Parameters.RsaPrivateCrtKeyParameters = keyPair.Private
    Dim pStruct As RsaPublicKeyStructure = New RsaPublicKeyStructure(priv.Modulus, priv.Exponent)
    pStruct.ToAsn1Object().GetDerEncoded()
    pemObj = New Utilities.IO.Pem.PemObject("PRIVATE KEY", pStruct.ToAsn1Object().GetDerEncoded())
    pemWr.WriteObject(pemObj)
    pemWr.Writer.Close()

    'Show the files
    Process.Start("explorer.exe", "/select," & filename_csr)

    Me.Cursor = c
End Sub

使用这些导入:

Imports Org.BouncyCastle
Imports Org.BouncyCastle.Pkcs
Imports Org.BouncyCastle.Asn1.Pkcs
Imports Org.BouncyCastle.Asn1.X509
Imports Org.BouncyCastle.X509
Imports Org.BouncyCastle.Crypto
Imports Org.BouncyCastle.Security
Imports Org.BouncyCastle.OpenSsl
Imports System.Text
Imports System.IO

我注意到,与使用easy-rsa / openssl创建的密钥相比,私钥看起来很小 这是一个示例privatekey / csr

-----BEGIN CERTIFICATE REQUEST-----
MIICWzCCAUMCAQAwGDEWMBQGA1UEAwwNU3RhY2tPdmVyZmxvdzCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBAIcgrpqVckegSCm+V6qY1O4sfdmPEn5MXgxe
nenBIH7pkBTB5EMOZtEC9p5XdSoCVU2F4g64mn43jcHzP+nucqFLICy9hn+CABvT
n5+wj2anHt0RZaxpuDtrFVzXQyXJ2UcxV8xzMHrqOUtwoMAvNS001K0PRra1e8Nu
5lQV2mj9/VfnY6wCsKj8iRDpK0m+R5Wv7IO0TVzPcwHWNFiWl21AV9ForRIHSiSQ
rRSZjCIkIchKsjmXgD3y869bAOG7M66Oix+CDN1Zd0sH7bUqzUbrpTP0wtmGZlJV
ir2YLqTy6gAIJtu7BfLfmnEEd3n9/YH/WGGBEaHGZj584aEADaUCAwEAATANBgkq
hkiG9w0BAQUFAAOCAQEAJS0k1pCC7gd2hBcswhidoSBldY8JWpYcC8rZeyAjX7mc
fVuPbVBXBabtsUyhbol8eyo5RNJAdzcBNAXEZIyVYePy1UAAJqOjyBFlCk7sL7Gr
dXEiJa/hS7+AS8YvwnFKDw1wQ+CEQLFyLed5OgnFYqmzARwcR15rf2CVsoEjhNJW
h0siG4Un2mfLqePgayLErtOH7RsdD+skUaPbcscrTsHOqqo1OUdURL+iR6kTUC7B
pQSchDysYijgMHsv9dtwzBUnqYmOLUSnXQmafDzQ0wylvqY9gzgJhMZFj9rDPU4Z
druRu/cc/nkKZdweHBMZtzFdr3PmHpJOCL4iF0Tpmg==
-----END CERTIFICATE REQUEST-----

私钥:

-----BEGIN PRIVATE KEY-----
MIICCQKCAQEAhyCumpVyR6BIKb5XqpjU7ix92Y8SfkxeDF6d6cEgfumQFMHkQw5m
0QL2nld1KgJVTYXiDriafjeNwfM/6e5yoUsgLL2Gf4IAG9Ofn7CPZqce3RFlrGm4
O2sVXNdDJcnZRzFXzHMweuo5S3CgwC81LTTUrQ9GtrV7w27mVBXaaP39V+djrAKw
qPyJEOkrSb5Hla/sg7RNXM9zAdY0WJaXbUBX0WitEgdKJJCtFJmMIiQhyEqyOZeA
PfLzr1sA4bszro6LH4IM3Vl3SwfttSrNRuulM/TC2YZmUlWKvZgupPLqAAgm27sF
8t+acQR3ef39gf9YYYERocZmPnzhoQANpQKCAQBeXFcxgaz1EZty8wV7DxCaZZ1Y
gI10ftWqI6R4aLHNjkJcDG3e2b64tC4NspsRw+FXqmeKyiSwgRDP4JLARA/uTGzi
cVLr1ZdH10b/l6b8EzX9QDnU5VqOu5+GXpf4WnUNPwrFraasHsX1xWer7QtgTyU4
2JMT4bXUaqwTCdOkPryFzT2mhF3SSJiYw5n0K03fmX1eQf587r0TAPgtPIM/Nd6f
MCPzoqWlc2ey4zZny631D9/hUpSZqC3vkPXe+8nQgVnwB+LG/UGARp3k1X6WNzHp
puU1ARRxScce9THCx0JNndsvFIWF+px7+vfwytdHTgbdyiF3vJTwRES2lzaB
-----END PRIVATE KEY-----

OpenSSL在尝试解密文件时返回的错误消息是:

# openssl smime -decrypt -binary -in test.txt.enc -out test.txt -aes256 -recip stackoverflow.crt -inkey stackoverflow.key
unable to load signing key file
139728669665096:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1319:
139728669665096:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:381:Type=X509_ALGOR
139728669665096:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:751:Field=pkeyalg, Type=PKCS8_PRIV_KEY_INFO
139728669665096:error:0907B00D:PEM routines:PEM_READ_BIO_PRIVATEKEY:ASN1 lib:pem_pkey.c:132:

加密文件时的命令:

# openssl smime -encrypt -binary -in test.txt -out test.txt.enc -aes256 stackoverflow.crt

最诚挚的问候, 理查德哈根

1 个答案:

答案 0 :(得分:1)

我用Pkcs8Generator.Generate()解决了这个问题,而不是创建我自己的PemObject,就像一个魅力! :d

    'Private key
    Dim pkcs8 As New OpenSsl.Pkcs8Generator(keyPair.Private)
    IO = New FileStream(filename_key, FileMode.Create, FileAccess.Write)
    pemWr = New PemWriter(New StreamWriter(IO))
    pemWr.WriteObject(pkcs8.Generate())
    pemWr.Writer.Close()