我有一个签名算法为sha256RSA的证书,但是当证书加载到X509Certificate2对象时,公钥签名算法为http://www.w3.org/2000/09/xmldsig#rsa-sha1但我希望它是http://www.w3.org/2001/04/xmldsig-more#rsa-sha256。下面是我如何获取证书并查看签名算法的快速示例。这是一个问题的原因是Web服务增强(WSE)使用此值映射到CryptoConfig以查找SignatureFormatter。如果不加载rsa-sha256格式化程序,我们将无法支持SHA256签名。在这一点上,从WSE转移到类似WCF的东西并不是我们真正的选择。我想知道是否可能与不使用增强型CSP有关,但不知道如何强迫它。非常感谢任何帮助/想法。
private void button1_Click(object sender, EventArgs e)
{
textBox1.Text = String.Empty;
List<X509Certificate2> certs = LoadX509Certificates();
foreach (X509Certificate2 cert in certs)
{
textBox1.Text += cert.PublicKey.Key.SignatureAlgorithm + "\r\n";
}
}
public List<X509Certificate2> LoadX509Certificates()
{
List<X509Certificate2> certificateList = null;
// copied implementation from X509TokenProvider but don't throw on more than on certificate
X509Certificate2Collection certificateCollection = null;
X509Store x509Store = new X509Store("My",
StoreLocation.LocalMachine);
try
{
x509Store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
certificateCollection = x509Store.Certificates.Find(X509FindType.FindByThumbprint,
"93 f4 3a cd b2 6c 79 74 1c 55 4f d1 43 94 37 30 98 82 48 74", false);
if (certificateCollection.Count < 1)
{
throw new ArgumentException(
string.Format("No certificate found"));
}
foreach (X509Certificate2 cert in certificateCollection)
{
if (cert.HasPrivateKey)
{
var tempKey = cert.PrivateKey;
}
}
certificateList = certificateCollection.Cast<X509Certificate2>().ToList();
}
finally
{
if (certificateCollection != null)
{
foreach (X509Certificate2 x509Certificate2 in x509Store.Certificates)
{
if (!certificateCollection.Contains(x509Certificate2))
{
x509Certificate2.Reset();
}
}
}
x509Store.Close();
}
return (certificateList);
}
OpenSSL的证书详细信息
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2a:ac:6c:cc:22:6e:cb:97:4f:2a:4a:91:42:00:74:b4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=\x00_\x00R\x00o\x00o\x00t\x00 \x00C\x00A\x00 \x00T\x00e\x00s\x00t\x00_\x002\x005\x006\x00.\x00e\x00t\x00.\x00l\x00o\x00c\x00a\x00l
Validity
Not Before: Feb 9 14:21:51 2015 GMT
Not After : Dec 31 23:59:59 2039 GMT
Subject: CN=\x00C\x00l\x00i\x00e\x00n\x00t\x00_\x00T\x00e\x00s\x00t\x00_\x002\x005\x006\x00.\x00e\x00t\x00.\x00l\x00o\x00c\x00a\x00l
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:af:77:1c:64:3a:ea:0b:72:df:e7:6d:c0:f6:74:
df:21:9c:e4:98:07:4c:b5:d9:7d:a3:96:88:a8:eb:
fd:bf:d6:8c:71:ac:3d:38:c2:42:b4:1d:83:18:d7:
2b:80:a2:06:3d:74:99:64:fe:a8:47:52:0e:d1:a2:
ff:8a:5d:af:a3:a9:4e:27:3e:2c:30:48:68:22:76:
ea:9a:e3:0f:d5:fa:e9:5c:35:f9:d2:dd:28:55:40:
ec:52:86:b9:c0:f9:30:c6:2d:94:0a:3b:7a:0f:00:
25:c9:eb:04:6c:85:d6:3e:6b:14:7e:a4:aa:8e:1b:
90:72:c0:76:91:f6:7b:e6:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:FALSE
2.5.29.1:
0g....b....O"....o.q.A0?1=0;..U...4._.R.o.o.t. .C.A. .T.e.s.t._.2.5.6...e.t...l.o.c.a.l......B.L.@......p
Signature Algorithm: sha256WithRSAEncryption
22:16:ad:44:69:27:67:93:0d:e7:43:4a:53:ee:58:ec:b1:56:
08:b2:49:fe:0d:3d:53:83:71:01:12:a7:0b:f5:d6:47:1c:5d:
f2:00:9b:61:0f:17:13:aa:24:0e:f4:db:97:85:da:47:e8:4c:
39:7a:52:ee:4b:ac:8c:f5:25:33:9f:aa:33:53:c5:8d:b3:c6:
27:e4:92:b3:b8:d2:aa:a9:b4:f0:8a:83:89:34:35:65:b2:69:
d0:4c:c1:48:f0:ea:01:a2:aa:80:d6:fb:f6:09:02:ff:00:10:
19:94:ad:20:f0:92:27:6b:6c:75:72:c4:04:a1:40:4b:16:60:
84:fe
答案 0 :(得分:3)
您对属性名称感到困惑。
sha256RSA是证书签名算法,根本不与嵌入式公钥相关。 SignatureAlgorithm是X509Certificate2对象的一部分,而不是公钥。您在RSACryptoServiceProvider.SignatureAlgorithm属性中看到的是RSA算法的特定实现中的默认签名算法。根据文档,它始终设置为http://www.w3.org/2000/09/xmldsig#rsa-sha1