我正在编写一个VB.net应用程序来与AWS(亚马逊网络服务)进行通信没问题。但我需要一个PFX文件作为证书。我确实找到了使用以下Open SSL命令创建PFX的说明:
openssl pkcs12 -export -out YOURPFXFILE.pfx -inkey ***** - private.pem.key -in ***** - certificate.pem.crt
如果我在我的应用程序中使用该文件,那么每件事都有效。
我决定尝试以编程方式创建PFX。我尝试使用以下代码执行此操作:
Try
Dim certificate As New X509Certificate2("6469d8cccd-certificate.pem.crt")
Dim certificateData As Byte() = certificate.Export(X509ContentType.Pfx, "MyPassword")
File.WriteAllBytes("MyCert.pfx", certificateData)
Catch ex As Exception
MessageBox.Show(ex.Message)
End Try
这创建了PFX文件但如果我使用它会失败。
我的问题是,我是否希望该文件不起作用,因为我使用的是System.Security.Cryptography.X509Certificates而不是Open SSL?
或者我的代码不正确?如果是这样,任何人都可以指出我正确的方向。
谢谢,
保
答案 0 :(得分:0)
我知道这并不是问的确切内容,但这是一个使用VB.NET将PFX转换为PEM的库。可以观察代码并学习如何使用libeay32 OpenSSL API进行反向操作,以供细心的程序员使用。
因此,您可以使用与下面的代码类似的功能来创建PFX,并且以下事实与PKCS12_parse()相反,d2i_PKCS12()将pkcs12或pfx格式转换为pem或der格式,{{1} }将pem转换为pfx。
#include <openssl/pkcs12.h>
PKCS12 *
d2i_PKCS12(PKCS12 **val_out, const unsigned char **der_in, long length);
'''Return Type: int, 0 = success or 1 = failure
'''PFXinfile: String
'''password: String
'''PEMoutfile: String
Public Shared Function PFXtoPEM(ByVal PFXinfile As String, ByVal password As String, ByVal PEMoutfile As String) As Integer
Dim fp As IntPtr
Dim p12 As IntPtr
Dim cert As X509
Dim ca As stack_st_X509
Dim StdErr As IntPtr
Const errbufSize = 8192
Dim errBuf As IntPtr
Dim GCHpkey As GCHandle = GCHandle.Alloc(New IntPtr, GCHandleType.Pinned)
Dim GCHcert As GCHandle = GCHandle.Alloc(New IntPtr, GCHandleType.Pinned)
Dim GCHca As GCHandle = GCHandle.Alloc(New IntPtr, GCHandleType.Pinned)
Dim pPkey As IntPtr = GCHpkey.AddrOfPinnedObject
Dim pCert As IntPtr = GCHcert.AddrOfPinnedObject
Dim pCa As IntPtr = GCHca.AddrOfPinnedObject
fp = fopen(PFXinfile, "rb")
If fp.Equals(IntPtr.Zero) Then
MessageBox.Show(String.Concat("Error opening file: ", PFXinfile), "Error Converting PFX to PEM", MessageBoxButtons.OK, MessageBoxIcon.Exclamation)
Return 1
End If
ERR_load_crypto_strings()
StdErr = freopen("NUL", "a", IntPtr.op_Explicit(__iob_func.ToInt64() + (Marshal.SizeOf(New FILEp) * 2)))
errBuf = Marshal.AllocHGlobal(errbufSize)
memset(errBuf, Asc(vbNullChar), errbufSize)
setvbuf(StdErr, errBuf, _IOFBF, errbufSize)
OPENSSL_add_all_algorithms_noconf()
Try
p12 = d2i_PKCS12_fp(fp, IntPtr.Zero)
If p12.Equals(IntPtr.Zero) Then Throw New SEHException("d2i_PKCS12_fp didn't throw but also didn't succeed")
Catch ex As SEHException
ERR_print_errors_fp(StdErr)
MessageBox.Show(String.Concat("Error reading PKCS#12 file. " & vbNewLine, Marshal.PtrToStringAnsi(errBuf)), "Error Converting PFX to PEM", MessageBoxButtons.OK, MessageBoxIcon.Exclamation)
Return 1
End Try
fclose(fp)
Try
PKCS12_parse(p12, password, pPkey, pCert, pCa)
If IntPtr.op_Explicit(Marshal.ReadInt32(pPkey)).Equals(IntPtr.Zero) Then Throw New SEHException("PKCS12_parse didn't throw but also didn't succeed")
Catch ex As Exception
ERR_print_errors_fp(StdErr)
MessageBox.Show(String.Concat("Error parsing PKCS#12 file, check pfx password. " & vbNewLine, Marshal.PtrToStringAnsi(errBuf)), "Error Converting PFX to PEM", MessageBoxButtons.OK, MessageBoxIcon.Exclamation)
Return 1
End Try
PKCS12_free(p12)
fp = fopen(PEMoutfile, "w")
If fp.Equals(IntPtr.Zero) Then
MessageBox.Show(String.Concat("Error opening file: ", PEMoutfile), "Error Converting PFX to PEM", MessageBoxButtons.OK, MessageBoxIcon.Exclamation)
Return 1
End If
If Not IntPtr.op_Explicit(Marshal.ReadInt32(pPkey)).Equals(IntPtr.Zero) Then
fprintf(fp, "****Private Key****" & vbNewLine)
PEM_write_PrivateKey(fp, IntPtr.op_Explicit(Marshal.ReadInt32(pPkey)), Nothing, Nothing, Nothing, Nothing, Nothing)
End If
If Not IntPtr.op_Explicit(Marshal.ReadInt32(pCert)).Equals(IntPtr.Zero) Then
fprintf(fp, "***User Certificate***" & vbNewLine)
fprintf(fp, "subject=")
fprintf(fp, X509_NAME_oneline(IntPtr.op_Explicit(Marshal.ReadInt32(IntPtr.op_Explicit(Marshal.ReadInt32(Marshal.ReadInt32(pCert)) + 20))), 0, 0))
fprintf(fp, vbNewLine & "issuer=")
fprintf(fp, X509_NAME_oneline(IntPtr.op_Explicit(Marshal.ReadInt32(IntPtr.op_Explicit(Marshal.ReadInt32(Marshal.ReadInt32(pCert)) + 12))), 0, 0))
fprintf(fp, vbNewLine)
PEM_write_X509_AUX(fp, IntPtr.op_Explicit((Marshal.ReadInt32(pCert))))
End If
If Not IntPtr.op_Explicit(Marshal.ReadInt32(pCert)).Equals(IntPtr.Zero) Then
ca = Marshal.PtrToStructure(IntPtr.op_Explicit(Marshal.ReadInt32(pCa)), GetType(stack_st_X509))
fprintf(fp, "****CA Certificates****" & vbNewLine)
For i = 0 To ca.stack.num - 1
cert = Marshal.PtrToStructure(IntPtr.op_Explicit(Marshal.ReadInt32(IntPtr.op_Explicit(ca.stack.data.ToInt32 + 4 * i))), GetType(X509))
Dim certGChandle As GCHandle = GCHandle.Alloc(cert.cert_info, GCHandleType.Pinned)
Dim pCertInfo As IntPtr = certGChandle.AddrOfPinnedObject
fprintf(fp, "subject=")
fprintf(fp, X509_NAME_oneline(IntPtr.op_Explicit(Marshal.ReadInt32(IntPtr.op_Explicit(Marshal.ReadInt32(pCertInfo) + 20))), 0, 0))
fprintf(fp, vbNewLine & "issuer=")
fprintf(fp, X509_NAME_oneline(IntPtr.op_Explicit(Marshal.ReadInt32(IntPtr.op_Explicit(Marshal.ReadInt32(pCertInfo) + 12))), 0, 0))
fprintf(fp, vbNewLine)
PEM_write_X509_AUX(fp, IntPtr.op_Explicit(Marshal.ReadInt32(IntPtr.op_Explicit(ca.stack.data.ToInt32 + 4 * i))))
certGChandle.Free()
Next
End If
fclose(fp)
EVP_PKEY_free(IntPtr.op_Explicit(Marshal.ReadInt32(pPkey)))
X509_free(IntPtr.op_Explicit(Marshal.ReadInt32(pCert)))
sk_free(IntPtr.op_Explicit(Marshal.ReadInt32(pCa)))
GCHca.Free()
GCHcert.Free()
GCHpkey.Free()
Marshal.FreeHGlobal(errBuf)
Return 0
End Function