如何使用IE11和certenroll与SHA256签署PKCS10证书请求?

时间:2019-04-04 11:08:31

标签: javascript internet-explorer certenroll

我正在Internet Explorer 11中使用Certenroll创建PKCS10证书签名请求,以发送给证书颁发机构。

按现状,使用SHA1哈希对CertEnroll生成的CSR进行签名,如下所示:

Signature Algorithm: sha1WithRSAEncryption

使用SHA256(而不是SHA1)对CSR进行签名时,我需要对以下代码进行哪些更改?

        var objCSP = objCertEnrollClassFactory.CreateObject("X509Enrollment.CCspInformation");
        var objCSPs = objCertEnrollClassFactory.CreateObject("X509Enrollment.CCspInformations");
        var objPrivateKey = objCertEnrollClassFactory.CreateObject("X509Enrollment.CX509PrivateKey");
        var objRequest = objCertEnrollClassFactory.CreateObject("X509Enrollment.CX509CertificateRequestPkcs10")
        var objObjectIds = objCertEnrollClassFactory.CreateObject("X509Enrollment.CObjectIds");
        var objObjectId = objCertEnrollClassFactory.CreateObject("X509Enrollment.CObjectId");
        var objX509ExtensionEnhancedKeyUsage = objCertEnrollClassFactory.CreateObject("X509Enrollment.CX509ExtensionEnhancedKeyUsage");
        var objExtensionTemplate = objCertEnrollClassFactory.CreateObject("X509Enrollment.CX509ExtensionTemplateName")
        var objDn = objCertEnrollClassFactory.CreateObject("X509Enrollment.CX500DistinguishedName")
        var objEnroll = objCertEnrollClassFactory.CreateObject("X509Enrollment.CX509Enrollment")

        /* initialize the CSP using the desired Cryptograhic Service Provider */
        objCSP.InitializeFromName("Microsoft Enhanced RSA and AES Cryptographic Provider");

        /* add this CSP to the CSP collection */
        objCSPs.Add(objCSP);

        /* provide key container name, key length and key spec to the private key object */
        //objPrivateKey.ContainerName = $('#name').val();
        objPrivateKey.Length = $('#keylength').val();
        objPrivateKey.KeySpec = 1; // AT_KEYEXCHANGE = 1
        objPrivateKey.ProviderType = '24'; // XCN_PROV_RSA_AES = 24

        /* provide the CSP collection object (in this case containing only 1 CSP object) */
        /* to the private key object */
        objPrivateKey.CspInformations = objCSPs;

        /* initialize P10 based on private key */
        objRequest.InitializeFromPrivateKey(1, objPrivateKey, ""); // context user = 1

        /* 1.3.6.1.5.5.7.3.2 Oid - extension */
        objObjectId.InitializeFromValue("1.3.6.1.5.5.7.3.2");
        objObjectIds.Add(objObjectId);
        objX509ExtensionEnhancedKeyUsage.InitializeEncode(objObjectIds);
        objRequest.X509Extensions.Add(objX509ExtensionEnhancedKeyUsage);

        /* DN related stuff */
        objDn.Encode("CN=" + $('#name').val(), 0); // XCN_CERT_NAME_STR_NONE = 0
        objRequest.Subject = objDn;

        /* enroll */
        objEnroll.InitializeFromRequest(objRequest);
        $("#pkcs10").val(objEnroll.CreateRequest(3)); // XCN_CRYPT_STRING_BASE64REQUESTHEADER = 3

0 个答案:

没有答案
相关问题
最新问题