使用bouncy castle我创建了一个X.509v3证书,我使用以下代码:
{
X509Certificate2 cerca= creer_ca("CA_certifcate"); // creer_ca is a function that create the autority
Console.WriteLine("create a certificaet RSA signed by CA_certificate ");
var kpgen = new RsaKeyPairGenerator();
kpgen.Init(new KeyGenerationParameters(new SecureRandom(new CryptoApiRandomGenerator()), 1024));
var cerKp = kpgen.GenerateKeyPair();
//champs certificat
string certSubjectName = "test_RSA";
var certName = new X509Name("CN="+certSubjectName);
var serialNo = BigInteger.ProbablePrime(120, new Random());
X509V3CertificateGenerator gen2 = new X509V3CertificateGenerator();
gen2.SetSerialNumber(serialNo);
gen2.SetSubjectDN(certName);
gen2.SetIssuerDN(new X509Name(true, cerca.Subject)); // le nom de l'autorité
gen2.SetNotBefore(DateTime.Now.Subtract(new TimeSpan(30, 0, 0, 0)));
gen2.SetNotAfter(DateTime.Now.AddYears(2));
gen2.SetSignatureAlgorithm("sha512WithRSA");
gen2.SetPublicKey(cerKp.Public);
AsymmetricCipherKeyPair akp = DotNetUtilities.GetKeyPair(cerca.PrivateKey);
Org.BouncyCastle.X509.X509Certificate newCert = gen2.Generate(akp.Private);
// used for getting a private key
X509Certificate2 userCert = ConvertToWindows(newCert, cerKp);
byte[] cert = DotNetUtilities.ToX509Certificate(newCert).Export(System.Security.Cryptography.X509Certificates.X509ContentType.Pkcs12, "password");
var certif = new X509Certificate2(cert, "password");
X509Store store = new X509Store("Root", StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadWrite);
store.Add(certif);
}
显示证书时,会显示以下信息(一般角度)
Windows ne se dispose pas des informations suffisantes pour vérifier le certificat
意味着
Windows does not have sufficient information to verify the certificate
为了创建权限我使用makecert,如下所示:
public static X509Certificate2 creer_ca(string ca_name)
{
try
{
Process.Start("makecert.exe", "-r -pe -n \"O=" + ca_name + ",CN=" + ca_name + " \" -ss Root -sky exchange -sp \"Microsoft RSA Schannel Cryptographic Provider\" -sy 12 -len 2048 -a sha1 certificat_" + ca_name+ ".cer");
}
catch
{
Console.WriteLine("echec création de l'autorité");
}
X509Store store = new X509Store(StoreName.Root, StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadWrite);
X509Certificate2Collection collection = (X509Certificate2Collection)store.Certificates;
X509Certificate2Collection fcollection = (X509Certificate2Collection)collection.Find(X509FindType.FindByTimeValid, DateTime.Now, false);
X509Certificate2 certificateR = new X509Certificate2();
bool trouvé = false;
foreach (X509Certificate2 x509 in fcollection)
{
if (x509.GetNameInfo(X509NameType.SimpleName, true) == ca_name)
{
trouvé = true;
certificateR = x509;
break;
}
}
store.Close();
X509Certificate2 caCert = new X509Certificate2();
if (trouvé == false)
{
Console.WriteLine ("le certificat de nom " + ca_name+ " n'a pas été trouvé");
}
else
{
Console.WriteLine ("le certificat de nom " + ca_name+ " a été trouvé");
caCert= certificateR;
}
return (caCert); //the authority is created succesfully,
}