使用OpenSSL.net签署证书的问题

时间:2011-07-31 06:41:19

标签: .net vb.net openssl

我正在尝试将OpenSSL.net设置为1)创建用于CA签名的密钥对,以及2)使用此CA创建和签署证书。我已经设法创建了一个RSA / SHA1 X509CertificateAuthority,并创建了一个X509Request和密钥,但我遇到了实际签署请求的问题。

   'create the request and request key
    Dim rsa As OpenSSL.Crypto.RSA = New OpenSSL.Crypto.RSA()
    rsa.GenerateKeys(1024, 65569, Nothing, Nothing)
    Dim req_key As OpenSSL.Crypto.CryptoKey = New OpenSSL.Crypto.CryptoKey(rsa)
    Dim req_key_b As OpenSSL.Core.BIO = OpenSSL.Core.BIO.MemoryBuffer
    req_key_b.Write(req_key.GetRSA.PrivateKeyAsPEM)
    WriteBio(req_key_b, IO.Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "req.key"))

    'make the request
    Dim req As OpenSSL.X509.X509Request = New OpenSSL.X509.X509Request(3, "CN=newcert", req_key)

    Dim req_cert As OpenSSL.X509.X509Certificate = ca.ProcessRequest(req, Now, Now.AddDays(365))
    '** ^^^ Exception on this line ^^^ ***
    Dim req_cert_b As OpenSSL.Core.BIO = OpenSSL.Core.BIO.MemoryBuffer
    req_cert.Write(req_cert_b)
    WriteBio(req_cert_b, IO.Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "req.crt"))

我在上面提到的行上收到了一个OpenSslException,并带有消息

  

错误:0606B06E:数字信封例程:EVP_SignFinal:错误公开   密钥类型错误:0D0C3006:asn1编码例程:ASN1_item_sign:EVP lib

有什么想法吗?

2 个答案:

答案 0 :(得分:1)

我有同样的错误。经过一些研究后,当我手动指定MessageDigest时,它似乎有效:

var certificate = ca.ProcessRequest(req, Now, Now.AddDays(365), MessageDigest.SHA1)

您还可以在openssl.conf中指定默认消息摘要:default_md。但你可能没有配置就初始化了CA,就像我一样:)

var ca = new X509CertificateAuthority(pkcs12.Certificate, pkcs12.PrivateKey, new SimpleSerialNumber(42), null);

我知道你放弃了并使用了BouncyCastle,但希望这对其他人有用:)

答案 1 :(得分:0)

实际上问题是默认摘要方法DSS1在用于签名时会出错。因此,指定其他签名方法将解决问题。