使用C#中的Bouncy Castle创建自签名证书

时间:2011-08-30 19:23:31

标签: c# x509certificate bouncycastle x509 self-signed

我尝试使用C#中的Bouncy Castle创建自签名x509 v3证书

        var kpgen = new RsaKeyPairGenerator();

        kpgen.Init(new KeyGenerationParameters(new SecureRandom(new CryptoApiRandomGenerator()), 1024));

        var cerKp = kpgen.GenerateKeyPair();

        IDictionary attrs = new Hashtable();
        attrs[X509Name.E] = "E-Mail";
        attrs[X509Name.CN] = "Name";
        attrs[X509Name.O] = "SIT";
        attrs[X509Name.C] = "TH";


        IList ord = new ArrayList();
        ord.Add(X509Name.E);
        ord.Add(X509Name.CN);
        ord.Add(X509Name.O);
        ord.Add(X509Name.C);

        X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();

        certGen.SetSerialNumber(BigInteger.One);
        certGen.SetIssuerDN(new X509Name(ord, attrs));
        certGen.SetNotBefore(DateTime.Today.Subtract(new TimeSpan(1, 0, 0, 0)));
        certGen.SetNotAfter(DateTime.Today.AddDays(365));
        certGen.SetSubjectDN(new X509Name(ord, attrs));
        certGen.SetPublicKey(cerKp.Public);
        certGen.SetSignatureAlgorithm("SHA1WithRSA");
        certGen.AddExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false));
        certGen.AddExtension(X509Extensions.AuthorityKeyIdentifier, true, new AuthorityKeyIdentifier(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(cerKp.Public)));
        X509Certificate x509 = certGen.Generate(cerKp.Private);


        System.Security.Cryptography.X509Certificates.X509Certificate x509_ = DotNetUtilities.ToX509Certificate(x509.CertificateStructure);
        System.Security.Cryptography.X509Certificates.X509Certificate2 x509__ = new System.Security.Cryptography.X509Certificates.X509Certificate2(x509_);


        byte[] cert_data = x509__.Export(System.Security.Cryptography.X509Certificates.X509ContentType.Cert);
        byte[] pvk_data = x509__.Export(System.Security.Cryptography.X509Certificates.X509ContentType.Pfx, maskedTextBox1.Text);

        FileStream fs = new FileStream(certificateFileName, FileMode.CreateNew);
        fs.Write(cert_data, 0, cert_data.Length);
        fs.Flush();
        fs.Close();

        FileStream fs2 = new FileStream(privateKeyFileName, FileMode.CreateNew);
        fs2.Write(pvk_data, 0, pvk_data.Length);
        fs2.Flush();
        fs2.Close();

但是当我尝试使用证书签署文件时出现问题

        X509Certificate2 cert = new X509Certificate2(privatekeyfile, password);
        RSACryptoServiceProvider RSA = (RSACryptoServiceProvider)cert.PrivateKey;

RSA为空,因此证书似乎不正确

0 个答案:

没有答案
相关问题
最新问题