C # Create a digital certificate and export it as a PFX and use PFX for asymmetric plus decryption

This article source program download: http://download.csdn.net/source/2444494

In my project, with security in mind, you need to distribute a digital certificate for each client while using the public private key in the digital certificate to decrypt the data. In order to complete this security module, a close-up of the following demo program, the demo program contains the features are:

1: Call. NET2.0 MakeCert creates a digital certificate containing the private key and stores it in the personal certificate area;

2: Export the certificate as a PFX file and assign it a password to open the PFX file;

3: Read the PFX file, export the public key and private key in PFX;

4: Encrypt the data with the public key in the PFX certificate, and decrypt the data with the private key;

System interface:

The code is as follows:

<summary>////Export the certificate from the certificate store and store it as a PFX file, while specifying an open password for the PFX file///This function also demonstrates how to encrypt with the public key, the private key is decrypted//          </summary>//<param name= "sender" ></param>//<param name= "E" ></param> private void Btn_topfxfile_click (object sender, EventArgs e) {X509store store = new x509st              Ore (storename.my, storelocation.currentuser); Store.              Open (Openflags.readwrite); X509Certificate2Collection storecollection = (x509certificate2collection) store.              certificates; foreach (X509Certificate2 x509 in storecollection) {if (x509. Subject = = "Cn=luminji") {Debug.Print (String. Format ("certificate name: {0}", X509.                      Subject)); byte[] Pfxbyte = x509.                      Export (x509contenttype.pfx, "123");                    using (FileStream FileStream = new FileStream ("luminji.pfx", FileMode.Create))  {//Write the data to the file, byte by byte.                          for (int i = 0; i < pfxbyte.length; i++) Filestream.writebyte (Pfxbyte[i]);                          Set the stream position to the beginning of the file.                          Filestream.seek (0, Seekorigin.begin);                          Read and verify the data. for (int i = 0; i < filestream.length; i++) {if (pfxbyte[i]! = F                                   Ilestream.readbyte ()) {Debug.Print ("Error writing data.");                              Return                          }} filestream.close ();                      Debug.Print ("The data is written to {0}" + "and verified.", Filestream.name); } string myname = "My name is luminji!                      And I love huzhonghua! "; String enstr = this. Rsaencrypt (X509.                      PublicKey.Key.ToXmlString (False), myname);                      MessageBox.Show ("Ciphertext is:" + enstr); String destr = this. Rsadecrypt (X509.                      Privatekey.toxmlstring (True), enstr);                  MessageBox.Show ("Clear text is:" + destr); }} store.              Close ();              store = null;          Storecollection = null; }///<summary>//Create a certificate with private key///</summary>//<param name= "Sender" &G t;</param>//<param name= "E" ></param> private void Btn_createpfx_click (object sender , EventArgs e) {string MakeCert = "C://program files//microsoft Visual Studio 8//sdk//v2.0//bin//ma              Kecert.exe ";              String x509name = "Cn=luminji";            string param = "-pe-ss my-n/" "+ X509name +"/"";  Process p = process.start (MakeCert, param);              p.WaitForExit ();              P.close ();          MessageBox.Show ("over"); }///<summary>///Read certificate information from PFX file///</summary>//<param name= "sender "></param>//<param name=" E "></param> private void Btn_readfrompfxfile (object sen              Der, EventArgs e) {x509certificate2 pc = new X509Certificate2 ("luminji.pfx", "123"); MessageBox.Show ("Name:" + PC.              Subjectname.name); MessageBox.Show ("Public:" + PC.)              Publickey.tostring ()); MessageBox.Show ("Private:" + PC.              Privatekey.tostring ());          PC = NULL; }//<summary>//RSA decryption//</summary>/<param name= "Xmlprivatekey "></param>//<param name=" m_strdecryptstring "></param>//<returns></re Turns> Public STring Rsadecrypt (String xmlprivatekey, String m_strdecryptstring) {RSACryptoServiceProvider provide              R = new RSACryptoServiceProvider (); Provider.              Fromxmlstring (Xmlprivatekey);              byte[] RGB = convert.frombase64string (m_strdecryptstring); byte[] bytes = provider.              Decrypt (RGB, false); return new UnicodeEncoding ().          GetString (bytes); }//<summary>//RSA encryption//</summary>//<param name= "Xmlpublickey" ></param>//<param name= "m_strencryptstring" ></param>//<returns></ret Urns> public string Rsaencrypt (string Xmlpublickey, String m_strencryptstring) {Rsacryp              Toserviceprovider Provider = new RSACryptoServiceProvider (); Provider.              Fromxmlstring (Xmlpublickey); byte[] bytes = new UnicodeEncoding ().              GetBytes (m_strencryptstring); Return Convert.tobasE64string (provider.          Encrypt (bytes, false));   }

The

Above is a sample program, and a complete certificate tool class is as follows:

public sealed class Datacertificate {#region Generate a certificate///<summary>//According to the specified certificate title and Makece          RT Full Path Generation certificate (contains public and private keys and saved in my store)///</summary>//<param name= "Subjectname" ></param> <param name= "Makecertpath" ></param>///<returns></returns> public STA TIC bool Createcertwithprivatekey (string subjectname, String makecertpath) {subjectname = "cn=" + S              Ubjectname;              string param = "-pe-ss my-n/" "+ Subjectname +"/"";                  try {Process p = process.start (Makecertpath, param);                  p.WaitForExit ();              P.close (); } catch (Exception e) {Logrecord.puterrorlog (e.tostring (), "Datacerficate.crea                  Tecertwithprivatekey ");              return false;          } return true;         } #endregion  #region file Import/export///<summary>///from the personal my area of the Windows certificate store to find a certificate subject to Subjectname,///and export it as a PFX file, Specify a password for both//and remove the certificate from the personal area (if Isdelfromstor is true)///</summary>//<param name= "Subjec Tname "> Certificate subject, not including cn=</param>//<param name=" pfxfilename ">pfx file name </param>//<par          AM name= "password" >pfx file password </param>///<param Name= "Isdelfromstore" > whether to remove from storage </param>              <returns></returns> public static bool Exporttopfxfile (string subjectname, String pfxfilename,              string password, bool isdelfromstore) {subjectname = "cn=" + subjectname;              X509store store = new X509store (storename.my, Storelocation.currentuser); Store.              Open (Openflags.readwrite); X509Certificate2Collection storecollection = (x509certificate2collection) store.              certificates; foreach (X509Certificate2 x5Storecollection) {if (x509. Subject = = subjectname) {Debug.Print (String. Format ("certificate name: {0}", X509.                        Subject)); byte[] Pfxbyte = x509.                      Export (x509contenttype.pfx, password);                          using (FileStream FileStream = new FileStream (Pfxfilename, FileMode.Create)) {                          Write the data to the file, and byte by byte.                          for (int i = 0; i < pfxbyte.length; i++) Filestream.writebyte (Pfxbyte[i]);                          Set the stream position to the beginning of the file.                          Filestream.seek (0, Seekorigin.begin);                          Read and verify the data. for (int i = 0; i < filestream.length; i++) {if (pfxbyte[i]! = F Ilestream.readbyte ()) {                                  Logrecord.puterrorlog ("Export PFX error while verify the PFX file!", "exporttopfxfile");                                  Filestream.close ();                              return false;                      }} filestream.close (); } if (Isdelfromstore = = True) store.                  Remove (X509); }} store.              Close ();              store = null;              Storecollection = null;          return true;          }////<summary>//from the personal my area of the Windows certificate store, find the certificate subject to Subjectname,///and export as a CER file (that is, only the public key is included) </summary>//<param name= "subjectname" ></param>//<param name= "Cerfilena Me "></param>///<returns></returns> public static bool Exporttocerfile (String subj  Ectname, String cerfilename)        {subjectname = "cn=" + subjectname;              X509store store = new X509store (storename.my, Storelocation.currentuser); Store.              Open (Openflags.readwrite); X509Certificate2Collection storecollection = (x509certificate2collection) store.              certificates; foreach (X509Certificate2 x509 in storecollection) {if (x509. Subject = = subjectname) {Debug.Print (String. Format ("certificate name: {0}", X509.                      Subject)); byte[] Pfxbyte = x509.                      Export (x509contenttype.pfx, password); byte[] Cerbyte = x509.                      Export (X509contenttype.cert);                          using (FileStream FileStream = new FileStream (Cerfilename, FileMode.Create)) {                          Write the data to the file, and byte by byte. for (int i = 0; i < cerbyte.length; i++) Filestream.writebyte (Cerbyte[i]);                          Set the stream position to the beginning of the file.                          Filestream.seek (0, Seekorigin.begin);                          Read and verify the data. for (int i = 0; i < filestream.length; i++) {if (cerbyte[i]! = F Ilestream.readbyte ()) {Logrecord.puterrorlog ("Export CER er                                  Ror while verify the CERT file! "," exporttocerfile ");                                  Filestream.close ();                              return false;                      }} filestream.close (); }}} store.              Close ();              store = null;              Storecollection = null;          return true; #endregion #region Get information from the certificate//<summary>         The certificate entity is obtained according to the private key certificate, and the entity can be decrypted according to its public key and private key.//Add decryption function use Dencrypt rsacryption class//</summary>          <param name= "Pfxfilename" ></param>///<param name= "password" ></param>               <returns></returns> public static X509Certificate2 Getcertificatefrompfxfile (String pfxfilename, string password) {try {return new X509Certificate2 (PFX              FileName, password, x509keystorageflags.exportable); } catch (Exception e) {logrecord.puterrorlog ("Get certificate from PFX" + PFXF                  Ilename + "Error:" + e.tostring (), "getcertificatefrompfxfile");              return null; }}///<summary>///to the store for certificates///</summary>//<param name= "Subjectname" ></param>//<returns></returns> public static X509Certificate2 getcertificatefromstore (String subjectname) {Subjectna              me = "cn=" + subjectname;              X509store store = new X509store (storename.my, Storelocation.currentuser); Store.              Open (Openflags.readwrite); X509Certificate2Collection storecollection = (x509certificate2collection) store.              certificates; foreach (X509Certificate2 x509 in storecollection) {if (x509.                  Subject = = subjectname) {return x509; }} store.              Close ();              store = null;              Storecollection = null;          return null; }///<summary>///Based on public key certificate, return certificate entity///</summary>//<param name= "Cerpa TH "></param> public static X509Certificate2 Getcertfromcerfile (string cerpath) {T         ry {         return new X509Certificate2 (Cerpath); } catch (Exception e) {Logrecord.puterrorlog (e.tostring (), "Datacertificate.lo                  Adstudentpublickey ");              return null;   }} #endregion}

　　

C # Create a digital certificate and export it as a PFX and use PFX for asymmetric plus decryption