C # create a digital certificate, export it as pfx, and use pfx for asymmetric encryption and decryption

Source: Internet
Author: User
Tags asymmetric encryption pfx file

Source program download: http://download.csdn.net/source/2444494

 

In my project, to ensure security, we need to distribute a digital certificate to each client and use the public/private key in the digital certificate for data encryption and decryption. To complete this security module, a close-up is shown in the following demo program. The demo program includes the following functions:

1: Call makecert of. net2.0 to create a digital certificate containing the private key and store it in the personal certificate area;

2: export the certificate as a pfx file and specify a password for it to open the pfx file;

3: Read the pfx file and export the public and private keys in pfx;

4: encrypt data with the public key in the pfx certificate and decrypt data with the private key;

 

System interface:

 

The Code is as follows:

/// <Summary> <br/> // export the certificate from the certificate storage area and store it as a pfx file, specify the opened password for the pfx file <br/> // This function also demonstrates how to use the public key for encryption, private Key decryption <br/> /// </Summary> <br/> /// <Param name = "sender"> </param> <br/> // /<Param name = "E"> </param> <br/> private void btn_topfxfile_click (Object sender, eventargs e) <br/>{< br/> x509store store = new x509store (storename. my, storelocation. currentuser); <br/> store. open (openflags. readwrite); <br/> x509cert Ificate2collection storecollection = (x509certificate2collection) store. certificates; <br/> foreach (x509certificate2 X509 in storecollection) <br/>{< br/> If (x509.subject = "cn = luminji ") <br/>{< br/> debug. print (string. format ("Certificate Name: {0}", x509.subject); <br/> byte [] pfxbyte = x509.export (x509contenttype. pfx, "123"); <br/> using (filestream = new filestream ("luminji. pfx", Filemode. create) <br/>{< br/> // write the data to the file, byte by byte. <br/> for (INT I = 0; I <pfxbyte. length; I ++) <br/> filestream. writebyte (pfxbyte [I]); <br/> // set the stream position to the beginning of the file. <br/> filestream. seek (0, seekorigin. begin); <br/> // read and verify the data. <br/> for (INT I = 0; I <filestream. length; I ++) <br/>{< br/> If (pfxbyte [I]! = Filestream. readbyte () <br/>{< br/> debug. print ("error writing data. "); <br/> return; <br/>}< br/> filestream. close (); <br/> debug. print ("the data was written to {0}" + <br/> "and verified. ", filestream. name); <br/>}< br/> string myname = "My name is luminji! And I love huzhonghua! "; <Br/> string enstr = This. rsaencrypt (x509.publickey. key. toxmlstring (false), myname); <br/> MessageBox. show ("ciphertext:" + enstr); <br/> string destr = This. rsadecrypt (x509.privatekey. toxmlstring (true), enstr); <br/> MessageBox. show ("plaintext:" + destr); <br/>}< br/> store. close (); <br/> store = NULL; <br/> storecollection = NULL; <br/>}< br/> /// <summary> <br/> // create a certificate with a private key <br/> /// </Summary> <br/> // <Param name = "sender"> </param> <br/> // <Param name = "E"> </param> <br/> private void btn_createpfx_click (Object sender, eventargs e) <br/>{< br/> string makecert = "C: // program files // Microsoft Visual Studio 8 // SDK // V2.0 // bin // makecert.exe "; <br/> string x509name =" cn = luminji "; <br/> string Param = "-pe-SS my-N/" "+ x509name +"/""; <br/> PROCESS p = process. start (makecert, Param); <br/> P. waitforexit (); <br/> P. close (); <br/> MessageBox. show ("over "); <br/>}< br/> /// <summary> <br/> // read certificate information from the pfx file <br/> /// </Summary> <br/> // <Param name = "sender"> </param> <br/> // <Param name = "E"> </param> <br/> private void btn_readfrompfxfile (Object sender, eventargs e) <br/>{< br/> x509certificate2 Pc = new x509certificate2 ("luminji. pfx "," 123 "); <br/> MessageBox. show ("name:" + PC. subjectname. name); <br/> MessageBox. show ("public:" + PC. publickey. tostring (); <br/> MessageBox. show ("Private:" + PC. privatekey. tostring (); <br/> Pc = NULL; <br/>}< br/> /// <summary> <br/> // RSA decryption <br/> /// </Summary> <br/>/ // <Param name = "xmlprivatekey"> </param> <br/> // <Param name = "m_strdecryptstring"> </param> <br/> /// <returns> </returns> <br/> Public String rsadecrypt (string xmlprivatekey, string m_strdecryptstring) <br/>{< br/> rsacryptoserviceprovider provider = new rsacryptoserviceprovider (); <br/> provider. fromxmlstring (xmlprivatekey); <br/> byte [] RGB = convert. frombase64string (m_strdecryptstring); <br/> byte [] bytes = provider. decrypt (RGB, false); <br/> return New unicodeencoding (). getstring (bytes ); <br/>}< br/> /// <summary> <br/> // RSA encryption <br/> /// </Summary> <br/>/ // <Param name = "xmlpublickey"> </param> <br/> // <Param name = "m_strencryptstring"> </param> <br/> /// <returns> </returns> <br/> Public String rsaencrypt (string xmlpublickey, string m_strencryptstring) <br/>{< br/> rsacryptoserviceprovider provider = new rsacryptoserviceprovider (); <br/> provider. fromxmlstring (xmlpublickey); <br/> byte [] bytes = new unicodeencoding (). getbytes (m_strencryptstring); <br/> return convert. tobase64string (provider. encrypt (bytes, false); <br/>}

 

The above is a sample program. A complete certificate tool class is as follows:

Public sealed class datacertificate <br/>{< br/> # region generate a certificate <br/> /// <summary> <br/> // Based on the specified Certificate Name and makecert generate a certificate (including the public key and private key, and save it to my bucket) <br/> // </Summary> <br/> // <Param name = "subjectname"> </param> <br/> // <Param name = "makecertpath"> </param> <br/> // <returns> </returns> <br/> Public static bool createcertwithprivatekey (string subjectname, string makecertpath) <br/>{< br/> subjectname = "cn = "+ Subjectname; <br/> string Param ="-pe-SS my-N/"" + subjectname + "/""; <br/> try <br/> {<br/> PROCESS p = process. start (makecertpath, Param); <br/> P. waitforexit (); <br/> P. close (); <br/>}< br/> catch (exception e) <br/>{< br/> logrecord. puterrorlog (E. tostring (), "datacerficate. createcertwithprivatekey "); <br/> return false; <br/>}< br/> return true; <br/>}< br/> # endregion </P> <p> # Import and export the region file <br/> /// <summary> <br/> // find the certificate with the topic subjectname from the personal my area in the Windows certificate storage area, <br/> /// export it as a pfx file, specify a password for it <br/> /// and delete the certificate from the personal zone (if isdelfromstor is true) <br/> /// </Summary> <br/> /// <Param name = "subjectname"> certificate topic, does not contain Cn = </param> <br/> // <Param name = "pfxfilename"> pfx file name </param> <br/> // <Param name = "password"> pfx File Password </param> <br/> /// <Param name = "isdelfromstore"> whether to delete from the bucket </param> <br/>// /<Returns> </returns> <br/> Public static bool exporttopfxfile (string subjectname, string pfxfilename, <br/> string password, bool isdelfromstore) <br/> {<br/> subjectname = "cn =" + subjectname; <br/> x509store store = new x509store (storename. my, storelocation. currentuser); <br/> store. open (openflags. readwrite); <br/> x509certificate2collection storecollection = (x509certificate2collection) store. Certificates; <br/> foreach (x509certificate2 X509 in storecollection) <br/>{< br/> If (x509.subject = subjectname) <br/>{< br/> debug. print (string. format ("Certificate Name: {0}", x509.subject); </P> <p> byte [] pfxbyte = x509.export (x509contenttype. pfx, password); <br/> using (filestream = new filestream (pfxfilename, filemode. create) <br/>{< br/> // write the data to the file, byte By byte. <br/> for (INT I = 0; I <pfxbyte. length; I ++) <br/> filestream. writebyte (pfxbyte [I]); <br/> // set the stream position to the beginning of the file. <br/> filestream. seek (0, seekorigin. begin); <br/> // read and verify the data. <br/> for (INT I = 0; I <filestream. length; I ++) <br/>{< br/> If (pfxbyte [I]! = Filestream. readbyte () <br/>{< br/> logrecord. puterrorlog ("Export pfx error while verify the pfx file! "," Exporttopfxfile "); <br/> filestream. close (); <br/> return false; <br/>}< br/> filestream. close (); <br/>}< br/> If (isdelfromstore = true) <br/> store. remove (X509); <br/>}< br/> store. close (); <br/> store = NULL; <br/> storecollection = NULL; <br/> return true; <br/>}< br/> /// <summary> <br/> // find the certificate with the topic subjectname in my partition of the Windows certificate store, <br/> // and export it as a CER file (that is, only public key included) <br/> /// </Summary> <br/> /// <Param name = "subjectname"> </param> <br/> /// <Param name = "cerfilename"> </ param> <br/> // <returns> </returns> <br/> Public static bool exporttocerfile (string subjectname, string cerfilename) <br/>{< br/> subjectname = "cn =" + subjectname; <br/> x509store store = new x509store (storename. my, storelocation. currentuser); <br/> store. open (openflags. readwrite); <br/> x509certifica Te2collection storecollection = (x509certificate2collection) store. certificates; <br/> foreach (x509certificate2 X509 in storecollection) <br/>{< br/> If (x509.subject = subjectname) <br/>{< br/> debug. print (string. format ("Certificate Name: {0}", x509.subject); <br/> // byte [] pfxbyte = x509.export (x509contenttype. pfx, password); <br/> byte [] cerbyte = x509.export (x509contenttype. CERT); <br/> us Ing (filestream = new filestream (cerfilename, filemode. create) <br/>{< br/> // write the data to the file, byte by byte. <br/> for (INT I = 0; I <cerbyte. length; I ++) <br/> filestream. writebyte (cerbyte [I]); <br/> // set the stream position to the beginning of the file. <br/> filestream. seek (0, seekorigin. begin); <br/> // read and verify the data. <br/> for (INT I = 0; I <filestream. Length; I ++) <br/>{< br/> If (cerbyte [I]! = Filestream. readbyte () <br/>{< br/> logrecord. puterrorlog ("Export CER error while verify the cert file! "," Exporttocerfile "); <br/> filestream. close (); <br/> return false; <br/>}< br/> filestream. close (); <br/>}< br/> store. close (); <br/> store = NULL; <br/> storecollection = NULL; <br/> return true; <br/>}< br/> # endregion </P> <p> # region obtains information from the certificate <br/> /// <summary> <br/>/ // obtain the certificate entity based on the private key certificate, after obtaining the object, you can perform encryption and decryption based on its public key and private key <br/> // the encryption and decryption function uses the dencrypt rsacryption class <br/> /// </Summary> <br/> // <Param name = "pfxfilename"> </param> <br/> // <Param name = "password"> </param> <br/ >/// <returns> </returns> <br/> Public static x509certificate2 getcertificatefrompfxfile (string pfxfilename, <br/> string password) <br/> {<br/> try <br/> {<br/> return New x509certificate2 (pfxfilename, password, x509keystorageflags. exportable); <br/>}< br/> catch (exception e) <br/>{< br/> logrecord. puterrorlog ("Get certificate from pfx" + pfxfilename + "error:" + E. tostring (), <br/> "getcertificatefrompfxfile"); <br/> return NULL; <br/>}< br/> // <summary> <br/> // obtain the certificate from the storage area <br/> // </Summary> <br/> /// <Param name = "subjectname"> </param> <br/> /// <returns> </returns> <br/> public static x509certificate2 getcertificatefromstore (string subjectname) <br/> {<br/> subjectname = "cn =" + subjectname; <br/> x509store store = new x509store (storename. my, storelocation. currentuser); <br/> store. open (openflags. readwrite); <br/> x509certificate2collection storecollection = (x509certificate2collection) store. certificates; <br/> foreach (x509certificate2 X509 in storecollection) <br/>{< br/> If (x509.subject = subjectname) <br/>{< br/> return X509; <br/>}< br/> store. close (); <br/> store = NULL; <br/> storecollection = NULL; <br/> return NULL; <br/>}< br/> /// <summary> <br/> // based on the public key certificate, return certificate entity <br/> /// </Summary> <br/> /// <Param name = "cerpath"> </param> <br/> Public static x509certificate2 getcertfromcerfile (string cerpath) <br/>{< br/> try <br/> {<br/> return New x509certificate2 (cerpath); <br/>}< br/> catch (exception E) <br/>{< br/> logrecord. puterrorlog (E. tostring (), "datacertificate. loadstudentpublickey "); <br/> return NULL; <br/>}< br/> # endregion <br/>}

 

 

 

 

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.