C # create a digital certificate, export it as pfx, and use pfx for asymmetric encryption and decryption

Source program download: http://download.csdn.net/source/2444494

 

In my project, to ensure security, we need to distribute a digital certificate to each client and use the public/private key in the digital certificate for data encryption and decryption. To complete this security module, a close-up is shown in the following demo program. The demo program includes the following functions:

1: Call makecert of. net2.0 to create a digital certificate containing the private key and store it in the personal certificate area;

2: export the certificate as a pfx file and specify a password for it to open the pfx file;

3: Read the pfx file and export the public and private keys in pfx;

4: encrypt data with the public key in the pfx certificate and decrypt data with the private key;

 

System interface:

 

The Code is as follows:

/// <Summary> <br/> // export the certificate from the certificate storage area and store it as a pfx file, specify the opened password for the pfx file <br/> // This function also demonstrates how to use the public key for encryption, private Key decryption <br/> /// </Summary> <br/> /// <Param name = "sender"> </param> <br/> // /<Param name = "E"> </param> <br/> private void btn_topfxfile_click (Object sender, eventargs e) <br/>{< br/> x509store store = new x509store (storename. my, storelocation. currentuser); <br/> store. open (openflags. readwrite); <br/> x509cert Ificate2collection storecollection = (x509certificate2collection) store. certificates; <br/> foreach (x509certificate2 X509 in storecollection) <br/>{< br/> If (x509.subject = "cn = luminji ") <br/>{< br/> debug. print (string. format ("Certificate Name: {0}", x509.subject); <br/> byte [] pfxbyte = x509.export (x509contenttype. pfx, "123"); <br/> using (filestream = new filestream ("luminji. pfx", Filemode. create) <br/>{< br/> // write the data to the file, byte by byte. <br/> for (INT I = 0; I <pfxbyte. length; I ++) <br/> filestream. writebyte (pfxbyte [I]); <br/> // set the stream position to the beginning of the file. <br/> filestream. seek (0, seekorigin. begin); <br/> // read and verify the data. <br/> for (INT I = 0; I <filestream. length; I ++) <br/>{< br/> If (pfxbyte [I]! = Filestream. readbyte () <br/>{< br/> debug. print ("error writing data. "); <br/> return; <br/>}< br/> filestream. close (); <br/> debug. print ("the data was written to {0}" + <br/> "and verified. ", filestream. name); <br/>}< br/> string myname = "My name is luminji! And I love huzhonghua! "; <Br/> string enstr = This. rsaencrypt (x509.publickey. key. toxmlstring (false), myname); <br/> MessageBox. show ("ciphertext:" + enstr); <br/> string destr = This. rsadecrypt (x509.privatekey. toxmlstring (true), enstr); <br/> MessageBox. show ("plaintext:" + destr); <br/>}< br/> store. close (); <br/> store = NULL; <br/> storecollection = NULL; <br/>}< br/> /// <summary> <br/> // create a certificate with a private key <br/> /// </Summary> <br/> // <Param name = "sender"> </param> <br/> // <Param name = "E"> </param> <br/> private void btn_createpfx_click (Object sender, eventargs e) <br/>{< br/> string makecert = "C: // program files // Microsoft Visual Studio 8 // SDK // V2.0 // bin // makecert.exe "; <br/> string x509name =" cn = luminji "; <br/> string Param = "-pe-SS my-N/" "+ x509name +"/""; <br/> PROCESS p = process. start (makecert, Param); <br/> P. waitforexit (); <br/> P. close (); <br/> MessageBox. show ("over "); <br/>}< br/> /// <summary> <br/> // read certificate information from the pfx file <br/> /// </Summary> <br/> // <Param name = "sender"> </param> <br/> // <Param name = "E"> </param> <br/> private void btn_readfrompfxfile (Object sender, eventargs e) <br/>{< br/> x509certificate2 Pc = new x509certificate2 ("luminji. pfx "," 123 "); <br/> MessageBox. show ("name:" + PC. subjectname. name); <br/> MessageBox. show ("public:" + PC. publickey. tostring (); <br/> MessageBox. show ("Private:" + PC. privatekey. tostring (); <br/> Pc = NULL; <br/>}< br/> /// <summary> <br/> // RSA decryption <br/> /// </Summary> <br/>/ // <Param name = "xmlprivatekey"> </param> <br/> // <Param name = "m_strdecryptstring"> </param> <br/> /// <returns> </returns> <br/> Public String rsadecrypt (string xmlprivatekey, string m_strdecryptstring) <br/>{< br/> rsacryptoserviceprovider provider = new rsacryptoserviceprovider (); <br/> provider. fromxmlstring (xmlprivatekey); <br/> byte [] RGB = convert. frombase64string (m_strdecryptstring); <br/> byte [] bytes = provider. decrypt (RGB, false); <br/> return New unicodeencoding (). getstring (bytes ); <br/>}< br/> /// <summary> <br/> // RSA encryption <br/> /// </Summary> <br/>/ // <Param name = "xmlpublickey"> </param> <br/> // <Param name = "m_strencryptstring"> </param> <br/> /// <returns> </returns> <br/> Public String rsaencrypt (string xmlpublickey, string m_strencryptstring) <br/>{< br/> rsacryptoserviceprovider provider = new rsacryptoserviceprovider (); <br/> provider. fromxmlstring (xmlpublickey); <br/> byte [] bytes = new unicodeencoding (). getbytes (m_strencryptstring); <br/> return convert. tobase64string (provider. encrypt (bytes, false); <br/>}

 

The above is a sample program. A complete certificate tool class is as follows:

Public sealed class datacertificate <br/>{< br/> # region generate a certificate <br/> /// <summary> <br/> // Based on the specified Certificate Name and makecert generate a certificate (including the public key and private key, and save it to my bucket) <br/> // </Summary> <br/> // <Param name = "subjectname"> </param> <br/> // <Param name = "makecertpath"> </param> <br/> // <returns> </returns> <br/> Public static bool createcertwithprivatekey (string subjectname, string makecertpath) <br/>{< br/> subjectname = "cn = "+ Subjectname; <br/> string Param ="-pe-SS my-N/"" + subjectname + "/""; <br/> try <br/> {<br/> PROCESS p = process. start (makecertpath, Param); <br/> P. waitforexit (); <br/> P. close (); <br/>}< br/> catch (exception e) <br/>{< br/> logrecord. puterrorlog (E. tostring (), "datacerficate. createcertwithprivatekey "); <br/> return false; <br/>}< br/> return true; <br/>}< br/> # endregion </P> <p> # Import and export the region file <br/> /// <summary> <br/> // find the certificate with the topic subjectname from the personal my area in the Windows certificate storage area, <br/> /// export it as a pfx file, specify a password for it <br/> /// and delete the certificate from the personal zone (if isdelfromstor is true) <br/> /// </Summary> <br/> /// <Param name = "subjectname"> certificate topic, does not contain Cn = </param> <br/> // <Param name = "pfxfilename"> pfx file name </param> <br/> // <Param name = "password"> pfx File Password </param> <br/> /// <Param name = "isdelfromstore"> whether to delete from the bucket </param> <br/>// /<Returns> </returns> <br/> Public static bool exporttopfxfile (string subjectname, string pfxfilename, <br/> string password, bool isdelfromstore) <br/> {<br/> subjectname = "cn =" + subjectname; <br/> x509store store = new x509store (storename. my, storelocation. currentuser); <br/> store. open (openflags. readwrite); <br/> x509certificate2collection storecollection = (x509certificate2collection) store. Certificates; <br/> foreach (x509certificate2 X509 in storecollection) <br/>{< br/> If (x509.subject = subjectname) <br/>{< br/> debug. print (string. format ("Certificate Name: {0}", x509.subject); </P> <p> byte [] pfxbyte = x509.export (x509contenttype. pfx, password); <br/> using (filestream = new filestream (pfxfilename, filemode. create) <br/>{< br/> // write the data to the file, byte By byte. <br/> for (INT I = 0; I <pfxbyte. length; I ++) <br/> filestream. writebyte (pfxbyte [I]); <br/> // set the stream position to the beginning of the file. <br/> filestream. seek (0, seekorigin. begin); <br/> // read and verify the data. <br/> for (INT I = 0; I <filestream. length; I ++) <br/>{< br/> If (pfxbyte [I]! = Filestream. readbyte () <br/>{< br/> logrecord. puterrorlog ("Export pfx error while verify the pfx file! "," Exporttopfxfile "); <br/> filestream. close (); <br/> return false; <br/>}< br/> filestream. close (); <br/>}< br/> If (isdelfromstore = true) <br/> store. remove (X509); <br/>}< br/> store. close (); <br/> store = NULL; <br/> storecollection = NULL; <br/> return true; <br/>}< br/> /// <summary> <br/> // find the certificate with the topic subjectname in my partition of the Windows certificate store, <br/> // and export it as a CER file (that is, only public key included) <br/> /// </Summary> <br/> /// <Param name = "subjectname"> </param> <br/> /// <Param name = "cerfilename"> </ param> <br/> // <returns> </returns> <br/> Public static bool exporttocerfile (string subjectname, string cerfilename) <br/>{< br/> subjectname = "cn =" + subjectname; <br/> x509store store = new x509store (storename. my, storelocation. currentuser); <br/> store. open (openflags. readwrite); <br/> x509certifica Te2collection storecollection = (x509certificate2collection) store. certificates; <br/> foreach (x509certificate2 X509 in storecollection) <br/>{< br/> If (x509.subject = subjectname) <br/>{< br/> debug. print (string. format ("Certificate Name: {0}", x509.subject); <br/> // byte [] pfxbyte = x509.export (x509contenttype. pfx, password); <br/> byte [] cerbyte = x509.export (x509contenttype. CERT); <br/> us Ing (filestream = new filestream (cerfilename, filemode. create) <br/>{< br/> // write the data to the file, byte by byte. <br/> for (INT I = 0; I <cerbyte. length; I ++) <br/> filestream. writebyte (cerbyte [I]); <br/> // set the stream position to the beginning of the file. <br/> filestream. seek (0, seekorigin. begin); <br/> // read and verify the data. <br/> for (INT I = 0; I <filestream. Length; I ++) <br/>{< br/> If (cerbyte [I]! = Filestream. readbyte () <br/>{< br/> logrecord. puterrorlog ("Export CER error while verify the cert file! "," Exporttocerfile "); <br/> filestream. close (); <br/> return false; <br/>}< br/> filestream. close (); <br/>}< br/> store. close (); <br/> store = NULL; <br/> storecollection = NULL; <br/> return true; <br/>}< br/> # endregion </P> <p> # region obtains information from the certificate <br/> /// <summary> <br/>/ // obtain the certificate entity based on the private key certificate, after obtaining the object, you can perform encryption and decryption based on its public key and private key <br/> // the encryption and decryption function uses the dencrypt rsacryption class <br/> /// </Summary> <br/> // <Param name = "pfxfilename"> </param> <br/> // <Param name = "password"> </param> <br/ >/// <returns> </returns> <br/> Public static x509certificate2 getcertificatefrompfxfile (string pfxfilename, <br/> string password) <br/> {<br/> try <br/> {<br/> return New x509certificate2 (pfxfilename, password, x509keystorageflags. exportable); <br/>}< br/> catch (exception e) <br/>{< br/> logrecord. puterrorlog ("Get certificate from pfx" + pfxfilename + "error:" + E. tostring (), <br/> "getcertificatefrompfxfile"); <br/> return NULL; <br/>}< br/> // <summary> <br/> // obtain the certificate from the storage area <br/> // </Summary> <br/> /// <Param name = "subjectname"> </param> <br/> /// <returns> </returns> <br/> public static x509certificate2 getcertificatefromstore (string subjectname) <br/> {<br/> subjectname = "cn =" + subjectname; <br/> x509store store = new x509store (storename. my, storelocation. currentuser); <br/> store. open (openflags. readwrite); <br/> x509certificate2collection storecollection = (x509certificate2collection) store. certificates; <br/> foreach (x509certificate2 X509 in storecollection) <br/>{< br/> If (x509.subject = subjectname) <br/>{< br/> return X509; <br/>}< br/> store. close (); <br/> store = NULL; <br/> storecollection = NULL; <br/> return NULL; <br/>}< br/> /// <summary> <br/> // based on the public key certificate, return certificate entity <br/> /// </Summary> <br/> /// <Param name = "cerpath"> </param> <br/> Public static x509certificate2 getcertfromcerfile (string cerpath) <br/>{< br/> try <br/> {<br/> return New x509certificate2 (cerpath); <br/>}< br/> catch (exception E) <br/>{< br/> logrecord. puterrorlog (E. tostring (), "datacertificate. loadstudentpublickey "); <br/> return NULL; <br/>}< br/> # endregion <br/>}