Home > Others

CER Certificate Signature Verification

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

A Cer certificate also needs a signature to prevent the CER certificate from being tampered.

There are two types of certificates:

1. Root Certificate

2. The sub-certificate issued by the root certificate.


The root certificate is special. It is self-signed. The signature and public keys of other sub-certificates are stored in their higher-level certificates.

You can use C # For some verification.

The first is the signature verification of the root certificate.

// Verify the root certificate signature x509certificate2 x509root = new x509certificate2 ("C: \ Users \ Kevin \ Desktop \ kevinroot. CER "); console. writeline ("root certificate verified? : {0} {1} ", x509root. Verify (), environment. newline); // the root certificate is self-signed, so you can pass.
Because the root certificate is self-signed, x509root. Verify () returns true.

Then verify the sub-certificate,

X509certificate2 X509 = new x509certificate2 ("C: \ Users \ Kevin \ Desktop \ childsubject2.cer"); byte [] rawdata = x509.rawdata; console. writeline ("content type: {0} {1}", x509certificate2. getcertcontenttype (rawdata), Environment. newline); console. writeline ("friendly name: {0} {1}", x509.friendlyname, environment. newline); console. writeline ("Certificate verified?: {0} {1} ", x509.verify (), Environment. newline); console. writeline ("simple name: {0} {1}", x509.getnameinfo (x509nametype. simplename, true), Environment. newline); console. writeline ("signature algorithm: {0} {1}", x509.signaturealgorithm. friendlyname, environment. newline); // console. writeline ("Private Key: {0} {1}", x509.privatekey. toxmlstring (false), Environment. newline); // There is no private key information in cer console. writel INE ("Public Key: {0} {1}", x509.publickey. Key. toxmlstring (false), environment. newline); console. writeline ("Certificate archived?: {0} {1} ", x509.archived, environment. newline); console. writeline ("length of raw data: {0} {1}", x509.rawdata. length, environment. newline );
Here, I use a self-created sub-certificate. x509.verify () always returns false. Even if I import the root certificate to "trust", false is returned. I don't know why. However, if I use a company certificate (issued by Verisign), I can return true. I don't know if it is my own root certificate. What are the configuration problems with the sub-certificate? I will study it again when I have time.The same is true for verification.

The following code is used to check the entire certificate chain.

        //Output chain information of the selected certificate.        X509Chain ch = new X509Chain();        ch.Build(x509);        Console.WriteLine("Chain Information");        ch.ChainPolicy.RevocationMode = X509RevocationMode.Online;        Console.WriteLine("Chain revocation flag: {0}", ch.ChainPolicy.RevocationFlag);        Console.WriteLine("Chain revocation mode: {0}", ch.ChainPolicy.RevocationMode);        Console.WriteLine("Chain verification flag: {0}", ch.ChainPolicy.VerificationFlags);        Console.WriteLine("Chain verification time: {0}", ch.ChainPolicy.VerificationTime);        Console.WriteLine("Chain status length: {0}", ch.ChainStatus.Length);        Console.WriteLine("Chain application policy count: {0}", ch.ChainPolicy.ApplicationPolicy.Count);        Console.WriteLine("Chain certificate policy count: {0} {1}", ch.ChainPolicy.CertificatePolicy.Count, Environment.NewLine);        //Output chain element information.        Console.WriteLine("Chain Element Information");        Console.WriteLine("Number of chain elements: {0}", ch.ChainElements.Count);        Console.WriteLine("Chain elements synchronized? {0} {1}", ch.ChainElements.IsSynchronized, Environment.NewLine);    //    int index = 0;        foreach (X509ChainElement element in ch.ChainElements)        {            Console.WriteLine("Element subject name: {0}", element.Certificate.Subject);            Console.WriteLine("Element issuer name: {0}", element.Certificate.Issuer);            Console.WriteLine("Element certificate valid until: {0}", element.Certificate.NotAfter);            Console.WriteLine("Element certificate is valid: {0}", element.Certificate.Verify());            Console.WriteLine("Element error status length: {0}", element.ChainElementStatus.Length);            Console.WriteLine("Element information: {0}", element.Information);            Console.WriteLine("Number of element extensions: {0}{1}", element.Certificate.Extensions.Count, Environment.NewLine);            string a = element.Certificate.Thumbprint;       //     string b = ch.ChainPolicy.ExtraStore[0].Thumbprint;            //ch.ChainPolicy.ExtraStore[index - 1].Thumbprint;            if (ch.ChainStatus.Length > 1)            {                for (int index = 0; index < element.ChainElementStatus.Length; index++)                {                    Console.WriteLine(element.ChainElementStatus[index].Status);                    Console.WriteLine(element.ChainElementStatus[index].StatusInformation);                }            }        }
The above code is also very simple, in fact, it is to print every certificate information in the entire certificate chain. The specific function call parameter msdn.

The following is the complete code. Note that I have written several certificate paths. To test the following code, you only need to create several certificates by yourself.

Using system; using system. security. cryptography; using system. security. permissions; using system. io; using system. security. cryptography. x509certificates; Class certselect {static void main () {// verify the root certificate signature x509certificate2 x509root = new x509certificate2 ("C :\\ Users \ Kevin \ Desktop \ kevinroot. CER "); console. writeline ("root certificate verified?: {0} {1} ", x509root. Verify (), environment. newline); // the root certificate is self-signed, so you can pass. X509certificate2 X509 = new x509certificate2 ("C: \ Users \ Kevin \ Desktop \ childsubject2.cer"); byte [] rawdata = x509.rawdata; console. writeline ("content type: {0} {1}", x509certificate2. getcertcontenttype (rawdata), Environment. newline); console. writeline ("friendly name: {0} {1}", x509.friendlyname, environment. newline); console. writeline ("Certificate verified?: {0} {1} ", x509.verify (), Environment. newline); console. writeline ("simple name: {0} {1}", x509.getnameinfo (x509nametype. simplename, true), Environment. newline); console. writeline ("signature algorithm: {0} {1}", x509.signaturealgorithm. friendlyname, environment. newline); // console. writeline ("Private Key: {0} {1}", x509.privatekey. toxmlstring (false), Environment. newline); // There is no private key information in cer console. writel INE ("Public Key: {0} {1}", x509.publickey. Key. toxmlstring (false), environment. newline); console. writeline ("Certificate archived?: {0} {1} ", x509.archived, environment. newline); console. writeline ("length of raw data: {0} {1}", x509.rawdata. length, environment. newline); // output chain information of the selected certificate. x509chain CH = new x509chain (); Ch. build (X509); console. writeline ("Chain information"); Ch. chainpolicy. revocationmode = x509revocationmode. online; console. writeline ("chain revocation flag: {0}", Ch. chainpol Icy. revocationflag); console. writeline ("chain revocation mode: {0}", Ch. chainpolicy. revocationmode); console. writeline ("chain verification flag: {0}", Ch. chainpolicy. verificationflags); console. writeline ("chain verification time: {0}", Ch. chainpolicy. verificationtime); console. writeline ("chain status length: {0}", Ch. chainstatus. length); console. writeline ("chain application policy count: {0}", Ch. Chainpolicy. applicationpolicy. count); console. writeline ("chain certificate policy count: {0} {1}", Ch. chainpolicy. certificatepolicy. count, environment. newline); // output Chain Element Information. console. writeline ("Chain Element Information"); console. writeline ("Number of chain elements: {0}", Ch. chainelements. count); console. writeline ("chain elements synchronized? {0} {1} ", Ch. chainelements. issynchronized, environment. newline); // int Index = 0; foreach (x509chainelement element in Ch. chainelements) {console. writeline ("element subject name: {0}", element. certificate. subject); console. writeline ("element issuer name: {0}", element. certificate. issuer); console. writeline ("element certificate valid until: {0}", element. certificate. notafter); console. writeline ("element certificate is valid: {0}", element. certificate. verify (); console. writeline ("element error status length: {0}", element. chainelementstatus. length); console. writeline ("Element Information: {0}", element. information); console. writeline ("Number of element extensions: {0} {1}", element. certificate. extensions. count, environment. newline); string a = element. certificate. thumbprint; // string B = CH. chainpolicy. extrastore [0]. thumbprint; // ch. chainpolicy. extrastore [index-1]. thumbprint; If (ch. chainstatus. length> 1) {for (INT Index = 0; index <element. chainelementstatus. length; index ++) {console. writeline (element. chainelementstatus [Index]. status); console. writeline (element. chainelementstatus [Index]. statusinformation) ;}} x509.reset ();}}





CER Certificate Signature Verification

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
pgp signature verification public key signature verification rsa signature verification online verify certificate signature certificate signature algorithm openssl check certificate signature openssl certificate chain verification

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More