CER Certificate Signature Verification

Source: Internet
Author: User

A Cer certificate also needs a signature to prevent the CER certificate from being tampered.

There are two types of certificates:

1. Root Certificate

2. The sub-certificate issued by the root certificate.


The root certificate is special. It is self-signed. The signature and public keys of other sub-certificates are stored in their higher-level certificates.

You can use C # For some verification.

The first is the signature verification of the root certificate.

// Verify the root certificate signature x509certificate2 x509root = new x509certificate2 ("C: \ Users \ Kevin \ Desktop \ kevinroot. CER "); console. writeline ("root certificate verified? : {0} {1} ", x509root. Verify (), environment. newline); // the root certificate is self-signed, so you can pass.
Because the root certificate is self-signed, x509root. Verify () returns true.

Then verify the sub-certificate,

X509certificate2 X509 = new x509certificate2 ("C: \ Users \ Kevin \ Desktop \ childsubject2.cer"); byte [] rawdata = x509.rawdata; console. writeline ("content type: {0} {1}", x509certificate2. getcertcontenttype (rawdata), Environment. newline); console. writeline ("friendly name: {0} {1}", x509.friendlyname, environment. newline); console. writeline ("Certificate verified?: {0} {1} ", x509.verify (), Environment. newline); console. writeline ("simple name: {0} {1}", x509.getnameinfo (x509nametype. simplename, true), Environment. newline); console. writeline ("signature algorithm: {0} {1}", x509.signaturealgorithm. friendlyname, environment. newline); // console. writeline ("Private Key: {0} {1}", x509.privatekey. toxmlstring (false), Environment. newline); // There is no private key information in cer console. writel INE ("Public Key: {0} {1}", x509.publickey. Key. toxmlstring (false), environment. newline); console. writeline ("Certificate archived?: {0} {1} ", x509.archived, environment. newline); console. writeline ("length of raw data: {0} {1}", x509.rawdata. length, environment. newline );
Here, I use a self-created sub-certificate. x509.verify () always returns false. Even if I import the root certificate to "trust", false is returned. I don't know why. However, if I use a company certificate (issued by Verisign), I can return true. I don't know if it is my own root certificate. What are the configuration problems with the sub-certificate? I will study it again when I have time.The same is true for verification.

The following code is used to check the entire certificate chain.

        //Output chain information of the selected certificate.        X509Chain ch = new X509Chain();        ch.Build(x509);        Console.WriteLine("Chain Information");        ch.ChainPolicy.RevocationMode = X509RevocationMode.Online;        Console.WriteLine("Chain revocation flag: {0}", ch.ChainPolicy.RevocationFlag);        Console.WriteLine("Chain revocation mode: {0}", ch.ChainPolicy.RevocationMode);        Console.WriteLine("Chain verification flag: {0}", ch.ChainPolicy.VerificationFlags);        Console.WriteLine("Chain verification time: {0}", ch.ChainPolicy.VerificationTime);        Console.WriteLine("Chain status length: {0}", ch.ChainStatus.Length);        Console.WriteLine("Chain application policy count: {0}", ch.ChainPolicy.ApplicationPolicy.Count);        Console.WriteLine("Chain certificate policy count: {0} {1}", ch.ChainPolicy.CertificatePolicy.Count, Environment.NewLine);        //Output chain element information.        Console.WriteLine("Chain Element Information");        Console.WriteLine("Number of chain elements: {0}", ch.ChainElements.Count);        Console.WriteLine("Chain elements synchronized? {0} {1}", ch.ChainElements.IsSynchronized, Environment.NewLine);    //    int index = 0;        foreach (X509ChainElement element in ch.ChainElements)        {            Console.WriteLine("Element subject name: {0}", element.Certificate.Subject);            Console.WriteLine("Element issuer name: {0}", element.Certificate.Issuer);            Console.WriteLine("Element certificate valid until: {0}", element.Certificate.NotAfter);            Console.WriteLine("Element certificate is valid: {0}", element.Certificate.Verify());            Console.WriteLine("Element error status length: {0}", element.ChainElementStatus.Length);            Console.WriteLine("Element information: {0}", element.Information);            Console.WriteLine("Number of element extensions: {0}{1}", element.Certificate.Extensions.Count, Environment.NewLine);            string a = element.Certificate.Thumbprint;       //     string b = ch.ChainPolicy.ExtraStore[0].Thumbprint;            //ch.ChainPolicy.ExtraStore[index - 1].Thumbprint;            if (ch.ChainStatus.Length > 1)            {                for (int index = 0; index < element.ChainElementStatus.Length; index++)                {                    Console.WriteLine(element.ChainElementStatus[index].Status);                    Console.WriteLine(element.ChainElementStatus[index].StatusInformation);                }            }        }
The above code is also very simple, in fact, it is to print every certificate information in the entire certificate chain. The specific function call parameter msdn.

The following is the complete code. Note that I have written several certificate paths. To test the following code, you only need to create several certificates by yourself.

Using system; using system. security. cryptography; using system. security. permissions; using system. io; using system. security. cryptography. x509certificates; Class certselect {static void main () {// verify the root certificate signature x509certificate2 x509root = new x509certificate2 ("C :\\ Users \ Kevin \ Desktop \ kevinroot. CER "); console. writeline ("root certificate verified?: {0} {1} ", x509root. Verify (), environment. newline); // the root certificate is self-signed, so you can pass. X509certificate2 X509 = new x509certificate2 ("C: \ Users \ Kevin \ Desktop \ childsubject2.cer"); byte [] rawdata = x509.rawdata; console. writeline ("content type: {0} {1}", x509certificate2. getcertcontenttype (rawdata), Environment. newline); console. writeline ("friendly name: {0} {1}", x509.friendlyname, environment. newline); console. writeline ("Certificate verified?: {0} {1} ", x509.verify (), Environment. newline); console. writeline ("simple name: {0} {1}", x509.getnameinfo (x509nametype. simplename, true), Environment. newline); console. writeline ("signature algorithm: {0} {1}", x509.signaturealgorithm. friendlyname, environment. newline); // console. writeline ("Private Key: {0} {1}", x509.privatekey. toxmlstring (false), Environment. newline); // There is no private key information in cer console. writel INE ("Public Key: {0} {1}", x509.publickey. Key. toxmlstring (false), environment. newline); console. writeline ("Certificate archived?: {0} {1} ", x509.archived, environment. newline); console. writeline ("length of raw data: {0} {1}", x509.rawdata. length, environment. newline); // output chain information of the selected certificate. x509chain CH = new x509chain (); Ch. build (X509); console. writeline ("Chain information"); Ch. chainpolicy. revocationmode = x509revocationmode. online; console. writeline ("chain revocation flag: {0}", Ch. chainpol Icy. revocationflag); console. writeline ("chain revocation mode: {0}", Ch. chainpolicy. revocationmode); console. writeline ("chain verification flag: {0}", Ch. chainpolicy. verificationflags); console. writeline ("chain verification time: {0}", Ch. chainpolicy. verificationtime); console. writeline ("chain status length: {0}", Ch. chainstatus. length); console. writeline ("chain application policy count: {0}", Ch. Chainpolicy. applicationpolicy. count); console. writeline ("chain certificate policy count: {0} {1}", Ch. chainpolicy. certificatepolicy. count, environment. newline); // output Chain Element Information. console. writeline ("Chain Element Information"); console. writeline ("Number of chain elements: {0}", Ch. chainelements. count); console. writeline ("chain elements synchronized? {0} {1} ", Ch. chainelements. issynchronized, environment. newline); // int Index = 0; foreach (x509chainelement element in Ch. chainelements) {console. writeline ("element subject name: {0}", element. certificate. subject); console. writeline ("element issuer name: {0}", element. certificate. issuer); console. writeline ("element certificate valid until: {0}", element. certificate. notafter); console. writeline ("element certificate is valid: {0}", element. certificate. verify (); console. writeline ("element error status length: {0}", element. chainelementstatus. length); console. writeline ("Element Information: {0}", element. information); console. writeline ("Number of element extensions: {0} {1}", element. certificate. extensions. count, environment. newline); string a = element. certificate. thumbprint; // string B = CH. chainpolicy. extrastore [0]. thumbprint; // ch. chainpolicy. extrastore [index-1]. thumbprint; If (ch. chainstatus. length> 1) {for (INT Index = 0; index <element. chainelementstatus. length; index ++) {console. writeline (element. chainelementstatus [Index]. status); console. writeline (element. chainelementstatus [Index]. statusinformation) ;}} x509.reset ();}}





CER Certificate Signature Verification

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.