[Post] X.509 & RSA

Http://www.rainsts.net/article.asp? Id = 179

 

Most security-related fields use X.509 certificates to ensure the security of data interaction.
The followingCodeDemonstrate how to use the X.509 Certificate for encryption and decryption.

First, use markcert.exe to create a test certificate.

C: \> makecert-r-pe-n "cn = rainsoft"-SS my

Create a digital certificate titled "rainsoft" that contains the private key and store it in the personal region. Open the control panel "Internet Options (or IE option settings)" form and click "certificate" in the "content" tab to open the digital certificate management interface.

To test decryption, our certificate contains the private key. You can use the export function to export the public key and distribute it to the target user.

The location of the key store (storename) includes:
Bytes --------------------------------------------------------------------------------------------------
The X.509 Certificate storage area of other users in addressbook.
The X.509 Certificate storage area of the authroot third-party Certificate Authority (CA.
The X.509 Certificate storage area of the CA.
The X.509 Certificate storage area of the certificate revoked by disallowed.
My personal certificate X.509 Certificate storage area.
Root Trusted Root Certificate Authority (CA) X.509 certificate store.
The X.509 certificate store for trusted people and resources.
Trustedpublisher directly trusted issuer's X.509 certificate store.

DEMO code

Using system;
Using system. Collections. Generic;
Using system. text;
Using system. Security. cryptography;
Using system. Security. cryptography. x509certificates;
Using system. IO;

Namespace test. Cui
{
Class Program
{
Static void main (string [] ARGs)
{
// Open the certificate Storage Area
X509store store = new x509store (storename. My );
Store. Open (openflags. readwrite );

// Retrieve the certificate
X509certificate2collection certs = store. Certificates. Find (x509findtype. findbysubjectname, "rainsoft", false); // If vaildonly = true, no search result is returned.
If (CERTs. Count = 0) return;
X509certificate2 Cert = certs [0];

// Store. Remove (CERT); // Delete the certificate from the bucket.
Store. Close (); // close the storage area.

// Use public key encryption
Rsacryptoserviceprovider RSA = cert. publickey. Key as rsacryptoserviceprovider;
Byte [] ENC = RSA. Encrypt (encoding. Unicode. getbytes ("Hello, world! "), False );

// Use the private key for decryption
If (CERT. hasprivatekey)
{
Rsacryptoserviceprovider RSAA = cert. privatekey as rsacryptoserviceprovider;
RSAA. fromxmlstring (RSAA. toxmlstring (true); // strange! If you do not reset the key, an exception is thrown.

Byte [] dec = RSAA. decrypt (ENC, false );
Console. writeline (encoding. Unicode. getstring (DEC ));
}

Console. writeline ("press any key to exit ...");
Console. readkey (true );
}
}
}

Additional EncryptionAlgorithmIt may also be DSA. You can use the is keyword for judgment. The author is lazy and the code is not written.