C# 将私钥与 .net 中的 X509Certificate2 类关联
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/18462064/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Associate a private key with the X509Certificate2 class in .net
提问by PogoMips
I'm working on some code that creates a X509certificate and a public/private key pair. The public key is added to the certificate and it is sent to an CA which signs it.
我正在处理一些创建 X509 证书和公钥/私钥对的代码。公钥被添加到证书中,并被发送到对其进行签名的 CA。
The returned certificate is then accessed through the System.Security.Cryptography.X509Certificates.X509Certificate2 class. Now I want to use this certificate to initiate a secure connection with other clients. Therefore I use the SslStream class. To start the SSL Handshake I use this method:
然后通过 System.Security.Cryptography.X509Certificates.X509Certificate2 类访问返回的证书。现在我想使用这个证书来启动与其他客户端的安全连接。因此我使用 SslStream 类。要启动 SSL 握手,我使用以下方法:
server.AssociatedSslStream.AuthenticateAsServer(
MyCertificate, // Client Certificate
true, // Require Certificate from connecting Peer
SslProtocols.Tls, // Use TLS 1.0
false // check Certificate revocation
);
This method requires that the private key is associated with the certificate. Of course the certificate returned by the CA does not contain a private key. But it is stored as .key file on the harddrive. The X509Certificate2 class has a property called PrivateKey which I guess will associate a private key with the certificate, but I can't find a way to set this property.
此方法要求私钥与证书相关联。当然,CA 返回的证书不包含私钥。但它作为 .key 文件存储在硬盘上。X509Certificate2 类有一个名为 PrivateKey 的属性,我猜它会将私钥与证书相关联,但我找不到设置此属性的方法。
Is there any way I can associate the private key with the .net X509 class?
有什么方法可以将私钥与 .net X509 类相关联?
采纳答案by PogoMips
For everyone else with the same problem, I found a neat little piece of code that let's you do exactly that:
对于其他有同样问题的人,我找到了一段简洁的代码,让你可以做到这一点:
http://www.codeproject.com/Articles/162194/Certificates-to-DB-and-Back
http://www.codeproject.com/Articles/162194/Certificates-to-DB-and-Back
byte[] certBuffer = Helpers.GetBytesFromPEM(publicCert, PemStringType.Certificate);
byte[] keyBuffer = Helpers.GetBytesFromPEM(privateKey, PemStringType.RsaPrivateKey);
X509Certificate2 certificate = new X509Certificate2(certBuffer, password);
RSACryptoServiceProvider prov = Crypto.DecodeRsaPrivateKey(keyBuffer);
certificate.PrivateKey = prov;
EDIT: The code for the Helper method (which otherwise requires a codeproject login) is as follows:
编辑:Helper 方法的代码(否则需要 codeproject 登录)如下:
public static byte[] GetBytesFromPEM(string pemString, PemStringType type)
{
string header; string footer;
switch (type)
{
case PemStringType.Certificate:
header = "-----BEGIN CERTIFICATE-----";
footer = "-----END CERTIFICATE-----";
break;
case PemStringType.RsaPrivateKey:
header = "-----BEGIN RSA PRIVATE KEY-----";
footer = "-----END RSA PRIVATE KEY-----";
break;
default:
return null;
}
int start = pemString.IndexOf(header) + header.Length;
int end = pemString.IndexOf(footer, start) - start;
return Convert.FromBase64String(pemString.Substring(start, end));
}
回答by sschober
You can save yourself the hassle of copy-pasting all that code and store the private key next to the certificate in a pfx/pkcs#12file:
您可以省去复制粘贴所有代码的麻烦,并将私钥存储在证书旁边的pfx/pkcs#12文件中:
openssl pkcs12 -export -in my.cer -inkey my.key -out mycert.pfx
You'll have to supply a password, which you have to pass to the constructor of X509Certificate2:
您必须提供一个密码,您必须将其传递给以下的构造函数X509Certificate2:
X509Certificate2 cert = new X509Certificate2("mycert.pfx","password");
