摘自: http://blog.csdn.net/yezheng5419/article/details/4263914
我的项目当中,考虑到安全性,需要为每个客户端分发一个数字证书,同时使用数字证书中的公私钥来进行数据的加解密。为了完成这个安全模块,特写了如下一个DEMO程序,该DEMO程序包含的功能有:
1:调用.NET2.0的MAKECERT创建含有私钥的数字证书,并存储到个人证书区;
2:将该证书导出为pfx文件,并为其指定一个用来打开pfx文件的password;
3:读取pfx文件,导出pfx中公钥和私钥;
4:用pfx证书中的公钥进行数据的加密,用私钥进行数据的解密;
代码如下:
- view plaincopy to clipboardprint?
- /// <summary>
- /// 将证书从证书存储区导出,并存储为pfx文件,同时为pfx文件指定打开的密码
- /// 本函数同时也演示如何用公钥进行加密,私钥进行解密
- /// </summary>
- /// <param name="sender"></param>
- /// <param name="e"></param>
- privatevoid btn_toPfxFile_Click(object sender, EventArgs e)
- {
- X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
- store.Open(OpenFlags.ReadWrite);
- X509Certificate2Collection storecollection = (X509Certificate2Collection)store.Certificates;
- foreach (X509Certificate2 x509 in storecollection)
- {
- if (x509.Subject == "CN=luminji")
- {
- Debug.Print(string.Format("certificate name: {0}", x509.Subject));
- byte[] pfxByte = x509.Export(X509ContentType.Pfx, "123");
- using (FileStream fileStream = new FileStream("luminji.pfx", FileMode.Create))
- {
- // Write the data to the file, byte by byte.
- for (int i = 0; i < pfxByte.Length; i++)
- fileStream.WriteByte(pfxByte[i]);
- // Set the stream position to the beginning of the file.
- fileStream.Seek(0, SeekOrigin.Begin);
- // Read and verify the data.
- for (int i = 0; i < fileStream.Length; i++)
- {
- if (pfxByte[i] != fileStream.ReadByte())
- {
- Debug.Print("Error writing data.");
- return;
- }
- }
- fileStream.Close();
- Debug.Print("The data was written to {0} " +
- "and verified.", fileStream.Name);
- }
- string myname = "my name is luminji! and i love huzhonghua!";
- string enStr = this.RSAEncrypt(x509.PublicKey.Key.ToXmlString(false), myname);
- MessageBox.Show("密文是:" + enStr);
- string deStr = this.RSADecrypt(x509.PrivateKey.ToXmlString(true), enStr);
- MessageBox.Show("明文是:" + deStr);
- }
- }
- store.Close();
- store = null;
- storecollection = null;
- }
- /// <summary>
- /// 创建还有私钥的证书
- /// </summary>
- /// <param name="sender"></param>
- /// <param name="e"></param>
- privatevoid btn_createPfx_Click(object sender, EventArgs e)
- {
- string MakeCert = "C://Program Files//Microsoft Visual Studio 8//SDK//v2.0//Bin//makecert.exe";
- string x509Name = "CN=luminji";
- string param = " -pe -ss my -n /"" + x509Name + "/" " ;
- Process p = Process.Start(MakeCert, param);
- p.WaitForExit();
- p.Close();
- MessageBox.Show("over");
- }
- /// <summary>
- /// 从pfx文件读取证书信息
- /// </summary>
- /// <param name="sender"></param>
- /// <param name="e"></param>
- privatevoid btn_readFromPfxFile(object sender, EventArgs e)
- {
- X509Certificate2 pc = new X509Certificate2("luminji.pfx", "123");
- MessageBox.Show("name:" + pc.SubjectName.Name);
- MessageBox.Show("public:" + pc.PublicKey.ToString());
- MessageBox.Show("private:" + pc.PrivateKey.ToString());
- pc = null;
- }
- /// <summary>
- /// RSA解密
- /// </summary>
- /// <param name="xmlPrivateKey"></param>
- /// <param name="m_strDecryptString"></param>
- /// <returns></returns>
- publicstring RSADecrypt(string xmlPrivateKey, string m_strDecryptString)
- {
- RSACryptoServiceProvider provider = new RSACryptoServiceProvider();
- provider.FromXmlString(xmlPrivateKey);
- byte[] rgb = Convert.FromBase64String(m_strDecryptString);
- byte[] bytes = provider.Decrypt(rgb, false);
- returnnew UnicodeEncoding().GetString(bytes);
- }
- /// <summary>
- /// RSA加密
- /// </summary>
- /// <param name="xmlPublicKey"></param>
- /// <param name="m_strEncryptString"></param>
- /// <returns></returns>
- publicstring RSAEncrypt(string xmlPublicKey, string m_strEncryptString)
- {
- RSACryptoServiceProvider provider = new RSACryptoServiceProvider();
- provider.FromXmlString(xmlPublicKey);
- byte[] bytes = new UnicodeEncoding().GetBytes(m_strEncryptString);
- return Convert.ToBase64String(provider.Encrypt(bytes, false));
- }