在makecert中创建X.509V3证书时出现问题 [英] problem when creating X.509V3 certificate in makecert
问题描述
大家好,
我使用makecert来创建一个包含Deffie-hellman的公钥/私钥的X.509V3证书,我写了一个命令书:
i use makecert in order to create a X.509V3 certificate that contains public/private key of Deffie-hellman , i have written a commande :
Process.Start("makecert.exe",-n \" CN =" + textBoxCN.Text +,O =" + textBoxO.Text +"\" -pe-是根- ss My -in"+ textBoxAutorité .Text +" -sky exchange -sp \"Microsoft增强型DSS和Diffie-Hellman密码提供程序\" -sy 13 -a"+ textBoxAlgo.Text
+");
Process.Start("makecert.exe", "-n \"CN=" + textBoxCN.Text + ",O=" + textBoxO.Text + " \" -pe -is Root -ss My -in " + textBoxAutorité.Text + " -sky exchange -sp \"Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider\" -sy 13 -a " + textBoxAlgo.Text
+ "");
其中:已恢复签名算法的名称,证书的通用名称和授权.从文本框中看不到问题,完美创建了证书;
where : the names of the signature algorithm , a comman names of the certificate and the authority are recovered from text boxes, a problem is not hear, a certificat is created perfectly;
此后,我将证书的公钥导出到扩展名为.txt的文件上,实际上是私钥出现了问题;
after this, i have exporte a public key of the certificate on a file with .txt extension, the problem arises with the private key, in fact;
x509.PrivateKey.ToXmlString(false);引发异常----> NotSupportedException
x509.PrivateKey.ToXmlString(false); throws an exception ----> NotSupportedException
但是,如果MakeCert不支持Deffie-Hellman算法,那为什么我可以用DH密钥创建证书,甚至可以显示它.
but if Deffie-Hellman algorithm is not supported by MakeCert, why then I could create certifiacte with a DH key, and I was even able to display it.
哪里有问题?请帮助,您的回复非常好对我很重要;
where is a problem? please help, your response is very importante for me;
推荐答案
该行指出"MakeCert不支持Deffie-Hellman算法."我不清楚.开关是"-sp"开关.上面写着:
The line which says that "Deffie-Hellman algorithm is not supported by MakeCert.." is not clear to me. The switch is "-sp" which says:
指定主题的CryptoAPI提供程序名称,必须在HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Cryptography \ Defaults \ Provider的注册表子项中定义.如果同时存在– sp和– sy,则CryptoAPI提供程序的类型必须对应
提供商的子项的类型值.
Specifies the subject's CryptoAPI provider name, which must be defined in the registry subkeys of HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider. If both –sp and –sy are present, the type of the CryptoAPI provider must correspond
to the Type value of the provider's subkey.
如果注册表包含提供程序详细信息,那么您可以肯定使用此提供程序.如果未指定提供程序,则将使用默认提供程序.
If the registry contains the provider details then you can surely use this provider. If you do not specify a provider then the default provider will be used.
这篇关于在makecert中创建X.509V3证书时出现问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!