在makecert中创建X.509V3证书时出现问题 [英] problem when creating X.509V3 certificate in makecert

问题描述

大家好，

我使用makecert来创建一个包含Deffie-hellman的公钥/私钥的X.509V3证书，我写了一个命令书:

i use makecert in order to create a X.509V3 certificate that contains public/private key of Deffie-hellman , i have written a commande :

Process.Start("makecert.exe"，-n \" CN =" + textBoxCN.Text +，O =" + textBoxO.Text +"\" -pe-是根- ss My -in"+ textBoxAutorité .Text +" -sky exchange -sp \"Microsoft增强型DSS和Diffie-Hellman密码提供程序\" -sy 13 -a"+ textBoxAlgo.Text +")；

Process.Start("makecert.exe", "-n \"CN=" + textBoxCN.Text + ",O=" + textBoxO.Text + " \" -pe -is Root -ss My -in " + textBoxAutorité.Text + " -sky exchange -sp \"Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider\" -sy 13 -a " + textBoxAlgo.Text + "");

其中:已恢复签名算法的名称，证书的通用名称和授权.从文本框中看不到问题，完美创建了证书；

where : the names of the signature algorithm , a comman names of the certificate and the authority are recovered  from text boxes, a problem is not hear, a certificat is created perfectly;

此后，我将证书的公钥导出到扩展名为.txt的文件上，实际上是私钥出现了问题；

after this, i have exporte a public key of the certificate on a file with .txt extension, the problem arises with the private key, in fact;

x509.PrivateKey.ToXmlString(false);引发异常---->   NotSupportedException

x509.PrivateKey.ToXmlString(false); throws an exception ---->   NotSupportedException

但是，如果MakeCert不支持Deffie-Hellman算法，那为什么我可以用DH密钥创建证书，甚至可以显示它.

but if Deffie-Hellman algorithm is not supported by MakeCert, why then I could create certifiacte with a DH key, and I was even able to display it.

哪里有问题?请帮助，您的回复非常好对我很重要；

where is a problem? please help, your response is very  importante for me;

 

推荐答案

该行指出"MakeCert不支持Deffie-Hellman算法."我不清楚.开关是"-sp"开关.上面写着:

The line which says that "Deffie-Hellman algorithm is not supported by MakeCert.." is not clear to me. The switch is "-sp" which says:

指定主题的CryptoAPI提供程序名称，必须在HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Cryptography \ Defaults \ Provider的注册表子项中定义.如果同时存在– sp和– sy，则CryptoAPI提供程序的类型必须对应 提供商的子项的类型值.

Specifies the subject's CryptoAPI provider name, which must be defined in the registry subkeys of HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider. If both –sp and –sy are present, the type of the CryptoAPI provider must correspond to the Type value of the provider's subkey.

如果注册表包含提供程序详细信息，那么您可以肯定使用此提供程序.如果未指定提供程序，则将使用默认提供程序.

If the registry contains the provider details then you can surely use this provider. If you do not specify a provider then the default provider will be used.

这篇关于在makecert中创建X.509V3证书时出现问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！