谁由已经建立的机构来签署证书_ bouncycastle [英] who to sign the certificate by the authority already established_ bouncycastle
问题描述
在我的C#项目中,我使用充气城堡创建了一个自签名证书,代码为:
In my C # project, I created a self-signed certifiat using bouncy castle, the code is:
Console.WriteLine(创建CA证书");
Console.WriteLine("create a CA certifivcate");
var kpgen = new RsaKeyPairGenerator();
kpgen.Init(new KeyGenerationParameters(new SecureRandom(new CryptoApiRandomGenerator()), 1024));
var kp = kpgen.GenerateKeyPair();
//champs du certificat
X509V3CertificateGenerator v3CertGen = new X509V3CertificateGenerator();
// v3CertGen.SetSerialNumber(BigInteger.ValueOf(Math.Abs(new SecureRandom().NextInt())));
var Serial = BigInteger.ProbablePrime(120, new Random());
v3CertGen.SetSerialNumber(Serial);
string subjectName = "Test Certificate";
var certName = new X509Name("CN=" + subjectName);
v3CertGen.SetIssuerDN(certName);
v3CertGen.SetSubjectDN(certName);
v3CertGen.SetNotBefore(DateTime.Now.Subtract(new TimeSpan(30, 0, 0, 0)));
v3CertGen.SetNotAfter(DateTime.Now.AddYears(2));
v3CertGen.SetPublicKey(kp.Public);
v3CertGen.SetSignatureAlgorithm("SHA256WithRSAEncryption"); // v3CertGen.SetSignatureAlgorithm("MD5WithRSAEncryption");
v3CertGen.AddExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false));
v3CertGen.AddExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.DigitalSignature | KeyUsage.DataEncipherment));
v3CertGen.AddExtension(X509Extensions.ExtendedKeyUsage,true,new ExtendedKeyUsage((new ArrayList() { new DerObjectIdentifier("1.3.6.1.5.5.7.3.1") })));
v3CertGen.AddExtension(X509Extensions.SubjectAlternativeName, false, new GeneralNames( new GeneralName(GeneralName.Rfc822Name,"test@test.test")));
var newCert = v3CertGen.Generate(kp.Private);
byte[] cert = DotNetUtilities.ToX509Certificate(newCert).Export(System.Security.Cryptography.X509Certificates.X509ContentType.Pkcs12, "password");
var certif = new X509Certificate2(cert, "password");
//sauvegarder le certificat au magazi
X509Store store = new X509Store("Root", StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadWrite);
store.Add(certif);
现在,我想创建另一个证书,并通过上面创建的自签名证书对其进行签名(我不知道它是如何完成的),我尝试这样做:
Now, I would like to create another certificate and sign it by the self-signed certificate created above (I don't know how it is done), I try this:
Console.WriteLine("create a X.509V3 certifivcate RSA ");
var kpgenRSA = new RsaKeyPairGenerator();
kpgenRSA.Init(new KeyGenerationParameters(new SecureRandom(new CryptoApiRandomGenerator()), 1024));
var cléRSA = kpgenRSA.GenerateKeyPair();
//champs certificat
string certSubjectNameRSA = "Cert_RSA";
var certNameRSA = new X509Name("CN=" + certSubjectNameRSA); // subjectName = user
var serialNoRSA = BigInteger.ProbablePrime(120, new Random());
X509V3CertificateGenerator genRSA = new X509V3CertificateGenerator();
genRSA.SetSerialNumber(serialNoRSA);
genRSA.SetSubjectDN(certName);
genRSA.SetIssuerDN(new X509Name(certif.Subject)); // le nom de l'autorité
genRSA.SetNotBefore(DateTime.Now.Subtract(new TimeSpan(30, 0, 0, 0)));
genRSA.SetNotAfter(DateTime.Now.AddYears(2));
genRSA.SetSignatureAlgorithm(certif.GetKeyAlgorithm());
genRSA.SetPublicKey( cléRSA.Public);
// AsymmetricCipherKeyPair akp = DotNetUtilities.GetKeyPair(cerca.PrivateKey);
Org.BouncyCastle.X509.X509Certificate newCertsert = genRSA.Generate(cléRSA.Private);
byte[] certRSA = DotNetUtilities.ToX509Certificate(newCertsert).Export(System.Security.Cryptography.X509Certificates.X509ContentType.Pkcs12, "password");
我收到带有->的异常CertificateEncodingException. Org.BouncyCastle.X509.X509Certificate newCertsert = genRSA.Generate(clé RSA.Private);
I receives an exception CertificateEncodingException with --> Org.BouncyCastle.X509.X509Certificate newCertsert = genRSA.Generate(cléRSA.Private);
请如何由已经建立的授权机构签署证书
please how to sign the certificate by the authority already established
非常感谢.
推荐答案
我正在将您的主题移至 .NET基本类库 论坛,以提供专业支持.谢谢.
I am moving your thread into the .NET Base Class Library Forum for specialized support. Thanks.
这篇关于谁由已经建立的机构来签署证书_ bouncycastle的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!