C#實現RSA公鑰加密私鑰解密、私鑰加密公鑰解密以及Pcks12、X509證書加解密、簽名驗籤
阿新 • • 發佈:2019-01-05
RSA的私鑰簽名公鑰驗籤可以見http://blog.csdn.net/starfd/article/details/51917916,所以這裡就沒提供對應程式碼,具體程式碼如下:
其中p12Cert可以轉化為byte[]後直接寫入檔案即為pfx證書,假設你寫入的檔名為p.p12,然後可以通過openssl生成crt證書等,具體指令如下:
using Org.BouncyCastle.Asn1; using Org.BouncyCastle.Asn1.Pkcs; using Org.BouncyCastle.Asn1.X509; using Org.BouncyCastle.Crypto; using Org.BouncyCastle.Crypto.Parameters; using Org.BouncyCastle.Pkcs; using Org.BouncyCastle.Security; using Org.BouncyCastle.X509; using System.IO; /// <summary> /// RSA PCKS12證書幫助類 /// </summary> public class RSAPcks12Helper { #region 私鑰簽名公鑰驗籤 /// <summary> /// 簽名 /// </summary> /// <param name="p12Cert">P12/PFX證書的 base64格式</param> /// <param name="certPwd">證書密碼</param> /// <param name="contentData">要簽名的資料</param> /// <param name="signAlgorithm">簽名演算法</param> /// <returns></returns> public static string SignDataWithPcks12(string p12Cert, string certPwd, byte[] contentData, string signAlgorithm = "SHA1WithRSA") { return Convert.ToBase64String(SignDataWithPcks12(Convert.FromBase64String(p12Cert), certPwd.ToCharArray(), contentData, signAlgorithm)); } /// <summary> /// 簽名 /// </summary> /// <param name="p12CertData">P12/PFX證書</param> /// <param name="certPwdData">證書密碼</param> /// <param name="contentData">要簽名的資料</param> /// <param name="signAlgorithm">簽名演算法</param> /// <returns></returns> public static byte[] SignDataWithPcks12(byte[] p12CertData, char[] certPwdData, byte[] contentData, string signAlgorithm = "SHA1WithRSA") { var key = GetFromPcks12(p12CertData, certPwdData, (store, keyAlias) => store.GetKey(keyAlias).Key); ISigner oSig = SignerUtilities.GetSigner(signAlgorithm); oSig.Init(true, key); oSig.BlockUpdate(contentData, 0, contentData.Length); return oSig.GenerateSignature(); } /// <summary> /// 驗籤 /// </summary> /// <param name="x509Cert">x509通用證書base64格式</param> /// <param name="content">原始資料</param> /// <param name="sign">簽名結果base64格式</param> /// <param name="signAlgorithm">簽名演算法</param> /// <returns></returns> public static bool VerifyDataWithX509(string x509Cert, byte[] content, string sign, string signAlgorithm = "SHA1WithRSA") { return VerifyDataWithX509(Convert.FromBase64String(x509Cert), content, Convert.FromBase64String(sign), signAlgorithm); } /// <summary> /// 驗籤 /// </summary> /// <param name="x509CertData">x509通用證書</param> /// <param name="contentData">原始資料</param> /// <param name="signData">簽名結果</param> /// <param name="signAlgorithm">簽名演算法</param> /// <returns></returns> public static bool VerifyDataWithX509(byte[] x509CertData, byte[] contentData, byte[] signData, string signAlgorithm = "SHA1WithRSA") { var publicKey = GetAsymmetricKeyParameterWithX509(x509CertData); return VerifyData(publicKey, contentData, signData, signAlgorithm); } private static T GetFromPcks12<T>(byte[] p12CertData, char[] certPwdData, Func<Pkcs12Store, string, T> func) { using (MemoryStream stream = new MemoryStream(p12CertData)) { Pkcs12Store store = new Pkcs12Store(stream, certPwdData); string keyAlias = null; foreach (string alias in store.Aliases) { try { keyAlias = alias; return func(store, keyAlias); } catch { } } throw new ArgumentException(); } } private static bool VerifyData(AsymmetricKeyParameter publicKey, byte[] contentData, byte[] signData, string signAlgorithm = "SHA1WithRSA") { ISigner oSig = SignerUtilities.GetSigner(signAlgorithm); oSig.Init(false, publicKey); oSig.BlockUpdate(contentData, 0, contentData.Length); return oSig.VerifySignature(signData); } #endregion #region 公鑰、私鑰獲取 pcks8格式 /// <summary> /// 獲取RSA私鑰 /// </summary> /// <param name="p12Cert">P12/PFX證書的 base64格式</param> /// <param name="certPwd">證書密碼</param> /// <returns></returns> public static string GetPrivateKeyFromPcks12(string p12Cert, string certPwd) { return Convert.ToBase64String(GetPrivateKeyFromPcks12(Convert.FromBase64String(p12Cert), certPwd.ToCharArray())); } /// <summary> /// 獲取RSA私鑰 /// </summary> /// <param name="p12CertData">P12/PFX證書</param> /// <param name="certPwdData">證書密碼</param> /// <returns></returns> public static byte[] GetPrivateKeyFromPcks12(byte[] p12CertData, char[] certPwdData) { var privateKeyParam = GetFromPcks12(p12CertData, certPwdData, (store, keyAlias) => store.GetKey(keyAlias).Key); PrivateKeyInfo privateKeyInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(privateKeyParam); return privateKeyInfo.ToAsn1Object().GetEncoded(); } /// <summary> /// 獲取RSA公鑰 /// </summary> /// <param name="p12Cert">P12/PFX證書的 base64格式</param> /// <param name="certPwd">證書密碼</param> /// <returns></returns> public static string GetPublicKeyFromPcks12(string p12Cert, string certPwd) { return Convert.ToBase64String(GetPublicKeyFromPcks12(Convert.FromBase64String(p12Cert), certPwd.ToCharArray())); } /// <summary> /// 獲取RSA公鑰 /// </summary> /// <param name="p12CertData">P12/PFX證書</param> /// <param name="certPwdData">證書密碼</param> /// <returns></returns> public static byte[] GetPublicKeyFromPcks12(byte[] p12CertData, char[] certPwdData) { X509CertificateEntry[] chain = GetFromPcks12(p12CertData, certPwdData, (store, keyAlias) => store.GetCertificateChain(keyAlias)); var cert = chain[0].Certificate; var publicKey = cert.GetPublicKey(); return SerializePublicKey(publicKey); } /// <summary> /// 獲取RSA公鑰 /// </summary> /// <param name="x509Cert">x509通用證書base64格式</param> /// <returns></returns> public static string GetPublicKeyFromX509(string x509Cert) { return Convert.ToBase64String(GetPublicKeyFromX509(Convert.FromBase64String(x509Cert))); } /// <summary> /// 獲取RSA公鑰 /// </summary> /// <param name="x509CertData">x509通用證書</param> /// <returns></returns> public static byte[] GetPublicKeyFromX509(byte[] x509CertData) { var publicKey = GetAsymmetricKeyParameterWithX509(x509CertData); return SerializePublicKey(publicKey); } private static byte[] SerializePublicKey(AsymmetricKeyParameter publicKey) { SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(publicKey); return SerializeKey(publicKeyInfo); } private static byte[] SerializeKey(Asn1Encodable asn1) { return asn1.ToAsn1Object().GetDerEncoded(); } private static AsymmetricKeyParameter GetAsymmetricKeyParameterWithX509(byte[] x509CertData) { var certificate = new X509CertificateParser().ReadCertificate(x509CertData); return certificate.GetPublicKey(); } #endregion #region 公鑰加密私鑰解密 /// <summary> /// 公鑰加密 /// </summary> /// <param name="x509Cert">x509通用證書base64格式</param> /// <param name="contentData">待加密的資料</param> /// <param name="algorithm">加密演算法</param> /// <returns></returns> public static string EncryptWithX509(string x509Cert, byte[] contentData, string algorithm = "RSA/ECB/PKCS1Padding") { return Convert.ToBase64String(EncryptWithX509(Convert.FromBase64String(x509Cert), contentData, algorithm)); } /// <summary> /// 公鑰加密 /// </summary> /// <param name="x509CertData">x509通用證書</param> /// <param name="contentData">待加密的資料</param> /// <param name="algorithm">加密演算法</param> /// <returns></returns> public static byte[] EncryptWithX509(byte[] x509CertData, byte[] contentData, string algorithm = "RSA/ECB/PKCS1Padding") { return EncryptWithPublicKey(GetPublicKeyFromX509(x509CertData), contentData, algorithm); } /// <summary> /// 公鑰加密 /// </summary> /// <param name="publicKey">RSA公鑰 base64格式</param> /// <param name="contentData">待加密的資料</param> /// <param name="algorithm">加密演算法</param> /// <returns></returns> public static string EncryptWithPublicKey(string publicKey, byte[] contentData, string algorithm = "RSA/ECB/PKCS1Padding") { return Convert.ToBase64String(EncryptWithPublicKey(Convert.FromBase64String(publicKey), contentData, algorithm)); } /// <summary> /// 公鑰加密 /// </summary> /// <param name="publicKey">RSA公鑰</param> /// <param name="contentData">待加密的資料</param> /// <param name="algorithm">加密演算法</param> /// <returns></returns> public static byte[] EncryptWithPublicKey(byte[] publicKey, byte[] contentData, string algorithm = "RSA/ECB/PKCS1Padding") { RsaKeyParameters publicKeyParam = (RsaKeyParameters)PublicKeyFactory.CreateKey(publicKey); return Transform(publicKeyParam, contentData, algorithm, true); } /// <summary> /// 解密 /// </summary> /// <param name="p12Cert">P12/PFX證書的 base64格式</param> /// <param name="certPwd">證書密碼</param> /// <param name="content">待解密資料 base64格式</param> /// <param name="encoding">解密出來的資料編碼格式,預設UTF-8</param> /// <param name="algorithm">加密演算法</param> /// <returns></returns> public static string DecryptWithPcks12(string p12Cert, string certPwd, string content, string encoding = "UTF-8", string algorithm = "RSA/ECB/PKCS1Padding") { return Encoding.GetEncoding(encoding).GetString(DecryptWithPcks12(Convert.FromBase64String(p12Cert), certPwd.ToCharArray(), Convert.FromBase64String(content), algorithm)); } /// <summary> /// 解密 /// </summary> /// <param name="p12Data">P12/PFX證書</param> /// <param name="certPwdData">證書密碼</param> /// <param name="contentData">待解密資料</param> /// <param name="algorithm">加密演算法</param> /// <returns></returns> public static byte[] DecryptWithPcks12(byte[] p12Data, char[] certPwdData, byte[] contentData, string algorithm = "RSA/ECB/PKCS1Padding") { var privateKey = GetFromPcks12(p12Data, certPwdData, (store, keyAlias) => store.GetKey(keyAlias).Key); return Transform(privateKey, contentData, algorithm, false); } /// <summary> /// 私鑰解密 /// </summary> /// <param name="privateKey">RSA私鑰 base64格式</param> /// <param name="content">待解密資料 base64格式</param> /// <param name="encoding">解密出來的資料編碼格式,預設UTF-8</param> /// <param name="algorithm">加密演算法</param> /// <returns></returns> public static string DecryptWithPrivateKey(string privateKey, string content, string encoding = "UTF-8", string algorithm = "RSA/ECB/PKCS1Padding") { return Encoding.GetEncoding(encoding).GetString(DecryptWithPrivateKey(Convert.FromBase64String(privateKey), Convert.FromBase64String(content), algorithm)); } /// <summary> /// 私鑰解密 /// </summary> /// <param name="privateKey">RSA私鑰</param> /// <param name="contentData">待解密資料</param> /// <param name="algorithm">加密演算法</param> /// <returns></returns> public static byte[] DecryptWithPrivateKey(byte[] privateKey, byte[] contentData, string algorithm) { RsaPrivateCrtKeyParameters privateKeyParam = (RsaPrivateCrtKeyParameters)PrivateKeyFactory.CreateKey(privateKey); return Transform(privateKeyParam, contentData, algorithm, false); } private static byte[] Transform(AsymmetricKeyParameter key, byte[] contentData, string algorithm, bool forEncryption) { var c = CipherUtilities.GetCipher(algorithm); c.Init(forEncryption, new ParametersWithRandom(key)); return c.DoFinal(contentData); } #endregion #region 私鑰加密,公鑰解密 /// <summary> /// 私鑰加密 /// </summary> /// <param name="privateKey">RSA私鑰 base64格式</param> /// <param name="contentData">待加密的資料</param> /// <param name="algorithm">加密演算法</param> /// <returns></returns> public static string EncryptWithPrivateKey(string privateKey, byte[] contentData, string algorithm = "RSA/ECB/PKCS1Padding") { return Convert.ToBase64String(EncryptWithPrivateKey(Convert.FromBase64String(privateKey), contentData, algorithm)); } /// <summary> /// 私鑰加密 /// </summary> /// <param name="privateKey">RSA私鑰</param> /// <param name="contentData">待加密的資料</param> /// <param name="algorithm">加密演算法</param> /// <returns></returns> public static byte[] EncryptWithPrivateKey(byte[] privateKey, byte[] contentData, string algorithm = "RSA/ECB/PKCS1Padding") { RsaPrivateCrtKeyParameters privateKeyParam = (RsaPrivateCrtKeyParameters)PrivateKeyFactory.CreateKey(privateKey); return Transform(privateKeyParam, contentData, algorithm, true); } /// <summary> /// 公鑰解密 /// </summary> /// <param name="publicKey">RSA公鑰 base64格式</param> /// <param name="content">待解密資料 base64格式</param> /// <param name="encoding">解密出來的資料編碼格式,預設UTF-8</param> /// <param name="algorithm">加密演算法</param> /// <returns></returns> public static string DecryptWithPublicKey(string publicKey, string content, string encoding = "UTF-8", string algorithm = "RSA/ECB/PKCS1Padding") { return Encoding.GetEncoding(encoding).GetString(DecryptWithPublicKey(Convert.FromBase64String(publicKey), Convert.FromBase64String(content), algorithm)); } /// <summary> /// 公鑰解密 /// </summary> /// <param name="publicKey">RSA公鑰</param> /// <param name="contentData">待解密資料</param> /// <param name="algorithm">加密演算法</param> /// <returns></returns> public static byte[] DecryptWithPublicKey(byte[] publicKey, byte[] contentData, string algorithm = "RSA/ECB/PKCS1Padding") { RsaKeyParameters publicKeyParam = (RsaKeyParameters)PublicKeyFactory.CreateKey(publicKey); return Transform(publicKeyParam, contentData, algorithm, false); } #endregion #region 生成pfx /// <summary> /// 根據crt以及RSA私鑰生成pfx證書 /// </summary> /// <param name="passWord">證書密碼</param> /// <param name="x509CertData">crt證書</param> /// <param name="privateKey">Rsa私鑰</param> /// <param name="x509CertChainData">證書鏈</param> /// <param name="alias">預設別名</param> /// <returns></returns> public static MemoryStream GeneratePFX(string passWord, byte[] x509CertData, byte[] privateKey, byte[] x509CertChainData = null, string alias = "PrimaryCertificate") { RsaPrivateCrtKeyParameters privateKeyParam = (RsaPrivateCrtKeyParameters)PrivateKeyFactory.CreateKey(privateKey); var certEntry = GetX509CertificateEntry(x509CertData); Pkcs12Store store = new Pkcs12StoreBuilder().Build(); store.SetCertificateEntry(alias, certEntry); X509CertificateEntry[] chain = new X509CertificateEntry[1]; if (x509CertChainData != null) { chain = new X509CertificateEntry[2]; chain[1] = GetX509CertificateEntry(x509CertChainData); } chain[0] = certEntry; store.SetKeyEntry(alias, new AsymmetricKeyEntry(privateKeyParam), chain); //設定私鑰 var ms = new MemoryStream(); store.Save(ms, passWord.ToCharArray(), new SecureRandom()); ms.Position = 0; return ms; } private static X509CertificateEntry GetX509CertificateEntry(byte[] certData) { var certificate = new X509CertificateParser().ReadCertificate(certData); X509CertificateEntry certEntry = new X509CertificateEntry(certificate); return certEntry; } #endregion }
static void Pcks12Demo() { string p12Cert = "MIIMLgIBAzCCC/gGCSqGSIb3DQEHAaCCC+kEggvlMIIL4TCCBocGCSqGSIb3DQEHBqCCBngwggZ0AgEAMIIGbQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQIx2MSjr1/ocgCAggAgIIGQLxs45vrlNNeHpiHoCOItdqpY8jGT4Yyek0/dRtQhKL32PReq0q6W48ycfK6KkmLtAUMdR8BwwK+A4C1JQ5vRWfJcq0yGs/DfNH1pgZdpcpW4PuEe95hylLrerUq+qrY42kevPCCt7mhJx+E1Z1ZHP5T8t0BiSKRxYzCynqzzHP2WaSkLcsO6DV4LJyMUdcgvOm92CkS0rDhwfKt8R0Q//h7FQrlN9IQEDYbBhh1tRa0uIzm9SG08zxUKKQeyWK9QhiKfTL3XLrUOBm+V6d2Uk+UsftODSsMF5L04H59RmEhO9+nrPzU30szEG0wiaVFiUurI2+2QPsuQoFHEBnn/7GTWc8sdjYr5SZWnzBTfAADTcvXm2BWlunZ3sJ0KRKzCaJGmMALqkarDc1iZ6CzFYB0VdgbNdJGzeXKmxXKnRzSodffE+YG6wyb59NyNiUq1cqEwtk3xaBbF7+oRXjCSTiWoikhhBEXMkhnSNvUMtiLRaYDAAlmNOP3+8gexkSYj4e7jTgwcm6sv40Qx4keFAeONIiy5vcVwu0VZ0aLBPGoCJziP+svKwNxKXTeQK3lBJ3ZR6WBQIlFEpnCxftb/W2/sul7BlDSNIOwb9FJpe4bV6ChBLM0igpNDq4XBrdLaNncHQHkOKx9pjoAU6Adcw0C6ZbfL6gUqJ0VCGmXcgT5v0uJj3NJYsJbd8SWeUst3m77o+UtutNxwcX+mWugemNsUu0IhL9EwsnKU4W1r4IR/F0M2qEGNl776p5h1rCV81pd5r7WPMdxn/gyOfdvfO1A1xFWxjKO85fJZQmJQ2flY1nGN1oe4LmBY4AOv3oyoIt8VsvezNm2eVCLxs/V0CvU8/+kL4+0MShkpX/INTYMDTfF3GM3FmkX1rztVI+MuBTUZw10CuaHG1LIWLTgREKkSux7c4+EDhDxvdYIWT1aqr0RzYXBDOcRPm1I6D7v9bjbNk6D892TXt3G6sh5QH3BPs/zOEqvSuwEitm0NbFTE9AA4wzBuzBjBwaXWo8O/BdV9gHtf/tVZ+HA9pvqobTHv/kp3aNY1CeM2N6HbOUk++a4rgibOO+TwnVfTkFYkDu4MvJzD+n2AbYcssHmEkdffeKHeGzmBixoUiqRIxw+T6tUYJ1bFHcsORn9aH/yHxz8Ie03biyRCQyvgzuHGZg5TGcXuRGVHx1oqfomDDW879RiizP5ZxLO3iinjoVFOBAGgJCw6zJmvXLMENhtwWJ6UYBpaiU75Ju0qBjOuqlxS0PAHVKl7XIXiKOBq1GO4cTJvjye6p1Q6iQNDqp63F8wdLsLf5gly2+hzEVqIfZiz7K7L6OFTus9qyT8zo2tjbpBgEYMI1DNEcE6i+tmDB1XkvS1z0kpwnCHsDoIpmkfT7aR6kl1lFs4mfToPwNu0Vq7SkjqLZPUg4LmO0bIG2+HRjMENGs5cWJ4YuIO33vcuGEnrF4oQ+S3IVqNBPIn8cHnnAB9AmnBAeg6ia4SfIEdKgw8lCmiVTj2Nm1jMcMeTG82fkpug2vIOFEdxpSmiGkI9uH1445EMVYLnm3zTLNfrw0hE5oUnW0K6WwN4sW2iCqv2jHY9AvfFmXxFTn6vypyiGV3aQZh4TT3d71RYlZKB2kSMfGOSXijj+wG3fGhGXY9P2noa1MYXhhajyY9m5j0fJmBTe5gF7AJDxA59eIWUaHyFXXQmk68Z2LXmxlU1BSj9ddxcd/Pdn77jZCpOwrGM0sEG50xJ5fhglvHqeN9j+wpME+YofdacLQlm9UkIN1s2PhVlHiQLbqkA2hFQXZ6Gsq9Uuv4sgjUUYGOpABZB4RKCwbrD26OW++QnMqVx84EFaLrS9ih+p/Bh6oNRj28UHQQdFmpprmDsZPsB5yNVrymSG2QpR5rsy92iHzbp/oW7X+6CDjlWBeRiVZ3sJ+mnKEMFXbM3/fVcatHIIuOkH9EfQ67fAW0Q+VpcFlTxcQzKxxeTfEJgajy+mZr7qdaDyekjoiiO4FgtLV9UxpwdSVKcc6kelOLbkcLYbNsbKdFdBEeOrIOh1h4ve6xnkMCw4Q+YKkKh61a3ISmrDLv/qCklR1yeyx+on0zsiVKdohdtQuAI5U9tfBs7WLgFTcZPKTUHGsgs8I1NvbFpgcwggVSBgkqhkiG9w0BBwGgggVDBIIFPzCCBTswggU3BgsqhkiG9w0BDAoBAqCCBO4wggTqMBwGCiqGSIb3DQEMAQMwDgQIzuKZ8wM8nvYCAggABIIEyBHZRxBj2by9U+ddfvI2BOgETLQW58Qb72o3Om1gBJysDKRh0Fei1A8USBMndhOFZQSFS+rSTXh4mw6lsJEBFVrFwwGz5LpjvwD65Lxd2Wxl5RKJcvZC7hJdobzh1Ll0uBSAG3EF69co8RuIlOrVla3tTTyxDUB/j3oSLp6JPZ4UrwsiI4mLWhPieZ3SfVuJkEII1E9JwD/erVzPqwFGFTtDTcJijMBGyR05BCuFfvQJx6hP9IQCB7AtxizYZH6Wg/6zBxaflInx2Lcusu1JNnKhx/qgmpUSkHvFWVwbP51r1zOU0yvNPHQ+ZniDrBepPCGxodtwbvnaKaQEwzv0WUQsR16SYAKIERI/QVHLMZDRgZPasQKw3Pj4Nlgg54bmkQ5sCy7h6Wc//V1N7fAy0s0Sgt/rTmCi7C+qchu1EvGIo9kpF4q8gH6sILsYItlyIKoYK/m9Y1NXu13apzaQqMaR3BF8SyqS3FRwujIyCZx5fjg8rRRHqipJurR6zgbDpn1KgZcUJ10TuTJkicJu0PViic2bKIX9XE/kOiqXhU0+9bofBgwGEZp1OGsxG0p9qRDDGAPj90HcyJ9vY7RotxgSPal4vsya141eUIGYKfApvE9LTxPHW1Py9wOvs5GgipRuMiYKZH9h67PSSmGWJ0U2p/tBHc/m4SDNYj3vBzI0IKrOQ0WGYRrl22usev8tpHL+uB/jSTYa1/ThDOMw76OGmalLacGKjtuK4DG+cG72VNpiGTPV+agZeNje/CsClaLwQPWI1duVLlTfkSdP6HaZvGXmXlu3l2gPJ3A8LgTf0Lao+i3hlnTHpgaZIyhKmxKRbDpUrGa+qFpqctk311NyvhEew+GIxVbN2vYO53+GpCrkra8IlTYKwiset62j/Bz+gemHgiLEMacvTqGzAI/6tdNgBrqcPr3DdfqGrCRnxaS0CpWnh3T39KenMc21pQ+qa42dbOnqZO4W7hR+vIbqS1LXy4sJQDjpucYy033txEZrUfkPo/CMO/bRwoatzBHSFExfdPwjYbVvGXMo2t6AjwpZTzVB1a5KnkpOsdzbTbJOinRCTF01sEAAsZNkDuuCfrfHjBickKCSAv1Xzx6BQeklEgfI2kZTcLwLTl0zCBtc7ID+Bp/PiF6kcBHCwNjpJaERgdbEswM4bVtoflYGddtYb9AtEmCnP6UwRArm5u1OouhqpkqZE9YG6dickHa/UtSLFJS9ng3Ko+OqWcpHnilcYiuupPMtTQQMvYAGTM6OwVkkjtBnWQ72Gut+6nPlm0LEwlsQMrkJ63E1eK7bNQDCSePldg8HumpCAh3CzXPckDbJY0QG41yfeJsGYy6bQGpH3ad6agj9SMTw/yGD8LCYFgL44Mlb5onPveB9jI+uvy1zslLwRJUIdEo8f5u7EANth/a0w6V3KI/jyGq6M8XkJkr6SOLP/A71na+5Wp6tG0E19zLpDoouRLCBzWSEJqsy2Uv2XIagCYuZfc/sXWgd3qh8gWDEFc8tUlaBsxzAlAKWWbmZ6I9qPwgfIX1CahCZBpBMo9H6UfHSa3D9JPoQ+8X7wi0YvSDlYf4xh8ItPrv1U1pAQKWIjJDd5zff+v0Lhy5ixBh+aEzZQfdsHMhmmgrnAzE2MA8GCSqGSIb3DQEJFDECHgAwIwYJKoZIhvcNAQkVMRYEFNC5sxIHwlgps6fymSYihXWSZuuqMC0wITAJBgUrDgMCGgUABBT9kOn8xX8Sey8yI90nSzMgORrGwwQI6HgfrDylDrE="; string p12Pwd = "fa8eb8a6"; var x509Cert = "QmFnIEF0dHJpYnV0ZXMKICAgIGZyaWVuZGx5TmFtZTogCiAgICBsb2NhbEtleUlEOiBEMCBCOSBCMyAxMiAwNyBDMiA1OCAyOSBCMyBBNyBGMiA5OSAyNiAyMiA4NSA3NSA5MiA2NiBFQiBBQSAKc3ViamVjdD0vQz1DTi9TVD1OXHgwQW13Xlx4MDIvTz1tS1x4OEJceEQ1L0NOPVx4MDAwXHgwMDlceDAwLlx4MDAwXHgwMDBceDAwLlx4MDAwXHgwMDNceDAwLlx4MDAwXHgwMDEKaXNzdWVyPS9DPUNOL089VW5pVHJ1c3QvQ049U0hFQ0EgQWRtaW4KLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZ5ekNDQkxPZ0F3SUJBZ0lRZlZ3bXFmWmU2cmZvMTdZQmViZklnREFOQmdrcWhraUc5dzBCQVFzRkFEQTIKTVFzd0NRWURWUVFHRXdKRFRqRVJNQThHQTFVRUNoTUlWVzVwVkhKMWMzUXhGREFTQmdOVkJBTVRDMU5JUlVOQgpJRUZrYldsdU1CNFhEVEUzTURJeU56QTVNREV6TVZvWERURTRNREl5TnpFMU5UazFPVm93VGpFTE1Ba0dBMVVFCkJoTUNRMDR4RHpBTkJnTlZCQWdlQms0S2JYZGVBakVOTUFzR0ExVUVDaDRFYlV1TDFURWZNQjBHQTFVRUF4NFcKQURBQU9RQXVBREFBTUFBdUFEQUFNd0F1QURBQU1UQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQwpBUW9DZ2dFQkFMR25HRm90eElkVWo3L01JMXVvMmtmRGJ3YTBzUTljR2JOWGM1V21hdnJtYUQ0cDdFNUtZM3N2ClFMN2ttZDNTQlBFbHBXeW5Rd0U3QzBhWXNjQWQzTVQ1VVVkYzBaMFdVRHdIL1BUMzJmcVZISGxSZEpMUnJsZkEKUFpWQ1NkbVpBWFhsNlRaWlBEV29nY253WUxpY0dJbTRRN1NBbGdKT0laQlFUZVBMbEJNUFFCVFBXeUptSDJEKwpWbDl4S2ZleHA4Zk5jZGFjR3AvMVZXNkJKQ0s0MzhISU5xVzZ0TVVPdllJalRnb2pUSXcwWFUyODhqdUpaekh5CnlhK3BVYit6MDJ6dENFNlF0N0o2WEs2YzlmU041blZMZkJEbEhmR3B1M3BieHp5WkhTL2FXVFh0OXpNSXVNWU8KTUNRRjN3TVpndGZubzN3dG5iTVNpOHN0NGVva0Q0OENBd0VBQWFPQ0Fyc3dnZ0szTUI4R0ExVWRJd1FZTUJhQQpGRkhaUmxLbXZLcVIzbVRKWldDZk9jaEpDcmsxTUIwR0ExVWREZ1FXQkJUUDcrMHlFS1l5VEt4RzU2ZmNlcEVtClg0MGViekFMQmdOVkhROEVCQU1DQnNBd0hRWURWUjBsQkJZd0ZBWUlLd1lCQlFVSEF3RUdDQ3NHQVFVRkJ3TUMKTUVJR0ExVWRJQVE3TURrd053WUpLb0VjQVlidk9vRVZNQ293S0FZSUt3WUJCUVVIQWdFV0hHaDBkSEE2THk5MwpkM2N1YzJobFkyRXVZMjl0TDNCdmJHbGplUzh3Q1FZRFZSMFRCQUl3QURDQmdBWUlLd1lCQlFVSEFRRUVkREJ5Ck1EZ0dDQ3NHQVFVRkJ6QUJoaXhvZEhSd09pOHZiMk56Y0RNdWMyaGxZMkV1WTI5dEwyOWpjM0F2YzJobFkyRXYKYzJobFkyRXViMk56Y0RBMkJnZ3JCZ0VGQlFjd0FvWXFhSFIwY0RvdkwyeGtZWEF5TG5Ob1pXTmhMbU52YlM5eQpiMjkwTDNOb1pXTmhZV1J0YVc0dVpHVnlNSUhxQmdOVkhSOEVnZUl3Z2Q4d2dhR2dnWjZnZ1p1R2daaHNaR0Z3Ck9pOHZiR1JoY0RJdWMyaGxZMkV1WTI5dE9qTTRPUzlqYmoxRFVrd3hPREl3Tnk1amNtd3NiM1U5VWtFeE1qQTEKTURFd01DeHZkVDFEUVRJd0xHOTFQV055YkN4dlBWVnVhVlJ5ZFhOMElFRmtiV2x1UDJObGNuUnBabWxqWVhSbApVbVYyYjJOaGRHbHZia3hwYzNRL1ltRnpaVDl2WW1wbFkzUkRiR0Z6Y3oxalVreEVhWE4wY21saWRYUnBiMjVRCmIybHVkREE1b0RlZ05ZWXphSFIwY0RvdkwyeGtZWEF5TG5Ob1pXTmhMbU52YlM5RFFUSXdMMUpCTVRJd05UQXgKTURBdlExSk1NVGd5TURjdVkzSnNNSUdKQmdZcWdSd0J4VGdFZnpCOU1Fa0dDQ3FCSEFIRk9JRVFCRDFzWkdGdwpPaTh2YkdSaGNESXVjMmhsWTJFdVkyOXRMMjkxUFhOb1pXTmhJR05sY25ScFptbGpZWFJsSUdOb1lXbHVMRzg5CmMyaGxZMkV1WTI5dE1CRUdDQ3FCSEFIRk9JRVRCQVUyTmpNeE1UQWRCZ2dxZ1J3QnhUaUJGQVFSV0Zrd01ERXgKTXpBME16UTVPRFU0TXpjd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFOL081OXdpczgyWlhpK0tFVXozRkw4NQphL2RmMFVLekcyNHhMbU9jOWVGdzhHbk9uaEhKMTBFT21icXluWHljNXBrdFI0TlNBSEV4alUxZGhIVkRvVlpWCkk4Q05aelpXVzdxaHVIaGhHQkFpSFNWVXpOcGhhS3UwR2F2VXRHL2V0d25QWUlmTXFFV0RQVU85TXJ3aHVQdXIKczJqTElzMzZXdmsyN2Y2ZjBlOHlXbzJzVlR5QlNFTk0vZ1dhdEpGOFlzRC9xQ3Z5WGhCWEM1SkxZYkNLMlRObwp6NmdtUVg2QlN0OUVHenR6SkVrbHo4Nk5RQUk4aDRScTJJbXNVeXZtbEpVaDNCMlZuem1qc3crc3o5R0N2cXJRCm5mRGJEWXFzaG41KytVdjJjUWtYUnNLV3BEOE45V2hZNEFQOVp0aEt1bzIxMTFjR2VjUUJCU05CQWVBVWtoYz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo="; var contentData = Encoding.GetEncoding("UTF-8").GetBytes("ceshi測試"); var signData = RSAPcks12Helper.SignDataWithPcks12(p12Cert, p12Pwd, contentData); var result = RSAPcks12Helper.VerifyDataWithX509(x509Cert, contentData, signData); string privateKey = "MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCxpxhaLcSHVI+/zCNbqNpHw28GtLEPXBmzV3OVpmr65mg+KexOSmN7L0C+5Jnd0gTxJaVsp0MBOwtGmLHAHdzE+VFHXNGdFlA8B/z099n6lRx5UXSS0a5XwD2VQknZmQF15ek2WTw1qIHJ8GC4nBiJuEO0gJYCTiGQUE3jy5QTD0AUz1siZh9g/lZfcSn3safHzXHWnBqf9VVugSQiuN/ByDalurTFDr2CI04KI0yMNF1NvPI7iWcx8smvqVG/s9Ns7QhOkLeyelyunPX0jeZ1S3wQ5R3xqbt6W8c8mR0v2lk17fczCLjGDjAkBd8DGYLX56N8LZ2zEovLLeHqJA+PAgMBAAECggEABcCNT04wENmyFdm8Q1mCR9SSIbt0CDVJN79bJLtQt3MCaRDeb+KEuhZbmFK6kK4eLtizNINt7fpFcTG8f6X34gDYmuDsgJOaYXc4v43O5wgw9dSnW6GibYDx/YU58uu7Wl/pXzMgefRMz4cS+qdDPCJVPuDy+nwhJhUTkI6k6sED2E23MsIPFpA78k6TVpEGOS9RC1++A6mj7NOrgGhIO7BkgmVfRRpAkVKABGEaNHav8nTZ1IIQYCshRbyPAni/W/KmN2URSlED5tX4/VdJP/PyQE4BO6OuJ2wnkJkv2JMDNwicLZBVz+pS8PfBS1kHyrYsC3xv3ybUbIgBtnUH4QKBgQDYnwYXB314QUWr7VzkbH53vAi4JhC4AoycTkOYgerkjXt9R5cJPT2/Ofv2ZmxQuz6cQ6aTynxfdtN7Cb+VGZI1FGkklV1KzwhhmLjuaNhMRDE/XUDSXkRaj55cX8ik6pPMBOSNrt9T+6Y0H5kr3PcnSkCpfF1wO7PeUSCEDTQiyQKBgQDR8pT3zYwE6E7sQBIkl3YrMfJMyci+nXNjp+O/vFY6bHFf/5I3qHJzWthIF2UeXzVnJQPBccmbIEdtbXk1petZvOMtEVrptJmGUrV7r2LFeRn4oUYCgqMr8XVldqlUG24lrROkIHNNHWQFRXyXwEYrz4bLeR6r8pSI4QcQWwmzlwKBgCNAVbRfsqpkLNtaqDg/86C2h9C32Raoy4sQLW3fDoOdBpCPmuOVBLxeykMBzfShVAIH/E6mr/C1HJs0LeosnB9pL+cVK3ZmFJ4VRVr+0twuaLlACrFxR7xZDNNJfxRfXCfiT/NClvNKy3RGBB4gOlQ5gCZUp7wA6zdtilYS8/4JAoGAE7Rn5OYm2SMQnT3aNhL9JUq3yhs6OyG9/cF5L7q2gR9CeNcc2xp1O3xwRjvj4rje40JnGtXaLTQXYB7hPHbJIxAGZml1le+8ZQ4IOIaah5w5IsvILV4jgHFWKmK7u8gjS2f2KvZcvAUhKRl/eyKxs1Tz+s7wYQUQidRM/Gz++RsCgYEAh13t8/5+k3MhWRfuo9YmUcGAGyrH7HQwZdVXIWRfIq23l+suFGRLsrbYTPBDkgIgRS3l1uP+SoEg3xdRK62klTmpAtbpRa3NM2bJ9xgxtfXkgamEQGuRyzKBdiUjqdcUB0Md9xdQK69sjVQZJysomFbIhNrNFD3KxOZsYX5WNPU="; string publicKey = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsacYWi3Eh1SPv8wjW6jaR8NvBrSxD1wZs1dzlaZq+uZoPinsTkpjey9AvuSZ3dIE8SWlbKdDATsLRpixwB3cxPlRR1zRnRZQPAf89PfZ+pUceVF0ktGuV8A9lUJJ2ZkBdeXpNlk8NaiByfBguJwYibhDtICWAk4hkFBN48uUEw9AFM9bImYfYP5WX3Ep97Gnx81x1pwan/VVboEkIrjfwcg2pbq0xQ69giNOCiNMjDRdTbzyO4lnMfLJr6lRv7PTbO0ITpC3snpcrpz19I3mdUt8EOUd8am7elvHPJkdL9pZNe33Mwi4xg4wJAXfAxmC1+ejfC2dsxKLyy3h6iQPjwIDAQAB"; string privateKeyFromPcks12 = RSAPcks12Helper.GetPrivateKeyFromPcks12(p12Cert, p12Pwd); string publicKeyFromPcks12 = RSAPcks12Helper.GetPublicKeyFromPcks12(p12Cert, p12Pwd); string publicKeyFromX509 = RSAPcks12Helper.GetPublicKeyFromX509(x509Cert); Console.WriteLine("私鑰相等:{0}", privateKey == privateKeyFromPcks12); Console.WriteLine("公鑰Pck12相等:{0}", publicKeyFromPcks12 == publicKey); Console.WriteLine("公鑰Pck12與X509相等:{0}", publicKeyFromX509 == publicKeyFromPcks12); Console.WriteLine("公鑰X509相等:{0}", publicKeyFromX509 == publicKey); Console.WriteLine("-----公鑰加密,私鑰解密-----"); //var enc = RSAPcks12Helper.EncryptWithX509(x509Cert, contentData); var enc = RSAPcks12Helper.EncryptWithPublicKey(publicKeyFromX509, contentData); Console.WriteLine(enc); //var dec = RSAPcks12Helper.DecryptWithPcks12(p12Cert, p12Pwd, enc); var dec = RSAPcks12Helper.DecryptWithPrivateKey(privateKey, enc); Console.WriteLine(dec); Console.WriteLine("-----私鑰加密,公鑰解密-----"); enc = RSAPcks12Helper.EncryptWithPrivateKey(privateKey, contentData); Console.WriteLine(enc); dec = RSAPcks12Helper.DecryptWithPublicKey(publicKey, enc); Console.WriteLine(dec); }
其中p12Cert可以轉化為byte[]後直接寫入檔案即為pfx證書,假設你寫入的檔名為p.p12,然後可以通過openssl生成crt證書等,具體指令如下:
//生成1.key檔案 僅包含私鑰,移除-nocerts則同時包含公鑰私鑰 openssl pkcs12 -in D:\ssl\p.p12 -nocerts -nodes -out D:\ssl\1.key //生成cert openssl pkcs12 -in D:\ssl\p.p12 -nokeys -nodes -out D:\ssl\cert.crt //匯出RSA私鑰 openssl rsa -in D:\ssl\1.key -out D:\ssl\pri.pem //匯出RSA公鑰 openssl rsa -in D:\ssl\1.key -pubout -out D:\ssl\pub.pem