相关疑难解决方法(0)

我四处搜寻,但没有找到一个明确的例子. 我想按照以下步骤以编程方式(c#)创建自签名(自我)可信证书:

步骤1:动态 创建根CA证书并将其添加到"受信任的根证书颁发机构"文件夹中的证书存储区

我想要完成这个命令行工具的功能:

makecert.exe -sk RootCA -sky签名-pe -n CN = MY_CA -r -sr LocalMachine -ss根MyCA.cer

第2步: 根据以前创建的根CA证书创建证书,并将其放入证书存储区"Personal"文件夹中

我想要完成这个命令行工具的功能:

makecert.exe -sk server -sky exchange -pe -n CN = 127.0.0.1 -ir LocalMachine -is Root -ic MyCA.cer -sr LocalMachine -ss My MyCertificate.cer

我想得到这个:

我这样做了(参见下面的代码 - 第1步),不知道如何制作STEP2,任何帮助都将不胜感激.目标计算机是Windows XP/Seven. 我尝试了纯粹的.net方法和BouncyCastle库.

makecert.exe -sk RootCA -sky signature -pe -n CN=MY_CA -r -sr LocalMachine -ss Root MyCA.cer

我需要使用私钥导出和导入生成的证书到字节数组和从字节数组导入,除非我使用.NET framework 4.0和4.5,否则我没有任何问题.我正在使用BouncyCastle库生成自签名证书,然后将它们转换为.NET格式(X509Certificate2对象).不幸的是,升级到最新的框架我无法导出私钥.这是代码:

using System;
using System.Diagnostics;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using Org.BouncyCastle.Asn1.X509;
using Org.BouncyCastle.Crypto;
using Org.BouncyCastle.Crypto.Generators;
using Org.BouncyCastle.Crypto.Parameters;
using Org.BouncyCastle.Crypto.Prng;
using Org.BouncyCastle.Math;
using Org.BouncyCastle.Security;
using Org.BouncyCastle.X509;

namespace X509CertificateExport
{
    class Program
    {
        static void Main(string[] args)
        {
            var certificate = Generate();
            var exported = certificate.Export(X509ContentType.Pfx);
            var imported = new X509Certificate2(exported, (string)null, X509KeyStorageFlags.Exportable | X509KeyStorageFlags.PersistKeySet);

            Console.WriteLine("Certificate has private key: " + imported.HasPrivateKey);
            Console.ReadKey();
        }

        public static X509Certificate2 Generate()
        {
            var keyPairGenerator = new RsaKeyPairGenerator();
            var secureRandom = new …

我正在将.NetFramework 4.6.1库迁移到.NetCore 2.2。但是我无法设置x509certificate.PrivateKey，如下所示。

我读过这可能是由于RSAServiceProvider引起的，但我不知道如何设置此属性。甚至实例化：
x509certificate.PrivateKey = new RSACryptoServiceProvider（）;
引发PlatformNotSupportedException。

// selfsign certificate
Org.BouncyCastle.X509.X509Certificate certificate = 
certificateGenerator.Generate(signatureFactory);

// correponding private key
PrivateKeyInfo info = 
PrivateKeyInfoFactory.CreatePrivateKeyInfo(subjectKeyPair.Private);

// merge into X509Certificate2
var x509certificate = new X509Certificate2(certificate.GetEncoded());

Asn1Sequence seq = (Asn1Sequence)
Asn1Object.FromByteArray(info.ParsePrivateKey().GetDerEncoded() 
);

RsaPrivateKeyStructure rsa = RsaPrivateKeyStructure.GetInstance(seq);
RsaPrivateCrtKeyParameters rsaParams = new 
RsaPrivateCrtKeyParameters(
rsa.Modulus,
rsa.PublicExponent,
rsa.PrivateExponent,
rsa.Prime1,
rsa.Prime2,
rsa.Exponent1,
rsa.Exponent2,
rsa.Coefficient);

x509certificate.PrivateKey = DotNetUtilities.ToRSA(rsaParams);

在.NetCore库中，将x509certificate.PrivateKey与DotNetUtilities.ToRSA（rsaParams）中的RSA一起设置，将引发PlatformNotSupportedException。

System.PlatformNotSupportedException
  HResult=0x80131539
  Message=Operation is not supported on this platform.
  Source=System.Security.Cryptography.X509Certificates
  StackTrace:
   at System.Security.Cryptography.X509Certificates.X509Certificate2.set_PrivateKey(AsymmetricAlgorithm value)