下载OpenSSL
下载地址:https://sourceforge.net/projects/openssl/files/latest/download
创建SSL证书
-- 创建密钥(jieke.key)和公钥证书(jieke.crt)
openssl req -newkey rsa:2048 -nodes -keyout jieke.key -x509 -days 365 -out jieke.crt -subj "/C=CN/ST=JiangXi/L=NanChang/O=kf/OU=sf/CN=*.baidu.com/emailAddress=jieke@abc.com"
-- 使用密钥和公钥证书创建带有公钥和私钥的证书(jieke.pfx)
openssl pkcs12 -export -out jieke.pfx -inkey jieke.key -in jieke.crt
-- 该命令会要求输入密码
部分命令参数解释如下:
- days 证书有效天数
- subj 证书签名内容
创建.net控制台程序
将上一步骤生成的公钥证书即带有公钥和私钥的证书拷贝到项目的Certificates目录下,并设置始终复制
加密解密及签名验签的测试代码如下:
using System;
using System.IO;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using System.Text;
class Program
{
static void Main(string[] args)
{
TestForEncryptAndEncrypt();
TestForSignDataAndVerificationSignature();
}
// 公钥加密、私钥解密
static void TestForEncryptAndEncrypt()
{
string plainText = Guid.NewGuid().ToString();
string encryptedText = string.Empty;
{
string certificatePath = Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "Certificates", "jieke.crt");
string certificatePwd = "";
X509Certificate2 x509Certificate2 = new X509Certificate2(certificatePath, certificatePwd, X509KeyStorageFlags.MachineKeySet);
encryptedText = Encrypt(plainText, x509Certificate2);
}
string decryptedText = string.Empty;
{
string certificatePath = Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "Certificates", "jieke.pfx");
string certificatePwd = "123456";
X509Certificate2 x509Certificate2 = new X509Certificate2(certificatePath, certificatePwd, X509KeyStorageFlags.MachineKeySet);
decryptedText = Decrypt(encryptedText, x509Certificate2);
}
}
// 加密
static string Encrypt(string plainText, X509Certificate2 cert)
{
RSACryptoServiceProvider publicKey = (RSACryptoServiceProvider)cert.PublicKey.Key;
byte[] plainBytes = Encoding.UTF8.GetBytes(plainText);
byte[] encryptedBytes = publicKey.Encrypt(plainBytes, false);
string encryptedText = Convert.ToBase64String(encryptedBytes);
return encryptedText;
}
// 解密
static string Decrypt(string encryptedText, X509Certificate2 cert)
{
RSACryptoServiceProvider privateKey = (RSACryptoServiceProvider)cert.PrivateKey;
byte[] encryptedBytes = Convert.FromBase64String(encryptedText);
byte[] decryptedBytes = privateKey.Decrypt(encryptedBytes, false);
string decryptedText = Encoding.UTF8.GetString(decryptedBytes);
return decryptedText;
}
// 私钥签名、公钥验签
static void TestForSignDataAndVerificationSignature()
{
string plainText = Guid.NewGuid().ToString();
string signatureString = string.Empty;
{
string certificatePath = Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "Certificates", "jieke.pfx");
string certificatePwd = "123456";
X509Certificate2 x509Certificate2 = new X509Certificate2(certificatePath, certificatePwd, X509KeyStorageFlags.MachineKeySet);
signatureString = SignData(x509Certificate2, plainText);
}
{
string certificatePath = Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "Certificates", "jieke.crt");
string certificatePwd = "123456";
X509Certificate2 x509Certificate2 = new X509Certificate2(certificatePath, certificatePwd, X509KeyStorageFlags.MachineKeySet);
bool vefified = VerificationSignature(x509Certificate2, plainText, signatureString);
Console.WriteLine(vefified);
}
}
// 验证签名
static bool VerificationSignature(X509Certificate2 cert, string data, string signatureString)
{
byte[] dataBuffer = Encoding.UTF8.GetBytes(data);
byte[] signatureBuffer = Convert.FromBase64String(signatureString);
return (cert.PublicKey.Key as RSACryptoServiceProvider).VerifyData(dataBuffer, new SHA1CryptoServiceProvider(), signatureBuffer);
}
// 生成签名
static string SignData(X509Certificate2 cert, string data)
{
if (cert.HasPrivateKey == false) return null;
byte[] dataBuffer = Encoding.UTF8.GetBytes(data);
byte[] signatureBuffer = (cert.PrivateKey as RSACryptoServiceProvider).SignData(dataBuffer, new SHA1CryptoServiceProvider());
return Convert.ToBase64String(signatureBuffer);
}
}
