cer证书签名验证
来源:互联网 发布:内网演示软件 编辑:程序博客网 时间:2024/05/18 20:12
一个cer证书本身也是需要签名的,这是为了防止cer证书被篡改。
证书有两种类型:
1. 根证书
2. 根证书签发的子证书。
根证书比较特殊,它是自签名的。而其他子证书的签名公钥都保存在它的上级证书里面。
可以用C#来做一些验证。
首先是根证书的签名验证。
// 验证根证书签名 X509Certificate2 x509Root = new X509Certificate2("C:\\Users\\kevin\\Desktop\\KevinRoot.cer"); Console.WriteLine("Root Certificate Verified?: {0}{1}", x509Root.Verify(), Environment.NewLine); // 根证书是自签名,所以可以通过。很简单,因为根证书是自签名的,x509Root.Verify()会返回true。然后是子证书的验证,
X509Certificate2 x509 = new X509Certificate2("C:\\Users\\kevin\\Desktop\\ChildSubject2.cer"); byte[] rawdata = x509.RawData; Console.WriteLine("Content Type: {0}{1}", X509Certificate2.GetCertContentType(rawdata), Environment.NewLine); Console.WriteLine("Friendly Name: {0}{1}", x509.FriendlyName, Environment.NewLine); Console.WriteLine("Certificate Verified?: {0}{1}", x509.Verify(), Environment.NewLine); Console.WriteLine("Simple Name: {0}{1}", x509.GetNameInfo(X509NameType.SimpleName, true), Environment.NewLine); Console.WriteLine("Signature Algorithm: {0}{1}", x509.SignatureAlgorithm.FriendlyName, Environment.NewLine); // Console.WriteLine("Private Key: {0}{1}", x509.PrivateKey.ToXmlString(false), Environment.NewLine); // cer里面并没有私钥信息 Console.WriteLine("Public Key: {0}{1}", x509.PublicKey.Key.ToXmlString(false), Environment.NewLine); Console.WriteLine("Certificate Archived?: {0}{1}", x509.Archived, Environment.NewLine); Console.WriteLine("Length of Raw Data: {0}{1}", x509.RawData.Length, Environment.NewLine);这里我用自己创建的子证书,x509.Verify()总是返回false,就算我把根证书导入到“trust”里面,还是返回false,不知道为什么。但是如果我用公司的证书(verisign颁发的),却可以返回true。不知道是不是我自己创建的根证书,子证书有什么配置问题,有空再研究。反正验证也就这么回事。下面的代码,用来检查整个证书链。
//Output chain information of the selected certificate. X509Chain ch = new X509Chain(); ch.Build(x509); Console.WriteLine("Chain Information"); ch.ChainPolicy.RevocationMode = X509RevocationMode.Online; Console.WriteLine("Chain revocation flag: {0}", ch.ChainPolicy.RevocationFlag); Console.WriteLine("Chain revocation mode: {0}", ch.ChainPolicy.RevocationMode); Console.WriteLine("Chain verification flag: {0}", ch.ChainPolicy.VerificationFlags); Console.WriteLine("Chain verification time: {0}", ch.ChainPolicy.VerificationTime); Console.WriteLine("Chain status length: {0}", ch.ChainStatus.Length); Console.WriteLine("Chain application policy count: {0}", ch.ChainPolicy.ApplicationPolicy.Count); Console.WriteLine("Chain certificate policy count: {0} {1}", ch.ChainPolicy.CertificatePolicy.Count, Environment.NewLine); //Output chain element information. Console.WriteLine("Chain Element Information"); Console.WriteLine("Number of chain elements: {0}", ch.ChainElements.Count); Console.WriteLine("Chain elements synchronized? {0} {1}", ch.ChainElements.IsSynchronized, Environment.NewLine); // int index = 0; foreach (X509ChainElement element in ch.ChainElements) { Console.WriteLine("Element subject name: {0}", element.Certificate.Subject); Console.WriteLine("Element issuer name: {0}", element.Certificate.Issuer); Console.WriteLine("Element certificate valid until: {0}", element.Certificate.NotAfter); Console.WriteLine("Element certificate is valid: {0}", element.Certificate.Verify()); Console.WriteLine("Element error status length: {0}", element.ChainElementStatus.Length); Console.WriteLine("Element information: {0}", element.Information); Console.WriteLine("Number of element extensions: {0}{1}", element.Certificate.Extensions.Count, Environment.NewLine); string a = element.Certificate.Thumbprint; // string b = ch.ChainPolicy.ExtraStore[0].Thumbprint; //ch.ChainPolicy.ExtraStore[index - 1].Thumbprint; if (ch.ChainStatus.Length > 1) { for (int index = 0; index < element.ChainElementStatus.Length; index++) { Console.WriteLine(element.ChainElementStatus[index].Status); Console.WriteLine(element.ChainElementStatus[index].StatusInformation); } } }上面的代码也很简单,其实就是把整个证书链里面的每一个证书信息打印一下。具体的函数调用参数msdn。下面是完整代码,注意里面的几个证书路径是我写死的,如果想测试下面的代码,只需要自己创建几个证书。
using System;using System.Security.Cryptography;using System.Security.Permissions;using System.IO;using System.Security.Cryptography.X509Certificates;class CertSelect{ static void Main() { // 验证根证书签名 X509Certificate2 x509Root = new X509Certificate2("C:\\Users\\kevin\\Desktop\\KevinRoot.cer"); Console.WriteLine("Root Certificate Verified?: {0}{1}", x509Root.Verify(), Environment.NewLine); // 根证书是自签名,所以可以通过。 X509Certificate2 x509 = new X509Certificate2("C:\\Users\\kevin\\Desktop\\ChildSubject2.cer"); byte[] rawdata = x509.RawData; Console.WriteLine("Content Type: {0}{1}", X509Certificate2.GetCertContentType(rawdata), Environment.NewLine); Console.WriteLine("Friendly Name: {0}{1}", x509.FriendlyName, Environment.NewLine); Console.WriteLine("Certificate Verified?: {0}{1}", x509.Verify(), Environment.NewLine); Console.WriteLine("Simple Name: {0}{1}", x509.GetNameInfo(X509NameType.SimpleName, true), Environment.NewLine); Console.WriteLine("Signature Algorithm: {0}{1}", x509.SignatureAlgorithm.FriendlyName, Environment.NewLine); // Console.WriteLine("Private Key: {0}{1}", x509.PrivateKey.ToXmlString(false), Environment.NewLine); // cer里面并没有私钥信息 Console.WriteLine("Public Key: {0}{1}", x509.PublicKey.Key.ToXmlString(false), Environment.NewLine); Console.WriteLine("Certificate Archived?: {0}{1}", x509.Archived, Environment.NewLine); Console.WriteLine("Length of Raw Data: {0}{1}", x509.RawData.Length, Environment.NewLine); //Output chain information of the selected certificate. X509Chain ch = new X509Chain(); ch.Build(x509); Console.WriteLine("Chain Information"); ch.ChainPolicy.RevocationMode = X509RevocationMode.Online; Console.WriteLine("Chain revocation flag: {0}", ch.ChainPolicy.RevocationFlag); Console.WriteLine("Chain revocation mode: {0}", ch.ChainPolicy.RevocationMode); Console.WriteLine("Chain verification flag: {0}", ch.ChainPolicy.VerificationFlags); Console.WriteLine("Chain verification time: {0}", ch.ChainPolicy.VerificationTime); Console.WriteLine("Chain status length: {0}", ch.ChainStatus.Length); Console.WriteLine("Chain application policy count: {0}", ch.ChainPolicy.ApplicationPolicy.Count); Console.WriteLine("Chain certificate policy count: {0} {1}", ch.ChainPolicy.CertificatePolicy.Count, Environment.NewLine); //Output chain element information. Console.WriteLine("Chain Element Information"); Console.WriteLine("Number of chain elements: {0}", ch.ChainElements.Count); Console.WriteLine("Chain elements synchronized? {0} {1}", ch.ChainElements.IsSynchronized, Environment.NewLine); // int index = 0; foreach (X509ChainElement element in ch.ChainElements) { Console.WriteLine("Element subject name: {0}", element.Certificate.Subject); Console.WriteLine("Element issuer name: {0}", element.Certificate.Issuer); Console.WriteLine("Element certificate valid until: {0}", element.Certificate.NotAfter); Console.WriteLine("Element certificate is valid: {0}", element.Certificate.Verify()); Console.WriteLine("Element error status length: {0}", element.ChainElementStatus.Length); Console.WriteLine("Element information: {0}", element.Information); Console.WriteLine("Number of element extensions: {0}{1}", element.Certificate.Extensions.Count, Environment.NewLine); string a = element.Certificate.Thumbprint; // string b = ch.ChainPolicy.ExtraStore[0].Thumbprint; //ch.ChainPolicy.ExtraStore[index - 1].Thumbprint; if (ch.ChainStatus.Length > 1) { for (int index = 0; index < element.ChainElementStatus.Length; index++) { Console.WriteLine(element.ChainElementStatus[index].Status); Console.WriteLine(element.ChainElementStatus[index].StatusInformation); } } } x509.Reset(); } } 0 0
- cer证书签名验证
- 从自签名证书导出pfx和cer证书
- C#利用CER证书文件对远程Service进行验证
- SSL证书生成,签名,验证
- apk的证书自签名, 普通证书由证书中心签名, 根证书自签名 (签名者验证证书)
- PKCS cer 证书
- PKCS cer 证书
- cer证书安装
- java解析cer证书
- java导入cer证书
- iOS https自签名证书— xxx.crt 转化成xxx.cer 格式
- iOS https自签名证书— xxx.crt 转化成xxx.cer 格式
- cer证书,p12证书相关
- cer证书,p12证书相关
- cer证书,p12证书相关
- 验证证书签名 与CSp相关
- 使用 Openssl 验证自签名证书
- 使用 Openssl 验证自签名证书
- android Theme使用总结
- 开发板tftp 程序时,出现timeout 之我的故障
- Lua 的编辑调试系列教材(一)
- mysql索引当中的几个概念和原理
- 1907 John
- cer证书签名验证
- 使用filechannel高效拷贝数据
- vs2010设置boost开发环境
- 物距,像距,焦距了解
- 二十岁出头,你一无所有,但你却拥有一切
- Hadoop环境搭建
- java语言中的数组(五)
- android File类的用法:File.exists()错误、File.mkdir()错误等创建删除的解决办法
- ValueStack
