110,571
社区成员
发帖
与我相关
我的任务
分享请发表友善的回复…
发表回复
dennis99948 2010-08-12
- 打赏
- 举报
我是要用银联提供的证书,http post 提交报文,对银行卡扣款。
就需要对报文进行消息签名呀。
策略当然是提取证书pfx的私钥,对报文进行签名。
应怎么处理呢
就需要对报文进行消息签名呀。
策略当然是提取证书pfx的私钥,对报文进行签名。
应怎么处理呢
dennis99948 2010-08-11
- 打赏
- 举报
但以上方法得到的结果值与其他站点接口的验证结果不一致
dennis99948 2010-08-11
- 打赏
- 举报
我的代码是这样
X509Certificate2 myX509Certificate2 = new X509Certificate2(@"D:\pdscert\TEST1.pfx", "123456", X509KeyStorageFlags.Exportable);
str_DataToSign="111
byte[] DataToSign = Encoding.GetEncoding("GB2312").GetBytes(str_DataToSign);
RSACryptoServiceProvider provider = (RSACryptoServiceProvider)myX509Certificate2.PrivateKey;
RSAPKCS1SignatureFormatter RSAFormatter = new RSAPKCS1SignatureFormatter(provider);
////Set the hash algorithm to SHA1.
//RSAFormatter.SetHashAlgorithm("SHA1");
//SHA1Managed sha1 = new SHA1Managed();
//byte[] hash = sha1.ComputeHash(DataToSign);
////Create a signature for HashValue and return it.
//byte[] SignedHash = RSAFormatter.CreateSignature(hash);
// Convert.ToBase64String(SignedHash);
return Convert.ToBase64String(provider.SignData(DataToSign, new SHA1CryptoServiceProvider()));
X509Certificate2 myX509Certificate2 = new X509Certificate2(@"D:\pdscert\TEST1.pfx", "123456", X509KeyStorageFlags.Exportable);
str_DataToSign="111
byte[] DataToSign = Encoding.GetEncoding("GB2312").GetBytes(str_DataToSign);
RSACryptoServiceProvider provider = (RSACryptoServiceProvider)myX509Certificate2.PrivateKey;
RSAPKCS1SignatureFormatter RSAFormatter = new RSAPKCS1SignatureFormatter(provider);
////Set the hash algorithm to SHA1.
//RSAFormatter.SetHashAlgorithm("SHA1");
//SHA1Managed sha1 = new SHA1Managed();
//byte[] hash = sha1.ComputeHash(DataToSign);
////Create a signature for HashValue and return it.
//byte[] SignedHash = RSAFormatter.CreateSignature(hash);
// Convert.ToBase64String(SignedHash);
return Convert.ToBase64String(provider.SignData(DataToSign, new SHA1CryptoServiceProvider()));
malun666 2010-08-11
- 打赏
- 举报
using System;
using System.Collections.Generic;
using System.Text;
using System.Security.Cryptography.X509Certificates;
using System.Diagnostics;
using System.IO;
using System.Runtime.InteropServices;
using System.Security.Cryptography;
namespace testCer
{
class Program
{
static void Main(string[] args)
{
//生成pfx证书文件
string MakeCert = "E:\\个人\\usbkey\\iKey1000\\makecert.exe";
string x509Name = "CN=111";
string param = " -pe -ss my -n \"" + x509Name + "\" ";
Process p = Process.Start(MakeCert, param);
p.WaitForExit();
p.Close();
X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadWrite);
X509Certificate2Collection storecollection = (X509Certificate2Collection)store.Certificates;
foreach (X509Certificate2 x509 in storecollection)
{
if (x509.Subject == "CN=111")
{
Debug.Print(string.Format("certificate name: {0}", x509.Subject));
byte[] pfxByte = x509.Export(X509ContentType.Pfx, "111");
FileStream fileStream = new FileStream(Path.Combine("E:\\个人\\usbkey\\iKey1000", "111.pfx"), FileMode.Create);
// Write the data to the file, byte by byte.
for (int i = 0; i < pfxByte.Length; i++)
fileStream.WriteByte(pfxByte[i]);
// Set the stream position to the beginning of the file.
fileStream.Seek(0, SeekOrigin.Begin);
// Read and verify the data.
for (int i = 0; i < fileStream.Length; i++)
{
if (pfxByte[i] != fileStream.ReadByte())
{
return;
}
}
fileStream.Close();
}
}
store.Close();
store = null;
storecollection = null;
}
}
}
如题。
1.需要包含公私钥
2.证书用来加密、解密、签名、验证签名
3.pfx格式(或P12)
这几个是显然满足的
不满足的话能叫pfx的证书么?
但是这个公私钥
是随机产生的
你使用
X509Certificate2 pc = new X509Certificate2(labelPfxPath.Text.Trim(), textBoxPfxKey.Text.Trim(), X509KeyStorageFlags.Exportable);
使用一个证书文件名、一个用于访问该证书的密码和一个密钥存储标志初始化 X509Certificate2 类的新实例。
你把 证书文件名改成证书的目录加文件名就行了
pc.PublicKey.Key.ToXmlString(false);
pc.PrivateKey.ToXmlString(true);
参考这个:
http://www.luminji.com/post/2010/03/21/Ce5889be5bbbae695b0e5ad97e8af81e4b9a6e5b9b6e5afbce587bae4b8bapfxefbc8ce5b9b6e4bdbfe794a8pfxe8bf9be8a18ce
using System.Collections.Generic;
using System.Text;
using System.Security.Cryptography.X509Certificates;
using System.Diagnostics;
using System.IO;
using System.Runtime.InteropServices;
using System.Security.Cryptography;
namespace testCer
{
class Program
{
static void Main(string[] args)
{
//生成pfx证书文件
string MakeCert = "E:\\个人\\usbkey\\iKey1000\\makecert.exe";
string x509Name = "CN=111";
string param = " -pe -ss my -n \"" + x509Name + "\" ";
Process p = Process.Start(MakeCert, param);
p.WaitForExit();
p.Close();
X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadWrite);
X509Certificate2Collection storecollection = (X509Certificate2Collection)store.Certificates;
foreach (X509Certificate2 x509 in storecollection)
{
if (x509.Subject == "CN=111")
{
Debug.Print(string.Format("certificate name: {0}", x509.Subject));
byte[] pfxByte = x509.Export(X509ContentType.Pfx, "111");
FileStream fileStream = new FileStream(Path.Combine("E:\\个人\\usbkey\\iKey1000", "111.pfx"), FileMode.Create);
// Write the data to the file, byte by byte.
for (int i = 0; i < pfxByte.Length; i++)
fileStream.WriteByte(pfxByte[i]);
// Set the stream position to the beginning of the file.
fileStream.Seek(0, SeekOrigin.Begin);
// Read and verify the data.
for (int i = 0; i < fileStream.Length; i++)
{
if (pfxByte[i] != fileStream.ReadByte())
{
return;
}
}
fileStream.Close();
}
}
store.Close();
store = null;
storecollection = null;
}
}
}
如题。
1.需要包含公私钥
2.证书用来加密、解密、签名、验证签名
3.pfx格式(或P12)
这几个是显然满足的
不满足的话能叫pfx的证书么?
但是这个公私钥
是随机产生的
你使用
X509Certificate2 pc = new X509Certificate2(labelPfxPath.Text.Trim(), textBoxPfxKey.Text.Trim(), X509KeyStorageFlags.Exportable);
使用一个证书文件名、一个用于访问该证书的密码和一个密钥存储标志初始化 X509Certificate2 类的新实例。
你把 证书文件名改成证书的目录加文件名就行了
pc.PublicKey.Key.ToXmlString(false);
pc.PrivateKey.ToXmlString(true);
参考这个:
http://www.luminji.com/post/2010/03/21/Ce5889be5bbbae695b0e5ad97e8af81e4b9a6e5b9b6e5afbce587bae4b8bapfxefbc8ce5b9b6e4bdbfe794a8pfxe8bf9be8a18ce
husanbo110 2010-08-11
- 打赏
- 举报
看你需要什么样的签名了
vs 中有 makecert.exe
signcode.exe 等几个文件
你双击打开signcode.exe
按提示就可以对文件签名了
不过你自己生成的pfx 签名没什么用
在网络上还是不安全的
vs 中有 makecert.exe
signcode.exe 等几个文件
你双击打开signcode.exe
按提示就可以对文件签名了
不过你自己生成的pfx 签名没什么用
在网络上还是不安全的
