博客
关于我
强烈建议你试试无所不能的chatGPT,快点击我
cer证书签名验证
阅读量:5060 次
发布时间:2019-06-12

本文共 8233 字,大约阅读时间需要 27 分钟。

一个cer还需要一个签名的证书本身,这是为了防止cer证书被篡改。

有两种类型的证书:

1. 根证书

2. 由根证书颁发子证书。

特根证书。它是自签名。

而其它子证书的签名公钥都保存在它的上级证书里面。

能够用C#来做一些验证。

首先是根证书的签名验证。

// 验证根证书签名        X509Certificate2 x509Root = new X509Certificate2("C:\\Users\\kevin\\Desktop\\KevinRoot.cer");        Console.WriteLine("Root Certificate Verified?

: {0}{1}", x509Root.Verify(), Environment.NewLine); // 根证书是自签名。所以能够通过。

非常easy,由于根证书是自签名的,x509Root.Verify()会返回true。

然后是子证书的验证,

X509Certificate2 x509 = new X509Certificate2("C:\\Users\\kevin\\Desktop\\ChildSubject2.cer");        byte[] rawdata = x509.RawData;        Console.WriteLine("Content Type: {0}{1}", X509Certificate2.GetCertContentType(rawdata), Environment.NewLine);        Console.WriteLine("Friendly Name: {0}{1}", x509.FriendlyName, Environment.NewLine);        Console.WriteLine("Certificate Verified?: {0}{1}", x509.Verify(), Environment.NewLine);        Console.WriteLine("Simple Name: {0}{1}", x509.GetNameInfo(X509NameType.SimpleName, true), Environment.NewLine);        Console.WriteLine("Signature Algorithm: {0}{1}", x509.SignatureAlgorithm.FriendlyName, Environment.NewLine);    //    Console.WriteLine("Private Key: {0}{1}", x509.PrivateKey.ToXmlString(false), Environment.NewLine);  // cer里面并没有私钥信息        Console.WriteLine("Public Key: {0}{1}", x509.PublicKey.Key.ToXmlString(false), Environment.NewLine);        Console.WriteLine("Certificate Archived?: {0}{1}", x509.Archived, Environment.NewLine);        Console.WriteLine("Length of Raw Data: {0}{1}", x509.RawData.Length, Environment.NewLine);
这里我用自己创建的子证书,x509.Verify()总是返回false,就算我把根证书导入到“trust”里面,还是返回false。不知道为什么。可是假设我用公司的证书(verisign颁发的)。却能够返回true。不知道是不是我自己创建的根证书,子证书有什么配置问题。有空再研究。

反正验证也就这么回事。

以下的代码。用来检查整个证书链。

//Output chain information of the selected certificate.        X509Chain ch = new X509Chain();        ch.Build(x509);        Console.WriteLine("Chain Information");        ch.ChainPolicy.RevocationMode = X509RevocationMode.Online;        Console.WriteLine("Chain revocation flag: {0}", ch.ChainPolicy.RevocationFlag);        Console.WriteLine("Chain revocation mode: {0}", ch.ChainPolicy.RevocationMode);        Console.WriteLine("Chain verification flag: {0}", ch.ChainPolicy.VerificationFlags);        Console.WriteLine("Chain verification time: {0}", ch.ChainPolicy.VerificationTime);        Console.WriteLine("Chain status length: {0}", ch.ChainStatus.Length);        Console.WriteLine("Chain application policy count: {0}", ch.ChainPolicy.ApplicationPolicy.Count);        Console.WriteLine("Chain certificate policy count: {0} {1}", ch.ChainPolicy.CertificatePolicy.Count, Environment.NewLine);        //Output chain element information.        Console.WriteLine("Chain Element Information");        Console.WriteLine("Number of chain elements: {0}", ch.ChainElements.Count);        Console.WriteLine("Chain elements synchronized? {0} {1}", ch.ChainElements.IsSynchronized, Environment.NewLine);    //    int index = 0;        foreach (X509ChainElement element in ch.ChainElements)        {            Console.WriteLine("Element subject name: {0}", element.Certificate.Subject);            Console.WriteLine("Element issuer name: {0}", element.Certificate.Issuer);            Console.WriteLine("Element certificate valid until: {0}", element.Certificate.NotAfter);            Console.WriteLine("Element certificate is valid: {0}", element.Certificate.Verify());            Console.WriteLine("Element error status length: {0}", element.ChainElementStatus.Length);            Console.WriteLine("Element information: {0}", element.Information);            Console.WriteLine("Number of element extensions: {0}{1}", element.Certificate.Extensions.Count, Environment.NewLine);            string a = element.Certificate.Thumbprint;       //     string b = ch.ChainPolicy.ExtraStore[0].Thumbprint;            //ch.ChainPolicy.ExtraStore[index - 1].Thumbprint;            if (ch.ChainStatus.Length > 1)            {                for (int index = 0; index < element.ChainElementStatus.Length; index++)                {                    Console.WriteLine(element.ChainElementStatus[index].Status);                    Console.WriteLine(element.ChainElementStatus[index].StatusInformation);                }            }        }
上面的代码也非常easy,事实上就是把整个证书链里面的每个证书打印信息一下。详细的函数调用參数msdn。

以下是完整代码。注意里面的几个证书路径是我写死的,假设想測试以下的代码,仅仅须要自己创建几个证书。

using System;using System.Security.Cryptography;using System.Security.Permissions;using System.IO;using System.Security.Cryptography.X509Certificates;class CertSelect{    static void Main()    {        // 验证根证书签名        X509Certificate2 x509Root = new X509Certificate2("C:\\Users\\kevin\\Desktop\\KevinRoot.cer");        Console.WriteLine("Root Certificate Verified?: {0}{1}", x509Root.Verify(), Environment.NewLine);  // 根证书是自签名,所以能够通过。        X509Certificate2 x509 = new X509Certificate2("C:\\Users\\kevin\\Desktop\\ChildSubject2.cer");        byte[] rawdata = x509.RawData;        Console.WriteLine("Content Type: {0}{1}", X509Certificate2.GetCertContentType(rawdata), Environment.NewLine);        Console.WriteLine("Friendly Name: {0}{1}", x509.FriendlyName, Environment.NewLine);        Console.WriteLine("Certificate Verified?: {0}{1}", x509.Verify(), Environment.NewLine);        Console.WriteLine("Simple Name: {0}{1}", x509.GetNameInfo(X509NameType.SimpleName, true), Environment.NewLine);        Console.WriteLine("Signature Algorithm: {0}{1}", x509.SignatureAlgorithm.FriendlyName, Environment.NewLine);    //    Console.WriteLine("Private Key: {0}{1}", x509.PrivateKey.ToXmlString(false), Environment.NewLine);  // cer里面并没有私钥信息        Console.WriteLine("Public Key: {0}{1}", x509.PublicKey.Key.ToXmlString(false), Environment.NewLine);        Console.WriteLine("Certificate Archived?: {0}{1}", x509.Archived, Environment.NewLine);        Console.WriteLine("Length of Raw Data: {0}{1}", x509.RawData.Length, Environment.NewLine);        //Output chain information of the selected certificate.        X509Chain ch = new X509Chain();        ch.Build(x509);        Console.WriteLine("Chain Information");        ch.ChainPolicy.RevocationMode = X509RevocationMode.Online;        Console.WriteLine("Chain revocation flag: {0}", ch.ChainPolicy.RevocationFlag);        Console.WriteLine("Chain revocation mode: {0}", ch.ChainPolicy.RevocationMode);        Console.WriteLine("Chain verification flag: {0}", ch.ChainPolicy.VerificationFlags);        Console.WriteLine("Chain verification time: {0}", ch.ChainPolicy.VerificationTime);        Console.WriteLine("Chain status length: {0}", ch.ChainStatus.Length);        Console.WriteLine("Chain application policy count: {0}", ch.ChainPolicy.ApplicationPolicy.Count);        Console.WriteLine("Chain certificate policy count: {0} {1}", ch.ChainPolicy.CertificatePolicy.Count, Environment.NewLine);        //Output chain element information.        Console.WriteLine("Chain Element Information");        Console.WriteLine("Number of chain elements: {0}", ch.ChainElements.Count);        Console.WriteLine("Chain elements synchronized?

{0} {1}", ch.ChainElements.IsSynchronized, Environment.NewLine); // int index = 0; foreach (X509ChainElement element in ch.ChainElements) { Console.WriteLine("Element subject name: {0}", element.Certificate.Subject); Console.WriteLine("Element issuer name: {0}", element.Certificate.Issuer); Console.WriteLine("Element certificate valid until: {0}", element.Certificate.NotAfter); Console.WriteLine("Element certificate is valid: {0}", element.Certificate.Verify()); Console.WriteLine("Element error status length: {0}", element.ChainElementStatus.Length); Console.WriteLine("Element information: {0}", element.Information); Console.WriteLine("Number of element extensions: {0}{1}", element.Certificate.Extensions.Count, Environment.NewLine); string a = element.Certificate.Thumbprint; // string b = ch.ChainPolicy.ExtraStore[0].Thumbprint; //ch.ChainPolicy.ExtraStore[index - 1].Thumbprint; if (ch.ChainStatus.Length > 1) { for (int index = 0; index < element.ChainElementStatus.Length; index++) { Console.WriteLine(element.ChainElementStatus[index].Status); Console.WriteLine(element.ChainElementStatus[index].StatusInformation); } } } x509.Reset(); } }

版权声明:本文博客原创文章。博客,未经同意,不得转载。

转载于:https://www.cnblogs.com/zfyouxi/p/4752993.html

你可能感兴趣的文章
从.NET中委托写法的演变谈开去(上):委托与匿名方法
查看>>
六、PowerDesigner 正向工程 和 逆向工程 说明
查看>>
小算法
查看>>
201521123024 《java程序设计》 第12周学习总结
查看>>
贪吃蛇游戏改进
查看>>
新作《ASP.NET MVC 5框架揭秘》正式出版
查看>>
“前.NET Core时代”如何实现跨平台代码重用 ——源文件重用
查看>>
【POJ1845】Sumdiv(数论/约数和定理/等比数列二分求和)
查看>>
在WPF中使用Caliburn.Micro搭建MEF插件化开发框架
查看>>
IdentityServer4-用EF配置Client(一)
查看>>
UWP: 掌握编译型绑定 x:Bind
查看>>
asp.net core系列 35 EF保存数据(2) -- EF系列结束
查看>>
WPF程序加入3D模型
查看>>
WPF中实现多选ComboBox控件
查看>>
读构建之法第四章第十七章有感
查看>>
C#中的IEnumerable<T>知识点
查看>>
android访问链接时候报java.net.MalformedURLException: Protocol not found
查看>>
dwz ie10一直提示数据加载中
查看>>
Windows Phone开发(4):框架和页 转:http://blog.csdn.net/tcjiaan/article/details/7263146
查看>>
Windows Phone Marketplace 发布软件全攻略
查看>>
喝酒易醉,品茶养心,人生如梦,品茶悟道,何以解忧?唯有杜康!-- 愿君每日到此一游!
当前时间: 2024-11-15 10:19:59   当前IP: 3.144.37.147   联系邮箱:javaeecc@qq.com     Copyright © 2020 - 2022 baihongyu.com 京ICP备2021015314号-2
强烈建议你试试无所不能的CHAT-GPT,快点击我
强烈建议你试试无所不能的CHAT-GPT,快点击我