如何使用C#(Mono/Xamarin)中的Bouncy Castle导入签名SSL证书?
我使用Bouncy Castle生成私钥和PKCS10 CSR,然后将其发送到远程服务器进行签名。我得到一个标准的base64编码的签名SSL证书作为字符串响应。问题是,如何从字符串导入签名证书,然后将私钥和签名证书保存为PKCS12(.PFX)文件 此外,如何将CA证书捆绑到PFX文件中如何使用C#(Mono/Xamarin)中的Bouncy Castle导入签名SSL证书?,c#,ssl,mono,xamarin,bouncycastle,C#,Ssl,Mono,Xamarin,Bouncycastle,我使用Bouncy Castle生成私钥和PKCS10 CSR,然后将其发送到远程服务器进行签名。我得到一个标准的base64编码的签名SSL证书作为字符串响应。问题是,如何从字符串导入签名证书,然后将私钥和签名证书保存为PKCS12(.PFX)文件 此外,如何将CA证书捆绑到PFX文件中 // Generate the private/public keypair RsaKeyPairGenerator kpgen = new RsaKeyPairGenerator (); CryptoApi
// Generate the private/public keypair
RsaKeyPairGenerator kpgen = new RsaKeyPairGenerator ();
CryptoApiRandomGenerator randomGenerator = new CryptoApiRandomGenerator ();
kpgen.Init (new KeyGenerationParameters (new SecureRandom (randomGenerator), 2048));
AsymmetricCipherKeyPair keyPair = kpgen.GenerateKeyPair ();
// Generate the CSR
X509Name subjectName = new X509Name ("CN=domain.com/name=Name");
Pkcs10CertificationRequest kpGen = new Pkcs10CertificationRequest ("SHA256withRSA", subjectName, keyPair.Public, null, keyPair.Private);
string certCsr = Convert.ToBase64String (kpGen.GetDerEncoded ());
// ** certCsr is now sent to be signed **
// ** let's assume that we get "certSigned" in response, and also have the CA **
string certSigned = "[standard signed certificate goes here]";
string certCA = "[standard CA certificate goes here]";
// Now how do I import certSigned and certCA
// Finally how do I export everything as a PFX file?
Bouncy Castle是一个功能非常强大的库,但是由于缺乏文档,使用起来非常困难。在对所有的类和方法进行了太长时间的搜索之后,我终于找到了我想要的。以下代码将获取先前生成的私钥,将其与签名证书和CA捆绑在一起,然后将其另存为.PFX文件:
// Import the signed certificate
X509Certificate signedX509Cert = new X509CertificateParser ().ReadCertificate (Encoding.UTF8.GetBytes (certSigned));
X509CertificateEntry certEntry = new X509CertificateEntry (signedX509Cert);
// Import the CA certificate
X509Certificate signedX509CaCert = new X509CertificateParser ().ReadCertificate (Encoding.UTF8.GetBytes (certCA ));
X509CertificateEntry certCaEntry = new X509CertificateEntry (signedX509CaCert);
// Prepare the pkcs12 certificate store
Pkcs12Store store = new Pkcs12StoreBuilder ().Build ();
// Bundle together the private key, signed certificate and CA
store.SetKeyEntry (signedX509Cert.SubjectDN.ToString () + "_key", new AsymmetricKeyEntry (keyPair.Private), new X509CertificateEntry[] {
certEntry,
certCaEntry
});
// Finally save the bundle as a PFX file
using (var filestream = new FileStream (@"CertBundle.pfx", FileMode.Create, FileAccess.ReadWrite)) {
store.Save (filestream, "password".ToCharArray (), new SecureRandom ());
}
欢迎反馈和改进 但是你需要CA证书或任何中间证书来完成这项工作吗?