.Net 操作证书文件

一、.Net加签与验签。经过测试，发现使用同一套私钥和公钥，JAVA和.Net可以实现互通

 1.1 私钥加签 公钥验签

        public void Encode()
        {
            try
            {

                var path = AppDomain.CurrentDomain.BaseDirectory + "../../ADFS/donghuangtaiyi.pfx";

                X509Certificate2 cert = new X509Certificate2(path, "xxxxx", X509KeyStorageFlags.Exportable);
                var privateKey = cert.PrivateKey.ToXmlString(true);

                var bt = Encoding.UTF8.GetBytes(data);
                var rsaProvider = new RSACryptoServiceProvider();
                rsaProvider.FromXmlString(privateKey);
                byte[] inArray = rsaProvider.SignData(bt, CryptoConfig.MapNameToOID("SHA384"));
                var result = Convert.ToBase64String(inArray);
            }
            catch (Exception)
            {
                throw;
            }
        }

1.2验签

public void Decode()
        {
            try
            {


                var path = AppDomain.CurrentDomain.BaseDirectory + "../../ADFS/dongsheng.crt";
                var publicCert = new X509Certificate2(path);
                var publicKey = publicCert.PublicKey.Key.ToXmlString(false);

                var rsaProvider = new RSACryptoServiceProvider();
                rsaProvider.FromXmlString(publicKey);
                var signatureData = Encoding.UTF8.GetBytes(data);
                var result = rsaProvider.VerifyData(signatureData, CryptoConfig.MapNameToOID("SHA256"), Convert.FromBase64String(SignatureData));



            }
            catch (Exception ex)
            {

                throw;
            }
        }

 

二、实现私钥和公钥，.Net与Java转换。java和.Net秘钥格式不一样，.Net是xml格式，Java是字符串格式。

引用 BouncyCastle.dll类库

2.1 加签，这个加签结果和1.1的加签结果是一样的

public string EncodeJava()
        {
            try
            {
                var path = AppDomain.CurrentDomain.BaseDirectory + "../../ADFS/donghuangtaiyi.pfx";

                X509Certificate2 cert = new X509Certificate2(path, "7391428", X509KeyStorageFlags.Exportable);
                var privateKey = cert.PrivateKey.ToXmlString(true);
                var javaPrivateKey = DoNet2JavaForKey.RSAPrivateKeyDotNet2Java(privateKey);

                RsaKeyParameters privateKeyParam = (RsaKeyParameters)PrivateKeyFactory.CreateKey(Convert.FromBase64String(javaPrivateKey));
                ISigner signer = SignerUtilities.GetSigner("SHA384WithRSA");
                signer.Init(true, privateKeyParam); 
                var dataByte = Encoding.UTF8.GetBytes(data);
                signer.BlockUpdate(dataByte, 0, dataByte.Length);
                var result = Convert.ToBase64String(signer.GenerateSignature());
                return result;
            }
            catch (Exception ex)
            {

                return "";
            }
        }

 

2.1解签

    

  public void DecodeJava()
        {
            try
            {
               var data="12312ewrwe你好"；

                var path = AppDomain.CurrentDomain.BaseDirectory + "../../ADFS/dongsheng.crt";
                var publicCert = new X509Certificate2(path);
                var publicKey = publicCert.PublicKey.Key.ToXmlString(false);
                var publicKeyJava = DoNet2JavaForKey.RSAPublicKeyDotNet2Java(publicKey);

                string hashAlgorithm = "SHA256WithRSA";

                RsaKeyParameters publicKeyParam = (RsaKeyParameters)PublicKeyFactory.CreateKey(Convert.FromBase64String(publicKeyJava));

                ISigner signer = SignerUtilities.GetSigner(hashAlgorithm);
                //参数为false验签，参数为true加签  
                signer.Init(false, publicKeyParam);
                byte[] dataByte = Encoding.UTF8.GetBytes(data);
                signer.BlockUpdate(dataByte, 0, dataByte.Length);

                byte[] signatureByte = Convert.FromBase64String(SignatureData);
                var result = signer.VerifySignature(signatureByte);

            }
            catch (Exception ex)
            {

                throw;
            }
        }