将X509证书存储在数据库中
为了访问Web服务,我需要一个证书。
我生成了我的证书:
openssl genrsa 1024 > private.key openssl req -new -x509 -nodes -sha1 -days 1100 -key private.key > public.cer 然后将这两个合并为一个pfx证书
openssl pkcs12 -in public.cer -inkey private.key -export -out client.pfx
然后将我的pfx文件加载为X509Certificate2
X509Certificate2 clientCert = new X509Certificate2("cert.pfx", "password");
现在,我想在数据库中创建一个包含以下字段的表:
PrivateKey NVARCHAR PublicCer NVARCHAR Password NVARCHAR
然后从private.key文件中复制内容,以及—– BEGIN CERTIFICATE —–和—– END CERTIFICATE —–,对于public.cer也是如此,并设置密码。 现在,如何通过从DB读取此数据来获取X509Certificate2的正确实例? 换句话说,如何根据私钥和证书从代码生成pfx文件?
我会尝试更精确:
string connectionString; string query; string cert; connectionString = ConfigurationManager.ConnectionStrings[0].ConnectionString; query = "SELECT clientcert FROM settings_services WHERE ID = 1"; using (SqlConnection cn = new SqlConnection(connectionString)) { SqlCommand cmd = new SqlCommand(query, cn); cn.Open(); cert = (string)cmd.ExecuteScalar(); } X509Certificate2 serverCert = new X509Certificate2(Encoding.UTF8.GetBytes(cert));
此代码将正确加载证书字符串(x509证书,以—– BEGIN CERTIFICATE —–开头,结束—– END CERTIFICATE —–)。
现在我需要获取私钥:
我的私钥是RSA格式(—– BEGIN RSA PRIVATE KEY —-等…)
我需要加载它,并将其分配给serverCert,以便能够使用此证书在Web服务上进行身份validation。
有关如何做到这一点的任何建议?
所以这实际上很简单,虽然我没有找到它的简单描述。 我把证书字符串留在了我的要点(示例证书,没有安全数据)
https://gist.github.com/BillKeenan/5435753
[TestMethod] public void TestCertificate() { const string publicCert = @"MIIBrzCCARigAwIBAgIQEkeKoXKDFEuzql5XQnkY9zANBgkqhkiG9w0BAQUFADAYMRYwFAYDVQQDEw1DZXJ0QXV0aG9yaXR5MB4XDTEzMDQxOTIwMDAwOFoXDTM5MTIzMTIzNTk1OVowFjEUMBIGA1UEAxMLc2VydmVyMS5jb20wgZ0wDQYJKoZIhvcNAQEBBQADgYsAMIGHAoGBAIEmC1/io4RNMPCpYanPakMYZGboMCrN6kqoIuSI1n0ufzCbwRkpUjJplsvRH9ijIHMKw8UVs0i0Ihn9EnTCxHgM7icB69u9EaikVBtfSGl4qUy5c5TZfbN0P3MmBq4YXo/vXvCDDVklsMFem57COAaVvAhv+oGv5oiqEJMXt+j3AgERMA0GCSqGSIb3DQEBBQUAA4GBAICWZ9/2zkiC1uAend3s2w0pGQSz4RQeh9+WiT4n3HMwBGjDUxAx73fhaKADMZTHuHT6+6Q4agnTnoSaU+Fet1syVVxjLeDHOb0i7o/IDUWoEvYATi8gCtcV20KxsQVLEc5jkkajzUc0eyg050KZaLzV+EkCKBafNoVFHoMCbm3n"; const string privateCert = @"gSYLX+KjhE0w8Klhqc9qQxhkZugwKs3qSqgi5IjWfS5/MJvBGSlSMmmWy9Ef2KMgcwrDxRWzSLQiGf0SdMLEeAzuJwHr270RqKRUG19IaXipTLlzlNl9s3Q/cyYGrhhej+9e8IMNWSWwwV6bnsI4BpW8CG/6ga/miKoQkxe36Pc= EQ== mmRPs28vh0mOsnQOder5fsxKsuGhBkz+mApKTNQZkkn7Ak3CWKaFzCI3ZBZUpTJag841LL45uM2NvesFn/T25Q==
1iTLW2zHVIYi+A6Pb0UarMaBvOnH0CTP7xMEtLZD5MFYtqG+u45mtFj1w49ez7n5tq8WyOs90Jq1qhnKGJ0mqw==
JFPWhJKhxXq4Kf0wlDdJw3tc3sutauTwnD6oEhPJyBFoPMcAjVRbt4+UkAVBF8+c07gMgv+VHGyZ0lVqvDmjgQ== lykIBEzI8F6vRa/sxwOaW9dqo3fYVrCSxuA/jp7Gg1tNrhfR7c3uJPOATc6dR1YZriE9QofvZhLaljBSa7o5aQ== KrrKkN4IKqqhrcpZbYIWH4rWoCcnfTI5jxMfUDKUac+UFGNxHCUGLe1x+rwz4HcOA7bKVECyGe6C9xeiN3XKuQ== Fsp6elUr6iu9V6Vrlm/lk16oTmU1rTNllLRCZJCeUlN/22bHuSVo27hHyZ1f+Q26bqeL9Zpq7rZgXvBsqzFt9tBOESrkr+uEHIZwQ1HIDw2ajxwOnlrj+zjn6EKshrMOsEXXbgSAi6SvGifRC2f+TKawt9lZmGElV4QgMYlC56k=
你有一个带有byte []的构造函数。 因此,您可以将证书存储为字节数组并加载证书
public X509Certificate2( byte[] rawData )
链接: http : //msdn.microsoft.com/en-us/library/ms148413%28v=VS.100%29.aspx