如何使用C#获得X509Certificate2对象的签名
本文关键字:对象 X509Certificate2 何使用 获得 | 更新日期: 2023-09-27 18:21:56
我需要用C#从证书中获得签名和用于创建该签名的算法。
我能做到吗?如果是,如何?
我现在正在开发具有类似功能的应用程序。我真的很失望为什么微软没有在X509Certificate2类中添加属性签名
我知道如何通过bouncycastle 做到这一点
从那里拿走http://www.bouncycastle.org/csharp/
然后添加代码
using System;
using System.Security.Cryptography.X509Certificates;
using bcrypto = Org.BouncyCastle.X509;
var cert = new X509Certificate2("c:''temp''0c50000343119659.cer");
var certParser = new bcrypto.X509CertificateParser();
var privateCertBouncy = certParser.ReadCertificate(cert.GetRawCertData());
var xx = privateCertBouncy.GetSignature();
Array.Reverse(xx);
//Signature
Console.WriteLine(BitConverter.ToString(xx));
//algorithm
Console.WriteLine(privateCertBouncy.SigAlgName);
Console.ReadLine();
您将不得不求助于的Bouncy Castle
https://github.com/bcgit/bc-csharp/blob/master/crypto/src/x509/X509Certificate.cs#L240
它的X509Certificate类允许您访问此属性。
您可以使用AsnDecoder
以及RFC3280第4.1节中有关X509 v3结构的信息。将此功能的输出与openssl x509 -noout -text -in <pem file>
进行比较
/// <summary>
/// RFC3280 Section 4.1
/// Depth 1 of the X509 v3 cert is
/// Certificate ::= SEQUENCE {
/// tbsCertificate TBSCertificate,
/// signatureAlgorithm AlgorithmIdentifier,
/// signatureValue BIT STRING
/// }
///
/// https://www.rfc-editor.org/rfc/rfc3280#section-4.1
/// </summary>
public static byte[] Signature(this X509Certificate2 certificate)
{
var signedData = certificate.RawDataMemory;
AsnDecoder.ReadSequence(
signedData.Span,
AsnEncodingRules.BER,
out var offset,
out var length,
out _
);
var certificateSpan = signedData.Span[offset..(offset + length)];
AsnDecoder.ReadSequence(
certificateSpan,
AsnEncodingRules.BER,
out var tbsOffset,
out var tbsLength,
out _
);
var offsetSpan = certificateSpan[(tbsOffset + tbsLength)..];
AsnDecoder.ReadSequence(
offsetSpan,
AsnEncodingRules.BER,
out var algOffset,
out var algLength,
out _
);
return AsnDecoder.ReadBitString(
offsetSpan[(algOffset + algLength)..],
AsnEncodingRules.BER,
out _,
out _
);
}