X509Certificate2 Kelas
Definisi
Penting
Beberapa informasi terkait produk prarilis yang dapat diubah secara signifikan sebelum dirilis. Microsoft tidak memberikan jaminan, tersirat maupun tersurat, sehubungan dengan informasi yang diberikan di sini.
Mewakili sertifikat X.509.
public ref class X509Certificate2 : System::Security::Cryptography::X509Certificates::X509Certificatepublic class X509Certificate2 : System.Security.Cryptography.X509Certificates.X509Certificate[System.Serializable]
public class X509Certificate2 : System.Security.Cryptography.X509Certificates.X509Certificatetype X509Certificate2 = class
inherit X509Certificate[<System.Serializable>]
type X509Certificate2 = class
inherit X509CertificatePublic Class X509Certificate2
Inherits X509Certificate- Warisan
- Atribut
Contoh
Contoh berikut menunjukkan cara menggunakan X509Certificate2 objek untuk mengenkripsi dan mendekripsi file.
using System;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using System.IO;
using System.Text;
// To run this sample use the Certificate Creation Tool (Makecert.exe) to generate a test X.509 certificate and
// place it in the local user store.
// To generate an exchange key and make the key exportable run the following command from a Visual Studio command prompt:
//makecert -r -pe -n "CN=CERT_SIGN_TEST_CERT" -b 01/01/2010 -e 01/01/2012 -sky exchange -ss my
namespace X509CertEncrypt
{
class Program
{
// Path variables for source, encryption, and
// decryption folders. Must end with a backslash.
private static string encrFolder = @"C:\Encrypt\";
private static string decrFolder = @"C:\Decrypt\";
private static string originalFile = "TestData.txt";
private static string encryptedFile = "TestData.enc";
static void Main(string[] args)
{
// Create an input file with test data.
StreamWriter sw = File.CreateText(originalFile);
sw.WriteLine("Test data to be encrypted");
sw.Close();
// Get the certificate to use to encrypt the key.
X509Certificate2 cert = GetCertificateFromStore("CN=CERT_SIGN_TEST_CERT");
if (cert == null)
{
Console.WriteLine("Certificate 'CN=CERT_SIGN_TEST_CERT' not found.");
Console.ReadLine();
}
// Encrypt the file using the public key from the certificate.
EncryptFile(originalFile, (RSA)cert.PublicKey.Key);
// Decrypt the file using the private key from the certificate.
DecryptFile(encryptedFile, cert.GetRSAPrivateKey());
//Display the original data and the decrypted data.
Console.WriteLine("Original: {0}", File.ReadAllText(originalFile));
Console.WriteLine("Round Trip: {0}", File.ReadAllText(decrFolder + originalFile));
Console.WriteLine("Press the Enter key to exit.");
Console.ReadLine();
}
private static X509Certificate2 GetCertificateFromStore(string certName)
{
// Get the certificate store for the current user.
X509Store store = new X509Store(StoreLocation.CurrentUser);
try
{
store.Open(OpenFlags.ReadOnly);
// Place all certificates in an X509Certificate2Collection object.
X509Certificate2Collection certCollection = store.Certificates;
// If using a certificate with a trusted root you do not need to FindByTimeValid, instead:
// currentCerts.Find(X509FindType.FindBySubjectDistinguishedName, certName, true);
X509Certificate2Collection currentCerts = certCollection.Find(X509FindType.FindByTimeValid, DateTime.Now, false);
X509Certificate2Collection signingCert = currentCerts.Find(X509FindType.FindBySubjectDistinguishedName, certName, false);
if (signingCert.Count == 0)
return null;
// Return the first certificate in the collection, has the right name and is current.
return signingCert[0];
}
finally
{
store.Close();
}
}
// Encrypt a file using a public key.
private static void EncryptFile(string inFile, RSA rsaPublicKey)
{
using (Aes aes = Aes.Create())
{
// Create instance of Aes for
// symmetric encryption of the data.
aes.KeySize = 256;
aes.Mode = CipherMode.CBC;
using (ICryptoTransform transform = aes.CreateEncryptor())
{
RSAPKCS1KeyExchangeFormatter keyFormatter = new RSAPKCS1KeyExchangeFormatter(rsaPublicKey);
byte[] keyEncrypted = keyFormatter.CreateKeyExchange(aes.Key, aes.GetType());
// Create byte arrays to contain
// the length values of the key and IV.
byte[] LenK = new byte[4];
byte[] LenIV = new byte[4];
int lKey = keyEncrypted.Length;
LenK = BitConverter.GetBytes(lKey);
int lIV = aes.IV.Length;
LenIV = BitConverter.GetBytes(lIV);
// Write the following to the FileStream
// for the encrypted file (outFs):
// - length of the key
// - length of the IV
// - encrypted key
// - the IV
// - the encrypted cipher content
int startFileName = inFile.LastIndexOf("\\") + 1;
// Change the file's extension to ".enc"
string outFile = encrFolder + inFile.Substring(startFileName, inFile.LastIndexOf(".") - startFileName) + ".enc";
Directory.CreateDirectory(encrFolder);
using (FileStream outFs = new FileStream(outFile, FileMode.Create))
{
outFs.Write(LenK, 0, 4);
outFs.Write(LenIV, 0, 4);
outFs.Write(keyEncrypted, 0, lKey);
outFs.Write(aes.IV, 0, lIV);
// Now write the cipher text using
// a CryptoStream for encrypting.
using (CryptoStream outStreamEncrypted = new CryptoStream(outFs, transform, CryptoStreamMode.Write))
{
// By encrypting a chunk at
// a time, you can save memory
// and accommodate large files.
int count = 0;
// blockSizeBytes can be any arbitrary size.
int blockSizeBytes = aes.BlockSize / 8;
byte[] data = new byte[blockSizeBytes];
int bytesRead = 0;
using (FileStream inFs = new FileStream(inFile, FileMode.Open))
{
do
{
count = inFs.Read(data, 0, blockSizeBytes);
outStreamEncrypted.Write(data, 0, count);
bytesRead += count;
}
while (count > 0);
inFs.Close();
}
outStreamEncrypted.FlushFinalBlock();
outStreamEncrypted.Close();
}
outFs.Close();
}
}
}
}
// Decrypt a file using a private key.
private static void DecryptFile(string inFile, RSA rsaPrivateKey)
{
// Create instance of Aes for
// symmetric decryption of the data.
using (Aes aes = Aes.Create())
{
aes.KeySize = 256;
aes.Mode = CipherMode.CBC;
// Create byte arrays to get the length of
// the encrypted key and IV.
// These values were stored as 4 bytes each
// at the beginning of the encrypted package.
byte[] LenK = new byte[4];
byte[] LenIV = new byte[4];
// Construct the file name for the decrypted file.
string outFile = decrFolder + inFile.Substring(0, inFile.LastIndexOf(".")) + ".txt";
// Use FileStream objects to read the encrypted
// file (inFs) and save the decrypted file (outFs).
using (FileStream inFs = new FileStream(encrFolder + inFile, FileMode.Open))
{
inFs.Seek(0, SeekOrigin.Begin);
inFs.Seek(0, SeekOrigin.Begin);
inFs.Read(LenK, 0, 3);
inFs.Seek(4, SeekOrigin.Begin);
inFs.Read(LenIV, 0, 3);
// Convert the lengths to integer values.
int lenK = BitConverter.ToInt32(LenK, 0);
int lenIV = BitConverter.ToInt32(LenIV, 0);
// Determine the start position of
// the cipher text (startC)
// and its length(lenC).
int startC = lenK + lenIV + 8;
int lenC = (int)inFs.Length - startC;
// Create the byte arrays for
// the encrypted Aes key,
// the IV, and the cipher text.
byte[] KeyEncrypted = new byte[lenK];
byte[] IV = new byte[lenIV];
// Extract the key and IV
// starting from index 8
// after the length values.
inFs.Seek(8, SeekOrigin.Begin);
inFs.Read(KeyEncrypted, 0, lenK);
inFs.Seek(8 + lenK, SeekOrigin.Begin);
inFs.Read(IV, 0, lenIV);
Directory.CreateDirectory(decrFolder);
// Use RSA
// to decrypt the Aes key.
byte[] KeyDecrypted = rsaPrivateKey.Decrypt(KeyEncrypted, RSAEncryptionPadding.Pkcs1);
// Decrypt the key.
using (ICryptoTransform transform = aes.CreateDecryptor(KeyDecrypted, IV))
{
// Decrypt the cipher text from
// from the FileSteam of the encrypted
// file (inFs) into the FileStream
// for the decrypted file (outFs).
using (FileStream outFs = new FileStream(outFile, FileMode.Create))
{
int count = 0;
int blockSizeBytes = aes.BlockSize / 8;
byte[] data = new byte[blockSizeBytes];
// By decrypting a chunk a time,
// you can save memory and
// accommodate large files.
// Start at the beginning
// of the cipher text.
inFs.Seek(startC, SeekOrigin.Begin);
using (CryptoStream outStreamDecrypted = new CryptoStream(outFs, transform, CryptoStreamMode.Write))
{
do
{
count = inFs.Read(data, 0, blockSizeBytes);
outStreamDecrypted.Write(data, 0, count);
}
while (count > 0);
outStreamDecrypted.FlushFinalBlock();
outStreamDecrypted.Close();
}
outFs.Close();
}
inFs.Close();
}
}
}
}
}
}
Imports System.Security.Cryptography
Imports System.Security.Cryptography.X509Certificates
Imports System.IO
Imports System.Text
' To run this sample use the Certificate Creation Tool (Makecert.exe) to generate a test X.509 certificate and
' place it in the local user store.
' To generate an exchange key and make the key exportable run the following command from a Visual Studio command prompt:
'makecert -r -pe -n "CN=CERT_SIGN_TEST_CERT" -b 01/01/2010 -e 01/01/2012 -sky exchange -ss my
Class Program
' Path variables for source, encryption, and
' decryption folders. Must end with a backslash.
Private Shared encrFolder As String = "C:\Encrypt\"
Private Shared decrFolder As String = "C:\Decrypt\"
Private Shared originalFile As String = "TestData.txt"
Private Shared encryptedFile As String = "TestData.enc"
Shared Sub Main(ByVal args() As String)
' Create an input file with test data.
Dim sw As StreamWriter = File.CreateText(originalFile)
sw.WriteLine("Test data to be encrypted")
sw.Close()
' Get the certificate to use to encrypt the key.
Dim cert As X509Certificate2 = GetCertificateFromStore("CN=CERT_SIGN_TEST_CERT")
If cert Is Nothing Then
Console.WriteLine("Certificate 'CN=CERT_SIGN_TEST_CERT' not found.")
Console.ReadLine()
End If
' Encrypt the file using the public key from the certificate.
EncryptFile(originalFile, CType(cert.PublicKey.Key, RSA))
' Decrypt the file using the private key from the certificate.
DecryptFile(encryptedFile, cert.GetRSAPrivateKey())
'Display the original data and the decrypted data.
Console.WriteLine("Original: {0}", File.ReadAllText(originalFile))
Console.WriteLine("Round Trip: {0}", File.ReadAllText(decrFolder + originalFile))
Console.WriteLine("Press the Enter key to exit.")
Console.ReadLine()
End Sub
Private Shared Function GetCertificateFromStore(ByVal certName As String) As X509Certificate2
' Get the certificate store for the current user.
Dim store As New X509Store(StoreLocation.CurrentUser)
Try
store.Open(OpenFlags.ReadOnly)
' Place all certificates in an X509Certificate2Collection object.
Dim certCollection As X509Certificate2Collection = store.Certificates
' If using a certificate with a trusted root you do not need to FindByTimeValid, instead use:
' currentCerts.Find(X509FindType.FindBySubjectDistinguishedName, certName, true);
Dim currentCerts As X509Certificate2Collection = certCollection.Find(X509FindType.FindByTimeValid, DateTime.Now, False)
Dim signingCert As X509Certificate2Collection = currentCerts.Find(X509FindType.FindBySubjectDistinguishedName, certName, False)
If signingCert.Count = 0 Then
Return Nothing
End If ' Return the first certificate in the collection, has the right name and is current.
Return signingCert(0)
Finally
store.Close()
End Try
End Function 'GetCertificateFromStore
' Encrypt a file using a public key.
Private Shared Sub EncryptFile(ByVal inFile As String, ByVal rsaPublicKey As RSA)
Dim aes As Aes = Aes.Create()
Try
' Create instance of Aes for
' symmetric encryption of the data.
aes.KeySize = 256
aes.Mode = CipherMode.CBC
Dim transform As ICryptoTransform = aes.CreateEncryptor()
Try
Dim keyFormatter As New RSAPKCS1KeyExchangeFormatter(rsaPublicKey)
Dim keyEncrypted As Byte() = keyFormatter.CreateKeyExchange(aes.Key, aes.GetType())
' Create byte arrays to contain
' the length values of the key and IV.
Dim LenK(3) As Byte
Dim LenIV(3) As Byte
Dim lKey As Integer = keyEncrypted.Length
LenK = BitConverter.GetBytes(lKey)
Dim lIV As Integer = aes.IV.Length
LenIV = BitConverter.GetBytes(lIV)
' Write the following to the FileStream
' for the encrypted file (outFs):
' - length of the key
' - length of the IV
' - encrypted key
' - the IV
' - the encrypted cipher content
Dim startFileName As Integer = inFile.LastIndexOf("\") + 1
' Change the file's extension to ".enc"
Dim outFile As String = encrFolder + inFile.Substring(startFileName, inFile.LastIndexOf(".") - startFileName) + ".enc"
Directory.CreateDirectory(encrFolder)
Dim outFs As New FileStream(outFile, FileMode.Create)
Try
outFs.Write(LenK, 0, 4)
outFs.Write(LenIV, 0, 4)
outFs.Write(keyEncrypted, 0, lKey)
outFs.Write(aes.IV, 0, lIV)
' Now write the cipher text using
' a CryptoStream for encrypting.
Dim outStreamEncrypted As New CryptoStream(outFs, transform, CryptoStreamMode.Write)
Try
' By encrypting a chunk at
' a time, you can save memory
' and accommodate large files.
Dim count As Integer = 0
' blockSizeBytes can be any arbitrary size.
Dim blockSizeBytes As Integer = aes.BlockSize / 8
Dim data(blockSizeBytes) As Byte
Dim bytesRead As Integer = 0
Dim inFs As New FileStream(inFile, FileMode.Open)
Try
Do
count = inFs.Read(data, 0, blockSizeBytes)
outStreamEncrypted.Write(data, 0, count)
bytesRead += count
Loop While count > 0
inFs.Close()
Finally
inFs.Dispose()
End Try
outStreamEncrypted.FlushFinalBlock()
outStreamEncrypted.Close()
Finally
outStreamEncrypted.Dispose()
End Try
outFs.Close()
Finally
outFs.Dispose()
End Try
Finally
transform.Dispose()
End Try
Finally
aes.Dispose()
End Try
End Sub
' Decrypt a file using a private key.
Private Shared Sub DecryptFile(ByVal inFile As String, ByVal rsaPrivateKey As RSA)
' Create instance of Aes for
' symmetric decryption of the data.
Dim aes As Aes = Aes.Create()
Try
aes.KeySize = 256
aes.Mode = CipherMode.CBC
' Create byte arrays to get the length of
' the encrypted key and IV.
' These values were stored as 4 bytes each
' at the beginning of the encrypted package.
Dim LenK() As Byte = New Byte(4 - 1) {}
Dim LenIV() As Byte = New Byte(4 - 1) {}
' Consruct the file name for the decrypted file.
Dim outFile As String = decrFolder + inFile.Substring(0, inFile.LastIndexOf(".")) + ".txt"
' Use FileStream objects to read the encrypted
' file (inFs) and save the decrypted file (outFs).
Dim inFs As New FileStream(encrFolder + inFile, FileMode.Open)
Try
inFs.Seek(0, SeekOrigin.Begin)
inFs.Seek(0, SeekOrigin.Begin)
inFs.Read(LenK, 0, 3)
inFs.Seek(4, SeekOrigin.Begin)
inFs.Read(LenIV, 0, 3)
' Convert the lengths to integer values.
Dim lengthK As Integer = BitConverter.ToInt32(LenK, 0)
Dim lengthIV As Integer = BitConverter.ToInt32(LenIV, 0)
' Determine the start postition of
' the cipher text (startC)
' and its length(lenC).
Dim startC As Integer = lengthK + lengthIV + 8
Dim lenC As Integer = (CType(inFs.Length, Integer) - startC)
' Create the byte arrays for
' the encrypted AES key,
' the IV, and the cipher text.
Dim KeyEncrypted() As Byte = New Byte(lengthK - 1) {}
Dim IV() As Byte = New Byte(lengthIV - 1) {}
' Extract the key and IV
' starting from index 8
' after the length values.
inFs.Seek(8, SeekOrigin.Begin)
inFs.Read(KeyEncrypted, 0, lengthK)
inFs.Seek(8 + lengthK, SeekOrigin.Begin)
inFs.Read(IV, 0, lengthIV)
Directory.CreateDirectory(decrFolder)
' Use RSA
' to decrypt the AES key.
Dim KeyDecrypted As Byte() = rsaPrivateKey.Decrypt(KeyEncrypted, RSAEncryptionPadding.Pkcs1)
' Decrypt the key.
Dim transform As ICryptoTransform = aes.CreateDecryptor(KeyDecrypted, IV)
' Decrypt the cipher text from
' from the FileSteam of the encrypted
' file (inFs) into the FileStream
' for the decrypted file (outFs).
Dim outFs As New FileStream(outFile, FileMode.Create)
Try
' Decrypt the cipher text from
' from the FileSteam of the encrypted
' file (inFs) into the FileStream
' for the decrypted file (outFs).
Dim count As Integer = 0
Dim blockSizeBytes As Integer = aes.BlockSize / 8
Dim data(blockSizeBytes) As Byte
' By decrypting a chunk a time,
' you can save memory and
' accommodate large files.
' Start at the beginning
' of the cipher text.
inFs.Seek(startC, SeekOrigin.Begin)
Dim outStreamDecrypted As New CryptoStream(outFs, transform, CryptoStreamMode.Write)
Try
Do
count = inFs.Read(data, 0, blockSizeBytes)
outStreamDecrypted.Write(data, 0, count)
Loop While count > 0
outStreamDecrypted.FlushFinalBlock()
outStreamDecrypted.Close()
Finally
outStreamDecrypted.Dispose()
End Try
outFs.Close()
Finally
outFs.Dispose()
End Try
inFs.Close()
Finally
inFs.Dispose()
End Try
Finally
aes.Dispose()
End Try
End Sub
End Class
Contoh berikut membuat executable baris perintah yang mengambil file sertifikat sebagai argumen dan mencetak berbagai properti sertifikat ke konsol.
#using <System.dll>
using namespace System;
using namespace System::Security::Cryptography;
using namespace System::Security::Permissions;
using namespace System::IO;
using namespace System::Security::Cryptography::X509Certificates;
//Reads a file.
array<Byte>^ ReadFile( String^ fileName )
{
FileStream^ f = gcnew FileStream( fileName,FileMode::Open,FileAccess::Read );
int size = (int)f->Length;
array<Byte>^data = gcnew array<Byte>(size);
size = f->Read( data, 0, size );
f->Close();
return data;
}
[SecurityPermissionAttribute(SecurityAction::LinkDemand, Unrestricted = true)]
int main()
{
array<String^>^args = Environment::GetCommandLineArgs();
//Test for correct number of arguments.
if ( args->Length < 2 )
{
Console::WriteLine( "Usage: CertInfo <filename>" );
return -1;
}
try
{
System::Security::Cryptography::X509Certificates::X509Certificate2 ^ x509 =
gcnew System::Security::Cryptography::X509Certificates::X509Certificate2;
//Create X509Certificate2 object from .cer file.
array<Byte>^rawData = ReadFile( args[ 1 ] );
x509->Import(rawData);
//Print to console information contained in the certificate.
Console::WriteLine( "{0}Subject: {1}{0}", Environment::NewLine, x509->Subject );
Console::WriteLine( "{0}Issuer: {1}{0}", Environment::NewLine, x509->Issuer );
Console::WriteLine( "{0}Version: {1}{0}", Environment::NewLine, x509->Version );
Console::WriteLine( "{0}Valid Date: {1}{0}", Environment::NewLine, x509->NotBefore );
Console::WriteLine( "{0}Expiry Date: {1}{0}", Environment::NewLine, x509->NotAfter );
Console::WriteLine( "{0}Thumbprint: {1}{0}", Environment::NewLine, x509->Thumbprint );
Console::WriteLine( "{0}Serial Number: {1}{0}", Environment::NewLine, x509->SerialNumber );
Console::WriteLine( "{0}Friendly Name: {1}{0}", Environment::NewLine, x509->PublicKey->Oid->FriendlyName );
Console::WriteLine( "{0}Public Key Format: {1}{0}", Environment::NewLine, x509->PublicKey->EncodedKeyValue->Format(true) );
Console::WriteLine( "{0}Raw Data Length: {1}{0}", Environment::NewLine, x509->RawData->Length );
Console::WriteLine( "{0}Certificate to string: {1}{0}", Environment::NewLine, x509->ToString( true ) );
Console::WriteLine( "{0}Certificate to XML String: {1}{0}", Environment::NewLine, x509->PublicKey->Key->ToXmlString( false ) );
//Add the certificate to a X509Store.
X509Store ^ store = gcnew X509Store;
store->Open( OpenFlags::MaxAllowed );
store->Add( x509 );
store->Close();
}
catch ( DirectoryNotFoundException^ )
{
Console::WriteLine( "Error: The directory specified could not be found." );
}
catch ( IOException^ )
{
Console::WriteLine( "Error: A file in the directory could not be accessed." );
}
catch ( NullReferenceException^ )
{
Console::WriteLine( "File must be a .cer file. Program does not have access to that type of file." );
}
}
using System;
using System.Security.Cryptography;
using System.Security.Permissions;
using System.IO;
using System.Security.Cryptography.X509Certificates;
class CertInfo
{
//Reads a file.
internal static byte[] ReadFile (string fileName)
{
FileStream f = new FileStream(fileName, FileMode.Open, FileAccess.Read);
int size = (int)f.Length;
byte[] data = new byte[size];
size = f.Read(data, 0, size);
f.Close();
return data;
}
//Main method begins here.
static void Main(string[] args)
{
//Test for correct number of arguments.
if (args.Length < 1)
{
Console.WriteLine("Usage: CertInfo <filename>");
return;
}
try
{
X509Certificate2 x509 = new X509Certificate2();
//Create X509Certificate2 object from .cer file.
byte[] rawData = ReadFile(args[0]);
x509.Import(rawData);
//Print to console information contained in the certificate.
Console.WriteLine("{0}Subject: {1}{0}", Environment.NewLine, x509.Subject);
Console.WriteLine("{0}Issuer: {1}{0}", Environment.NewLine, x509.Issuer);
Console.WriteLine("{0}Version: {1}{0}", Environment.NewLine, x509.Version);
Console.WriteLine("{0}Valid Date: {1}{0}", Environment.NewLine, x509.NotBefore);
Console.WriteLine("{0}Expiry Date: {1}{0}", Environment.NewLine, x509.NotAfter);
Console.WriteLine("{0}Thumbprint: {1}{0}", Environment.NewLine, x509.Thumbprint);
Console.WriteLine("{0}Serial Number: {1}{0}", Environment.NewLine, x509.SerialNumber);
Console.WriteLine("{0}Friendly Name: {1}{0}", Environment.NewLine, x509.PublicKey.Oid.FriendlyName);
Console.WriteLine("{0}Public Key Format: {1}{0}", Environment.NewLine, x509.PublicKey.EncodedKeyValue.Format(true));
Console.WriteLine("{0}Raw Data Length: {1}{0}", Environment.NewLine, x509.RawData.Length);
Console.WriteLine("{0}Certificate to string: {1}{0}", Environment.NewLine, x509.ToString(true));
Console.WriteLine("{0}Certificate to XML String: {1}{0}", Environment.NewLine, x509.PublicKey.Key.ToXmlString(false));
//Add the certificate to a X509Store.
X509Store store = new X509Store();
store.Open(OpenFlags.MaxAllowed);
store.Add(x509);
store.Close();
}
catch (DirectoryNotFoundException)
{
Console.WriteLine("Error: The directory specified could not be found.");
}
catch (IOException)
{
Console.WriteLine("Error: A file in the directory could not be accessed.");
}
catch (NullReferenceException)
{
Console.WriteLine("File must be a .cer file. Program does not have access to that type of file.");
}
}
}
Imports System.Security.Cryptography
Imports System.Security.Permissions
Imports System.IO
Imports System.Security.Cryptography.X509Certificates
Class CertInfo
'Reads a file.
Friend Shared Function ReadFile(ByVal fileName As String) As Byte()
Dim f As New FileStream(fileName, FileMode.Open, FileAccess.Read)
Dim size As Integer = Fix(f.Length)
Dim data(size - 1) As Byte
size = f.Read(data, 0, size)
f.Close()
Return data
End Function
<SecurityPermission(SecurityAction.LinkDemand, Unrestricted:=True)> _
Shared Sub Main(ByVal args() As String)
'Test for correct number of arguments.
If args.Length < 1 Then
Console.WriteLine("Usage: CertInfo <filename>")
Return
End If
Try
Dim x509 As New X509Certificate2()
'Create X509Certificate2 object from .cer file.
Dim rawData As Byte() = ReadFile(args(0))
x509.Import(rawData)
'Print to console information contained in the certificate.
Console.WriteLine("{0}Subject: {1}{0}", Environment.NewLine, x509.Subject)
Console.WriteLine("{0}Issuer: {1}{0}", Environment.NewLine, x509.Issuer)
Console.WriteLine("{0}Version: {1}{0}", Environment.NewLine, x509.Version)
Console.WriteLine("{0}Valid Date: {1}{0}", Environment.NewLine, x509.NotBefore)
Console.WriteLine("{0}Expiry Date: {1}{0}", Environment.NewLine, x509.NotAfter)
Console.WriteLine("{0}Thumbprint: {1}{0}", Environment.NewLine, x509.Thumbprint)
Console.WriteLine("{0}Serial Number: {1}{0}", Environment.NewLine, x509.SerialNumber)
Console.WriteLine("{0}Friendly Name: {1}{0}", Environment.NewLine, x509.PublicKey.Oid.FriendlyName)
Console.WriteLine("{0}Public Key Format: {1}{0}", Environment.NewLine, x509.PublicKey.EncodedKeyValue.Format(True))
Console.WriteLine("{0}Raw Data Length: {1}{0}", Environment.NewLine, x509.RawData.Length)
Console.WriteLine("{0}Certificate to string: {1}{0}", Environment.NewLine, x509.ToString(True))
Console.WriteLine("{0}Certificate to XML String: {1}{0}", Environment.NewLine, x509.PublicKey.Key.ToXmlString(False))
'Add the certificate to a X509Store.
Dim store As New X509Store()
store.Open(OpenFlags.MaxAllowed)
store.Add(x509)
store.Close()
Catch dnfExcept As DirectoryNotFoundException
Console.WriteLine("Error: The directory specified could not be found.")
Catch ioExpcept As IOException
Console.WriteLine("Error: A file in the directory could not be accessed.")
Catch nrExcept As NullReferenceException
Console.WriteLine("File must be a .cer file. Program does not have access to that type of file.")
End Try
End Sub
End Class
Keterangan
Struktur X.509 berasal dari grup kerja Organisasi Internasional untuk Standardisasi (ISO). Struktur ini dapat digunakan untuk mewakili berbagai jenis informasi termasuk identitas, hak, dan atribut pemegang (izin, usia, jenis kelamin, lokasi, afiliasi, dan sebagainya). Meskipun spesifikasi ISO paling informatif pada struktur itu X509Certificate2 sendiri, kelas ini dirancang untuk memodelkan skenario penggunaan yang ditentukan dalam spesifikasi yang dikeluarkan oleh Infrastruktur Kunci Umum Internet Engineering Task Force (IETF), X.509 (PKIX). Yang paling informatif dari spesifikasi ini adalah RFC 3280, "Sertifikat dan Profil Daftar Pencabutan Sertifikat (CRL). "
Penting
Dimulai dengan .NET Framework 4.6, jenis ini mengimplementasikan IDisposable antarmuka. Ketika Anda telah selesai menggunakan jenis , Anda harus membuangnya baik secara langsung atau tidak langsung. Untuk membuang jenis secara langsung, panggil metodenya Dispose dalam try/catch blok. Untuk membuangnya secara tidak langsung, gunakan konstruksi bahasa seperti using (dalam C#) atau Using (di Visual Basic). Untuk informasi selengkapnya, lihat bagian "Menggunakan Objek yang Mengimplementasikan IDisposable" dalam IDisposable topik antarmuka.
Untuk aplikasi yang menargetkan .NET Framework 4.5.2 dan versi yang lebih lama, X509Certificate2 kelas tidak mengimplementasikan IDisposable antarmuka dan karenanya tidak memiliki Dispose metode .
Konstruktor
| X509Certificate2() |
Kedaluwarsa.
Menginisialisasi instans baru kelas X509Certificate2. |
| X509Certificate2(Byte[]) |
Menginisialisasi instans X509Certificate2 baru kelas menggunakan informasi dari array byte. |
| X509Certificate2(Byte[], SecureString) |
Menginisialisasi instans X509Certificate2 baru kelas menggunakan array byte dan kata sandi. |
| X509Certificate2(Byte[], SecureString, X509KeyStorageFlags) |
Menginisialisasi instans X509Certificate2 baru kelas menggunakan array byte, kata sandi, dan bendera penyimpanan kunci. |
| X509Certificate2(Byte[], String) |
Menginisialisasi instans X509Certificate2 baru kelas menggunakan array byte dan kata sandi. |
| X509Certificate2(Byte[], String, X509KeyStorageFlags) |
Menginisialisasi instans X509Certificate2 baru kelas menggunakan array byte, kata sandi, dan bendera penyimpanan kunci. |
| X509Certificate2(IntPtr) |
Menginisialisasi instans X509Certificate2 baru kelas menggunakan handel yang tidak dikelola. |
| X509Certificate2(ReadOnlySpan<Byte>) |
Menginisialisasi instans X509Certificate2 baru kelas dari data sertifikat. |
| X509Certificate2(ReadOnlySpan<Byte>, ReadOnlySpan<Char>, X509KeyStorageFlags) |
Menginisialisasi instans X509Certificate2 baru kelas dari data sertifikat, kata sandi, dan bendera penyimpanan kunci. |
| X509Certificate2(SerializationInfo, StreamingContext) |
Kedaluwarsa.
Menginisialisasi instans X509Certificate2 baru kelas menggunakan serialisasi yang ditentukan dan mengalirkan informasi konteks. |
| X509Certificate2(String) |
Menginisialisasi instans X509Certificate2 baru kelas menggunakan nama file sertifikat. |
| X509Certificate2(String, ReadOnlySpan<Char>, X509KeyStorageFlags) |
Menginisialisasi instans X509Certificate2 baru kelas menggunakan nama file sertifikat, kata sandi, dan bendera penyimpanan kunci. |
| X509Certificate2(String, SecureString) |
Menginisialisasi instans X509Certificate2 baru kelas menggunakan nama file sertifikat dan kata sandi. |
| X509Certificate2(String, SecureString, X509KeyStorageFlags) |
Menginisialisasi instans X509Certificate2 baru kelas menggunakan nama file sertifikat, kata sandi, dan bendera penyimpanan kunci. |
| X509Certificate2(String, String) |
Menginisialisasi instans X509Certificate2 baru kelas menggunakan nama file sertifikat dan kata sandi yang digunakan untuk mengakses sertifikat. |
| X509Certificate2(String, String, X509KeyStorageFlags) |
Menginisialisasi instans X509Certificate2 baru kelas menggunakan nama file sertifikat, kata sandi yang digunakan untuk mengakses sertifikat, dan bendera penyimpanan kunci. |
| X509Certificate2(X509Certificate) |
Menginisialisasi instans X509Certificate2 baru kelas menggunakan X509Certificate objek . |
Properti
| Archived |
Mendapatkan atau menetapkan nilai yang menunjukkan bahwa sertifikat X.509 diarsipkan. |
| Extensions |
Mendapatkan koleksi X509Extension objek. |
| FriendlyName |
Mendapatkan atau mengatur alias terkait untuk sertifikat. |
| Handle |
Mendapatkan handel ke konteks sertifikat MICROSOFT Cryptographic API yang dijelaskan oleh struktur yang tidak dikelola |
| HasPrivateKey |
Mendapatkan nilai yang menunjukkan apakah X509Certificate2 objek berisi kunci privat. |
| Issuer |
Mendapatkan nama otoritas sertifikat yang menerbitkan sertifikat X.509v3. (Diperoleh dari X509Certificate) |
| IssuerName |
Mendapatkan nama yang dibedakan dari penerbit sertifikat. |
| NotAfter |
Mendapatkan tanggal dalam waktu lokal setelah sertifikat tidak lagi valid. |
| NotBefore |
Mendapatkan tanggal di waktu lokal di mana sertifikat menjadi valid. |
| PrivateKey |
Kedaluwarsa.
Mendapatkan atau mengatur AsymmetricAlgorithm objek yang mewakili kunci privat yang terkait dengan sertifikat. |
| PublicKey |
Mendapatkan objek yang PublicKey terkait dengan sertifikat. |
| RawData |
Mendapatkan data mentah sertifikat. |
| RawDataMemory |
Mendapatkan data mentah sertifikat. |
| SerialNumber |
Mendapatkan nomor seri sertifikat sebagai string heksadesimal big-endian. |
| SerialNumberBytes |
Mendapatkan representasi big-endian dari nomor seri sertifikat. (Diperoleh dari X509Certificate) |
| SignatureAlgorithm |
Mendapatkan algoritma yang digunakan untuk membuat tanda tangan sertifikat. |
| Subject |
Mendapatkan nama yang dibedakan subjek dari sertifikat. (Diperoleh dari X509Certificate) |
| SubjectName |
Mendapat nama yang dibedakan subjek dari sertifikat. |
| Thumbprint |
Mendapatkan thumbprint sertifikat. |
| Version |
Mendapatkan versi format X.509 dari sertifikat. |
Metode
| CopyWithPrivateKey(ECDiffieHellman) |
Menggabungkan kunci privat dengan kunci ECDiffieHellman umum sertifikat untuk menghasilkan sertifikat ECDiffieHellman baru. |
| CreateFromEncryptedPem(ReadOnlySpan<Char>, ReadOnlySpan<Char>, ReadOnlySpan<Char>) |
Membuat sertifikat X509 baru dari konten sertifikat yang dikodekan RFC 7468 PEM dan kunci privat yang dilindungi kata sandi. |
| CreateFromEncryptedPemFile(String, ReadOnlySpan<Char>, String) |
Membuat sertifikat X509 baru dari konten file sertifikat yang dikodekan RFC 7468 PEM dan kunci privat yang dilindungi kata sandi. |
| CreateFromPem(ReadOnlySpan<Char>) |
Membuat sertifikat X509 baru dari konten sertifikat yang dikodekan RFC 7468 PEM. |
| CreateFromPem(ReadOnlySpan<Char>, ReadOnlySpan<Char>) |
Membuat sertifikat X509 baru dari konten sertifikat yang dikodekan RFC 7468 PEM dan kunci privat. |
| CreateFromPemFile(String, String) |
Membuat sertifikat X509 baru dari konten file sertifikat yang dikodekan RFC 7468 PEM dan kunci privat. |
| Dispose() |
Melepaskan semua sumber daya yang digunakan oleh objek saat ini X509Certificate . (Diperoleh dari X509Certificate) |
| Dispose(Boolean) |
Merilis semua sumber daya tidak terkelola yang digunakan oleh ini X509Certificate dan secara opsional merilis sumber daya terkelola. (Diperoleh dari X509Certificate) |
| Equals(Object) |
Membandingkan dua X509Certificate objek untuk kesetaraan. (Diperoleh dari X509Certificate) |
| Equals(X509Certificate) |
Membandingkan dua X509Certificate objek untuk kesetaraan. (Diperoleh dari X509Certificate) |
| Export(X509ContentType) |
Mengekspor objek saat ini X509Certificate ke array byte dalam format yang dijelaskan oleh salah X509ContentType satu nilai. (Diperoleh dari X509Certificate) |
| Export(X509ContentType, SecureString) |
Mengekspor objek saat ini X509Certificate ke array byte menggunakan format dan kata sandi yang ditentukan. (Diperoleh dari X509Certificate) |
| Export(X509ContentType, String) |
Mengekspor objek saat ini X509Certificate ke array byte dalam format yang dijelaskan oleh salah X509ContentType satu nilai, dan menggunakan kata sandi yang ditentukan. (Diperoleh dari X509Certificate) |
| ExportCertificatePem() |
Mengekspor sertifikat X.509 publik, dikodekan sebagai PEM. |
| GetCertContentType(Byte[]) |
Menunjukkan jenis sertifikat yang terkandung dalam array byte. |
| GetCertContentType(ReadOnlySpan<Byte>) |
Menunjukkan jenis sertifikat yang terkandung dalam data yang disediakan. |
| GetCertContentType(String) |
Menunjukkan jenis sertifikat yang terkandung dalam file. |
| GetCertHash() |
Mengembalikan nilai hash untuk sertifikat X.509v3 sebagai array byte. (Diperoleh dari X509Certificate) |
| GetCertHash(HashAlgorithmName) |
Mengembalikan nilai hash untuk sertifikat X.509v3 yang dihitung dengan menggunakan algoritma hash kriptografi yang ditentukan. (Diperoleh dari X509Certificate) |
| GetCertHashString() |
Mengembalikan nilai hash SHA1 untuk sertifikat X.509v3 sebagai string heksadesimal. (Diperoleh dari X509Certificate) |
| GetCertHashString(HashAlgorithmName) |
Mengembalikan string heksadesimal yang berisi nilai hash untuk sertifikat X.509v3 yang dihitung menggunakan algoritma hash kriptografi yang ditentukan. (Diperoleh dari X509Certificate) |
| GetECDiffieHellmanPrivateKey() |
ECDiffieHellman Mendapatkan kunci privat dari sertifikat ini. |
| GetECDiffieHellmanPublicKey() |
ECDiffieHellman Mendapatkan kunci umum dari sertifikat ini. |
| GetEffectiveDateString() |
Mengembalikan tanggal efektif sertifikat X.509v3 ini. (Diperoleh dari X509Certificate) |
| GetExpirationDateString() |
Mengembalikan tanggal kedaluwarsa sertifikat X.509v3 ini. (Diperoleh dari X509Certificate) |
| GetFormat() |
Menampilkan nama format sertifikat X.509v3 ini. (Diperoleh dari X509Certificate) |
| GetHashCode() |
Mengembalikan kode hash untuk sertifikat X.509v3 sebagai bilangan bulat. (Diperoleh dari X509Certificate) |
| GetIssuerName() |
Kedaluwarsa.
Kedaluwarsa.
Kedaluwarsa.
Mengembalikan nama otoritas sertifikasi yang menerbitkan sertifikat X.509v3. (Diperoleh dari X509Certificate) |
| GetKeyAlgorithm() |
Mengembalikan informasi algoritme kunci untuk sertifikat X.509v3 ini sebagai string. (Diperoleh dari X509Certificate) |
| GetKeyAlgorithmParameters() |
Mengembalikan parameter algoritma kunci untuk sertifikat X.509v3 sebagai array byte. (Diperoleh dari X509Certificate) |
| GetKeyAlgorithmParametersString() |
Mengembalikan parameter algoritme kunci untuk sertifikat X.509v3 sebagai string heksadesimal. (Diperoleh dari X509Certificate) |
| GetName() |
Kedaluwarsa.
Kedaluwarsa.
Kedaluwarsa.
Mengembalikan nama utama yang sertifikatnya dikeluarkan. (Diperoleh dari X509Certificate) |
| GetNameInfo(X509NameType, Boolean) |
Mendapatkan nama subjek dan penerbit dari sertifikat. |
| GetPublicKey() |
Mengembalikan kunci umum untuk sertifikat X.509v3 sebagai array byte. (Diperoleh dari X509Certificate) |
| GetPublicKeyString() |
Mengembalikan kunci publik untuk sertifikat X.509v3 sebagai string heksadesimal. (Diperoleh dari X509Certificate) |
| GetRawCertData() |
Mengembalikan data mentah untuk seluruh sertifikat X.509v3 sebagai array byte. (Diperoleh dari X509Certificate) |
| GetRawCertDataString() |
Mengembalikan data mentah untuk seluruh sertifikat X.509v3 sebagai string heksadesimal. (Diperoleh dari X509Certificate) |
| GetSerialNumber() |
Mengembalikan nomor seri sertifikat X.509v3 sebagai array byte dalam urutan little-endian. (Diperoleh dari X509Certificate) |
| GetSerialNumberString() |
Mengembalikan nomor seri sertifikat X.509v3 sebagai string heksadesimal little-endian . (Diperoleh dari X509Certificate) |
| GetType() |
Mendapatkan dari instans Type saat ini. (Diperoleh dari Object) |
| Import(Byte[]) |
Kedaluwarsa.
Mengisi X509Certificate2 objek dengan data dari array byte. |
| Import(Byte[]) |
Kedaluwarsa.
Mengisi X509Certificate objek dengan data dari array byte. (Diperoleh dari X509Certificate) |
| Import(Byte[], SecureString, X509KeyStorageFlags) |
Kedaluwarsa.
Mengisi X509Certificate2 objek menggunakan data dari array byte, kata sandi, dan bendera penyimpanan kunci. |
| Import(Byte[], SecureString, X509KeyStorageFlags) |
Kedaluwarsa.
Mengisi X509Certificate objek menggunakan data dari array byte, kata sandi, dan bendera penyimpanan kunci. (Diperoleh dari X509Certificate) |
| Import(Byte[], String, X509KeyStorageFlags) |
Kedaluwarsa.
Mengisi X509Certificate2 objek menggunakan data dari array byte, kata sandi, dan bendera untuk menentukan cara mengimpor kunci privat. |
| Import(Byte[], String, X509KeyStorageFlags) |
Kedaluwarsa.
Mengisi X509Certificate objek menggunakan data dari array byte, kata sandi, dan bendera untuk menentukan bagaimana kunci privat diimpor. (Diperoleh dari X509Certificate) |
| Import(String) |
Kedaluwarsa.
Mengisi X509Certificate2 objek dengan informasi dari file sertifikat. |
| Import(String) |
Kedaluwarsa.
Mengisi X509Certificate objek dengan informasi dari file sertifikat. (Diperoleh dari X509Certificate) |
| Import(String, SecureString, X509KeyStorageFlags) |
Kedaluwarsa.
Mengisi X509Certificate2 objek dengan informasi dari file sertifikat, kata sandi, dan bendera penyimpanan kunci. |
| Import(String, SecureString, X509KeyStorageFlags) |
Kedaluwarsa.
Mengisi X509Certificate objek dengan informasi dari file sertifikat, kata sandi, dan bendera penyimpanan kunci. (Diperoleh dari X509Certificate) |
| Import(String, String, X509KeyStorageFlags) |
Kedaluwarsa.
Mengisi X509Certificate2 objek dengan informasi dari file sertifikat, kata sandi, dan X509KeyStorageFlags nilai. |
| Import(String, String, X509KeyStorageFlags) |
Kedaluwarsa.
Mengisi X509Certificate objek dengan informasi dari file sertifikat, kata sandi, dan X509KeyStorageFlags nilai. (Diperoleh dari X509Certificate) |
| MatchesHostname(String, Boolean, Boolean) |
Memeriksa untuk melihat apakah sertifikat cocok dengan nama host yang disediakan. |
| MemberwiseClone() |
Membuat salinan dangkal dari saat ini Object. (Diperoleh dari Object) |
| Reset() |
Mereset status X509Certificate2 objek. |
| Reset() |
Mereset status X509Certificate2 objek. (Diperoleh dari X509Certificate) |
| ToString() |
Menampilkan sertifikat X.509 dalam format teks. |
| ToString(Boolean) |
Menampilkan sertifikat X.509 dalam format teks. |
| TryExportCertificatePem(Span<Char>, Int32) |
Upaya untuk mengekspor sertifikat X.509 publik, dikodekan sebagai PEM. |
| TryGetCertHash(HashAlgorithmName, Span<Byte>, Int32) |
Upaya untuk menghasilkan "thumbprint" untuk sertifikat dengan hash representasi sertifikat yang dikodekan dengan algoritma hash yang ditentukan. (Diperoleh dari X509Certificate) |
| Verify() |
Melakukan validasi rantai X.509 menggunakan kebijakan validasi dasar. |
Implementasi Antarmuka Eksplisit
| IDeserializationCallback.OnDeserialization(Object) |
ISerializable Mengimplementasikan antarmuka dan dipanggil kembali oleh peristiwa deserialisasi ketika deserialisasi selesai. (Diperoleh dari X509Certificate) |
| ISerializable.GetObjectData(SerializationInfo, StreamingContext) |
Mendapatkan informasi serialisasi dengan semua data yang diperlukan untuk membuat ulang instans objek saat ini X509Certificate . (Diperoleh dari X509Certificate) |
Metode Ekstensi
| CopyWithPrivateKey(X509Certificate2, DSA) |
Menggabungkan kunci privat dengan kunci DSA umum sertifikat untuk menghasilkan sertifikat DSA baru. |
| GetDSAPrivateKey(X509Certificate2) |
DSA Mendapatkan kunci privat dari X509Certificate2. |
| GetDSAPublicKey(X509Certificate2) |
DSA Mendapatkan kunci umum dari X509Certificate2. |
| CopyWithPrivateKey(X509Certificate2, ECDsa) |
Menggabungkan kunci privat dengan kunci ECDsa umum sertifikat untuk menghasilkan sertifikat ECDSA baru. |
| GetECDsaPrivateKey(X509Certificate2) |
ECDsa Mendapatkan kunci privat dari X509Certificate2 sertifikat. |
| GetECDsaPublicKey(X509Certificate2) |
ECDsa Mendapatkan kunci umum dari X509Certificate2 sertifikat. |
| CopyWithPrivateKey(X509Certificate2, RSA) |
Menggabungkan kunci privat dengan kunci RSA umum sertifikat untuk menghasilkan sertifikat RSA baru. |
| GetRSAPrivateKey(X509Certificate2) |
RSA Mendapatkan kunci privat dari X509Certificate2. |
| GetRSAPublicKey(X509Certificate2) |
RSA Mendapatkan kunci umum dari X509Certificate2. |
Berlaku untuk
Saran dan Komentar
Segera hadir: Sepanjang tahun 2024 kami akan menghentikan penggunaan GitHub Issues sebagai mekanisme umpan balik untuk konten dan menggantinya dengan sistem umpan balik baru. Untuk mengetahui informasi selengkapnya, lihat: https://aka.ms/ContentUserFeedback.
Kirim dan lihat umpan balik untuk