X509Certificate2 类

定义

表示 X.509 证书。

public ref class X509Certificate2 : System::Security::Cryptography::X509Certificates::X509Certificate
public class X509Certificate2 : System.Security.Cryptography.X509Certificates.X509Certificate
[System.Serializable]
public class X509Certificate2 : System.Security.Cryptography.X509Certificates.X509Certificate
type X509Certificate2 = class
    inherit X509Certificate
[<System.Serializable>]
type X509Certificate2 = class
    inherit X509Certificate
Public Class X509Certificate2
Inherits X509Certificate
继承
X509Certificate2
属性

示例

以下示例演示如何使用 X509Certificate2 对象来加密和解密文件。

using System;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using System.IO;
using System.Text;

// To run this sample use the Certificate Creation Tool (Makecert.exe) to generate a test X.509 certificate and
// place it in the local user store.
// To generate an exchange key and make the key exportable run the following command from a Visual Studio command prompt:

//makecert -r -pe -n "CN=CERT_SIGN_TEST_CERT" -b 01/01/2010 -e 01/01/2012 -sky exchange -ss my
namespace X509CertEncrypt
{
    class Program
    {

        // Path variables for source, encryption, and
        // decryption folders. Must end with a backslash.
        private static string encrFolder = @"C:\Encrypt\";
        private static string decrFolder = @"C:\Decrypt\";
        private static string originalFile = "TestData.txt";
        private static string encryptedFile = "TestData.enc";

        static void Main(string[] args)
        {

            // Create an input file with test data.
            StreamWriter sw = File.CreateText(originalFile);
            sw.WriteLine("Test data to be encrypted");
            sw.Close();

            // Get the certificate to use to encrypt the key.
            X509Certificate2 cert = GetCertificateFromStore("CN=CERT_SIGN_TEST_CERT");
            if (cert == null)
            {
                Console.WriteLine("Certificate 'CN=CERT_SIGN_TEST_CERT' not found.");
                Console.ReadLine();
            }

            // Encrypt the file using the public key from the certificate.
            EncryptFile(originalFile, (RSA)cert.PublicKey.Key);

            // Decrypt the file using the private key from the certificate.
            DecryptFile(encryptedFile, cert.GetRSAPrivateKey());

            //Display the original data and the decrypted data.
            Console.WriteLine("Original:   {0}", File.ReadAllText(originalFile));
            Console.WriteLine("Round Trip: {0}", File.ReadAllText(decrFolder + originalFile));
            Console.WriteLine("Press the Enter key to exit.");
            Console.ReadLine();
        }
        private static X509Certificate2 GetCertificateFromStore(string certName)
        {

            // Get the certificate store for the current user.
            X509Store store = new X509Store(StoreLocation.CurrentUser);
            try
            {
                store.Open(OpenFlags.ReadOnly);

                // Place all certificates in an X509Certificate2Collection object.
                X509Certificate2Collection certCollection = store.Certificates;
                // If using a certificate with a trusted root you do not need to FindByTimeValid, instead:
                // currentCerts.Find(X509FindType.FindBySubjectDistinguishedName, certName, true);
                X509Certificate2Collection currentCerts = certCollection.Find(X509FindType.FindByTimeValid, DateTime.Now, false);
                X509Certificate2Collection signingCert = currentCerts.Find(X509FindType.FindBySubjectDistinguishedName, certName, false);
                if (signingCert.Count == 0)
                    return null;
                // Return the first certificate in the collection, has the right name and is current.
                return signingCert[0];
            }
            finally
            {
                store.Close();
            }
        }

        // Encrypt a file using a public key.
        private static void EncryptFile(string inFile, RSA rsaPublicKey)
        {
            using (Aes aes = Aes.Create())
            {
                // Create instance of Aes for
                // symmetric encryption of the data.
                aes.KeySize = 256;
                aes.Mode = CipherMode.CBC;
                using (ICryptoTransform transform = aes.CreateEncryptor())
                {
                    RSAPKCS1KeyExchangeFormatter keyFormatter = new RSAPKCS1KeyExchangeFormatter(rsaPublicKey);
                    byte[] keyEncrypted = keyFormatter.CreateKeyExchange(aes.Key, aes.GetType());

                    // Create byte arrays to contain
                    // the length values of the key and IV.
                    byte[] LenK = new byte[4];
                    byte[] LenIV = new byte[4];

                    int lKey = keyEncrypted.Length;
                    LenK = BitConverter.GetBytes(lKey);
                    int lIV = aes.IV.Length;
                    LenIV = BitConverter.GetBytes(lIV);

                    // Write the following to the FileStream
                    // for the encrypted file (outFs):
                    // - length of the key
                    // - length of the IV
                    // - encrypted key
                    // - the IV
                    // - the encrypted cipher content

                    int startFileName = inFile.LastIndexOf("\\") + 1;
                    // Change the file's extension to ".enc"
                    string outFile = encrFolder + inFile.Substring(startFileName, inFile.LastIndexOf(".") - startFileName) + ".enc";
                    Directory.CreateDirectory(encrFolder);

                    using (FileStream outFs = new FileStream(outFile, FileMode.Create))
                    {

                        outFs.Write(LenK, 0, 4);
                        outFs.Write(LenIV, 0, 4);
                        outFs.Write(keyEncrypted, 0, lKey);
                        outFs.Write(aes.IV, 0, lIV);

                        // Now write the cipher text using
                        // a CryptoStream for encrypting.
                        using (CryptoStream outStreamEncrypted = new CryptoStream(outFs, transform, CryptoStreamMode.Write))
                        {

                            // By encrypting a chunk at
                            // a time, you can save memory
                            // and accommodate large files.
                            int count = 0;

                            // blockSizeBytes can be any arbitrary size.
                            int blockSizeBytes = aes.BlockSize / 8;
                            byte[] data = new byte[blockSizeBytes];
                            int bytesRead = 0;

                            using (FileStream inFs = new FileStream(inFile, FileMode.Open))
                            {
                                do
                                {
                                    count = inFs.Read(data, 0, blockSizeBytes);
                                    outStreamEncrypted.Write(data, 0, count);
                                    bytesRead += count;
                                }
                                while (count > 0);
                                inFs.Close();
                            }
                            outStreamEncrypted.FlushFinalBlock();
                            outStreamEncrypted.Close();
                        }
                        outFs.Close();
                    }
                }
            }
        }


        // Decrypt a file using a private key.
        private static void DecryptFile(string inFile, RSA rsaPrivateKey)
        {

            // Create instance of Aes for
            // symmetric decryption of the data.
            using (Aes aes = Aes.Create())
            {
                aes.KeySize = 256;
                aes.Mode = CipherMode.CBC;

                // Create byte arrays to get the length of
                // the encrypted key and IV.
                // These values were stored as 4 bytes each
                // at the beginning of the encrypted package.
                byte[] LenK = new byte[4];
                byte[] LenIV = new byte[4];

                // Construct the file name for the decrypted file.
                string outFile = decrFolder + inFile.Substring(0, inFile.LastIndexOf(".")) + ".txt";

                // Use FileStream objects to read the encrypted
                // file (inFs) and save the decrypted file (outFs).
                using (FileStream inFs = new FileStream(encrFolder + inFile, FileMode.Open))
                {

                    inFs.Seek(0, SeekOrigin.Begin);
                    inFs.Seek(0, SeekOrigin.Begin);
                    inFs.Read(LenK, 0, 3);
                    inFs.Seek(4, SeekOrigin.Begin);
                    inFs.Read(LenIV, 0, 3);

                    // Convert the lengths to integer values.
                    int lenK = BitConverter.ToInt32(LenK, 0);
                    int lenIV = BitConverter.ToInt32(LenIV, 0);

                    // Determine the start position of
                    // the cipher text (startC)
                    // and its length(lenC).
                    int startC = lenK + lenIV + 8;
                    int lenC = (int)inFs.Length - startC;

                    // Create the byte arrays for
                    // the encrypted Aes key,
                    // the IV, and the cipher text.
                    byte[] KeyEncrypted = new byte[lenK];
                    byte[] IV = new byte[lenIV];

                    // Extract the key and IV
                    // starting from index 8
                    // after the length values.
                    inFs.Seek(8, SeekOrigin.Begin);
                    inFs.Read(KeyEncrypted, 0, lenK);
                    inFs.Seek(8 + lenK, SeekOrigin.Begin);
                    inFs.Read(IV, 0, lenIV);
                    Directory.CreateDirectory(decrFolder);
                    // Use RSA
                    // to decrypt the Aes key.
                    byte[] KeyDecrypted = rsaPrivateKey.Decrypt(KeyEncrypted, RSAEncryptionPadding.Pkcs1);

                    // Decrypt the key.
                    using (ICryptoTransform transform = aes.CreateDecryptor(KeyDecrypted, IV))
                    {

                        // Decrypt the cipher text from
                        // from the FileSteam of the encrypted
                        // file (inFs) into the FileStream
                        // for the decrypted file (outFs).
                        using (FileStream outFs = new FileStream(outFile, FileMode.Create))
                        {

                            int count = 0;

                            int blockSizeBytes = aes.BlockSize / 8;
                            byte[] data = new byte[blockSizeBytes];

                            // By decrypting a chunk a time,
                            // you can save memory and
                            // accommodate large files.

                            // Start at the beginning
                            // of the cipher text.
                            inFs.Seek(startC, SeekOrigin.Begin);
                            using (CryptoStream outStreamDecrypted = new CryptoStream(outFs, transform, CryptoStreamMode.Write))
                            {
                                do
                                {
                                    count = inFs.Read(data, 0, blockSizeBytes);
                                    outStreamDecrypted.Write(data, 0, count);
                                }
                                while (count > 0);

                                outStreamDecrypted.FlushFinalBlock();
                                outStreamDecrypted.Close();
                            }
                            outFs.Close();
                        }
                        inFs.Close();
                    }
                }
            }
        }
    }
}
Imports System.Security.Cryptography
Imports System.Security.Cryptography.X509Certificates
Imports System.IO
Imports System.Text


' To run this sample use the Certificate Creation Tool (Makecert.exe) to generate a test X.509 certificate and
' place it in the local user store.
' To generate an exchange key and make the key exportable run the following command from a Visual Studio command prompt:
'makecert -r -pe -n "CN=CERT_SIGN_TEST_CERT" -b 01/01/2010 -e 01/01/2012 -sky exchange -ss my

Class Program

    ' Path variables for source, encryption, and
    ' decryption folders. Must end with a backslash.
    Private Shared encrFolder As String = "C:\Encrypt\"
    Private Shared decrFolder As String = "C:\Decrypt\"
    Private Shared originalFile As String = "TestData.txt"
    Private Shared encryptedFile As String = "TestData.enc"


    Shared Sub Main(ByVal args() As String)

        ' Create an input file with test data.
        Dim sw As StreamWriter = File.CreateText(originalFile)
        sw.WriteLine("Test data to be encrypted")
        sw.Close()

        ' Get the certificate to use to encrypt the key.
        Dim cert As X509Certificate2 = GetCertificateFromStore("CN=CERT_SIGN_TEST_CERT")
        If cert Is Nothing Then
            Console.WriteLine("Certificate 'CN=CERT_SIGN_TEST_CERT' not found.")
            Console.ReadLine()
        End If


        ' Encrypt the file using the public key from the certificate.
        EncryptFile(originalFile, CType(cert.PublicKey.Key, RSA))

        ' Decrypt the file using the private key from the certificate.
        DecryptFile(encryptedFile, cert.GetRSAPrivateKey())

        'Display the original data and the decrypted data.
        Console.WriteLine("Original:   {0}", File.ReadAllText(originalFile))
        Console.WriteLine("Round Trip: {0}", File.ReadAllText(decrFolder + originalFile))
        Console.WriteLine("Press the Enter key to exit.")
        Console.ReadLine()

    End Sub

    Private Shared Function GetCertificateFromStore(ByVal certName As String) As X509Certificate2
        ' Get the certificate store for the current user.
        Dim store As New X509Store(StoreLocation.CurrentUser)
        Try
            store.Open(OpenFlags.ReadOnly)

            ' Place all certificates in an X509Certificate2Collection object.
            Dim certCollection As X509Certificate2Collection = store.Certificates
            ' If using a certificate with a trusted root you do not need to FindByTimeValid, instead use:
            ' currentCerts.Find(X509FindType.FindBySubjectDistinguishedName, certName, true);
            Dim currentCerts As X509Certificate2Collection = certCollection.Find(X509FindType.FindByTimeValid, DateTime.Now, False)
            Dim signingCert As X509Certificate2Collection = currentCerts.Find(X509FindType.FindBySubjectDistinguishedName, certName, False)
            If signingCert.Count = 0 Then
                Return Nothing
            End If ' Return the first certificate in the collection, has the right name and is current.
            Return signingCert(0)
        Finally
            store.Close()
        End Try


    End Function 'GetCertificateFromStore

    ' Encrypt a file using a public key.
    Private Shared Sub EncryptFile(ByVal inFile As String, ByVal rsaPublicKey As RSA)
        Dim aes As Aes = Aes.Create()
        Try
            ' Create instance of Aes for
            ' symmetric encryption of the data.
            aes.KeySize = 256
            aes.Mode = CipherMode.CBC
            Dim transform As ICryptoTransform = aes.CreateEncryptor()
            Try
                Dim keyFormatter As New RSAPKCS1KeyExchangeFormatter(rsaPublicKey)
                Dim keyEncrypted As Byte() = keyFormatter.CreateKeyExchange(aes.Key, aes.GetType())

                ' Create byte arrays to contain
                ' the length values of the key and IV.
                Dim LenK(3) As Byte
                Dim LenIV(3) As Byte

                Dim lKey As Integer = keyEncrypted.Length
                LenK = BitConverter.GetBytes(lKey)
                Dim lIV As Integer = aes.IV.Length
                LenIV = BitConverter.GetBytes(lIV)

                ' Write the following to the FileStream
                ' for the encrypted file (outFs):
                ' - length of the key
                ' - length of the IV
                ' - encrypted key
                ' - the IV
                ' - the encrypted cipher content
                Dim startFileName As Integer = inFile.LastIndexOf("\") + 1
                ' Change the file's extension to ".enc"
                Dim outFile As String = encrFolder + inFile.Substring(startFileName, inFile.LastIndexOf(".") - startFileName) + ".enc"
                Directory.CreateDirectory(encrFolder)

                Dim outFs As New FileStream(outFile, FileMode.Create)
                Try

                    outFs.Write(LenK, 0, 4)
                    outFs.Write(LenIV, 0, 4)
                    outFs.Write(keyEncrypted, 0, lKey)
                    outFs.Write(aes.IV, 0, lIV)

                    ' Now write the cipher text using
                    ' a CryptoStream for encrypting.
                    Dim outStreamEncrypted As New CryptoStream(outFs, transform, CryptoStreamMode.Write)
                    Try

                        ' By encrypting a chunk at
                        ' a time, you can save memory
                        ' and accommodate large files.
                        Dim count As Integer = 0

                        ' blockSizeBytes can be any arbitrary size.
                        Dim blockSizeBytes As Integer = aes.BlockSize / 8
                        Dim data(blockSizeBytes) As Byte
                        Dim bytesRead As Integer = 0

                        Dim inFs As New FileStream(inFile, FileMode.Open)
                        Try
                            Do
                                count = inFs.Read(data, 0, blockSizeBytes)
                                outStreamEncrypted.Write(data, 0, count)
                                bytesRead += count
                            Loop While count > 0
                            inFs.Close()
                        Finally
                            inFs.Dispose()
                        End Try
                        outStreamEncrypted.FlushFinalBlock()
                        outStreamEncrypted.Close()
                    Finally
                        outStreamEncrypted.Dispose()
                    End Try
                    outFs.Close()
                Finally
                    outFs.Dispose()
                End Try
            Finally
                transform.Dispose()
            End Try
        Finally
            aes.Dispose()
        End Try

    End Sub


    ' Decrypt a file using a private key.
    Private Shared Sub DecryptFile(ByVal inFile As String, ByVal rsaPrivateKey As RSA)

        ' Create instance of Aes for
        ' symmetric decryption of the data.
        Dim aes As Aes = Aes.Create()
        Try
            aes.KeySize = 256
            aes.Mode = CipherMode.CBC

            ' Create byte arrays to get the length of
            ' the encrypted key and IV.
            ' These values were stored as 4 bytes each
            ' at the beginning of the encrypted package.
            Dim LenK() As Byte = New Byte(4 - 1) {}
            Dim LenIV() As Byte = New Byte(4 - 1) {}

            ' Consruct the file name for the decrypted file.
            Dim outFile As String = decrFolder + inFile.Substring(0, inFile.LastIndexOf(".")) + ".txt"

            ' Use FileStream objects to read the encrypted
            ' file (inFs) and save the decrypted file (outFs).
            Dim inFs As New FileStream(encrFolder + inFile, FileMode.Open)
            Try

                inFs.Seek(0, SeekOrigin.Begin)
                inFs.Seek(0, SeekOrigin.Begin)
                inFs.Read(LenK, 0, 3)
                inFs.Seek(4, SeekOrigin.Begin)
                inFs.Read(LenIV, 0, 3)

                ' Convert the lengths to integer values.
                Dim lengthK As Integer = BitConverter.ToInt32(LenK, 0)
                Dim lengthIV As Integer = BitConverter.ToInt32(LenIV, 0)

                ' Determine the start postition of
                ' the cipher text (startC)
                ' and its length(lenC).
                Dim startC As Integer = lengthK + lengthIV + 8
                Dim lenC As Integer = (CType(inFs.Length, Integer) - startC)

                ' Create the byte arrays for
                ' the encrypted AES key,
                ' the IV, and the cipher text.
                Dim KeyEncrypted() As Byte = New Byte(lengthK - 1) {}
                Dim IV() As Byte = New Byte(lengthIV - 1) {}

                ' Extract the key and IV
                ' starting from index 8
                ' after the length values.
                inFs.Seek(8, SeekOrigin.Begin)
                inFs.Read(KeyEncrypted, 0, lengthK)
                inFs.Seek(8 + lengthK, SeekOrigin.Begin)
                inFs.Read(IV, 0, lengthIV)
                Directory.CreateDirectory(decrFolder)
                ' Use RSA
                ' to decrypt the AES key.
                Dim KeyDecrypted As Byte() = rsaPrivateKey.Decrypt(KeyEncrypted, RSAEncryptionPadding.Pkcs1)

                ' Decrypt the key.
                Dim transform As ICryptoTransform = aes.CreateDecryptor(KeyDecrypted, IV)
                ' Decrypt the cipher text from
                ' from the FileSteam of the encrypted
                ' file (inFs) into the FileStream
                ' for the decrypted file (outFs).
                Dim outFs As New FileStream(outFile, FileMode.Create)
                Try
                    ' Decrypt the cipher text from
                    ' from the FileSteam of the encrypted
                    ' file (inFs) into the FileStream
                    ' for the decrypted file (outFs).

                    Dim count As Integer = 0

                    Dim blockSizeBytes As Integer = aes.BlockSize / 8
                    Dim data(blockSizeBytes) As Byte

                    ' By decrypting a chunk a time,
                    ' you can save memory and
                    ' accommodate large files.
                    ' Start at the beginning
                    ' of the cipher text.
                    inFs.Seek(startC, SeekOrigin.Begin)
                    Dim outStreamDecrypted As New CryptoStream(outFs, transform, CryptoStreamMode.Write)
                    Try
                        Do
                            count = inFs.Read(data, 0, blockSizeBytes)
                            outStreamDecrypted.Write(data, 0, count)
                        Loop While count > 0

                        outStreamDecrypted.FlushFinalBlock()
                        outStreamDecrypted.Close()
                    Finally
                        outStreamDecrypted.Dispose()
                    End Try
                    outFs.Close()
                Finally
                    outFs.Dispose()
                End Try
                inFs.Close()

            Finally
                inFs.Dispose()

            End Try

        Finally
            aes.Dispose()
        End Try


    End Sub
End Class

以下示例创建一个命令行可执行文件,该可执行文件将证书文件作为参数,并将各种证书属性打印到控制台。

#using <System.dll>

using namespace System;
using namespace System::Security::Cryptography;
using namespace System::Security::Permissions;
using namespace System::IO;
using namespace System::Security::Cryptography::X509Certificates;

//Reads a file.
array<Byte>^ ReadFile( String^ fileName )
{
   FileStream^ f = gcnew FileStream( fileName,FileMode::Open,FileAccess::Read );
   int size = (int)f->Length;
   array<Byte>^data = gcnew array<Byte>(size);
   size = f->Read( data, 0, size );
   f->Close();
   return data;
}

[SecurityPermissionAttribute(SecurityAction::LinkDemand, Unrestricted = true)]
int main()
{
   array<String^>^args = Environment::GetCommandLineArgs();

   //Test for correct number of arguments.
   if ( args->Length < 2 )
   {
      Console::WriteLine( "Usage: CertInfo <filename>" );
      return  -1;
   }

   try
   {
      System::Security::Cryptography::X509Certificates::X509Certificate2 ^ x509 =
            gcnew System::Security::Cryptography::X509Certificates::X509Certificate2;

      //Create X509Certificate2 object from .cer file.
      array<Byte>^rawData = ReadFile( args[ 1 ] );

      x509->Import(rawData);

      //Print to console information contained in the certificate.
      Console::WriteLine( "{0}Subject: {1}{0}", Environment::NewLine, x509->Subject );
      Console::WriteLine( "{0}Issuer: {1}{0}", Environment::NewLine, x509->Issuer );
      Console::WriteLine( "{0}Version: {1}{0}", Environment::NewLine, x509->Version );
      Console::WriteLine( "{0}Valid Date: {1}{0}", Environment::NewLine, x509->NotBefore );
      Console::WriteLine( "{0}Expiry Date: {1}{0}", Environment::NewLine, x509->NotAfter );
      Console::WriteLine( "{0}Thumbprint: {1}{0}", Environment::NewLine, x509->Thumbprint );
      Console::WriteLine( "{0}Serial Number: {1}{0}", Environment::NewLine, x509->SerialNumber );
      Console::WriteLine( "{0}Friendly Name: {1}{0}", Environment::NewLine, x509->PublicKey->Oid->FriendlyName );
      Console::WriteLine( "{0}Public Key Format: {1}{0}", Environment::NewLine, x509->PublicKey->EncodedKeyValue->Format(true) );
      Console::WriteLine( "{0}Raw Data Length: {1}{0}", Environment::NewLine, x509->RawData->Length );
      Console::WriteLine( "{0}Certificate to string: {1}{0}", Environment::NewLine, x509->ToString( true ) );
      Console::WriteLine( "{0}Certificate to XML String: {1}{0}", Environment::NewLine, x509->PublicKey->Key->ToXmlString( false ) );

      //Add the certificate to a X509Store.
      X509Store ^ store = gcnew X509Store;
      store->Open( OpenFlags::MaxAllowed );
      store->Add( x509 );
      store->Close();
   }
   catch ( DirectoryNotFoundException^ )
   {
      Console::WriteLine( "Error: The directory specified could not be found." );
   }
   catch ( IOException^ )
   {
      Console::WriteLine( "Error: A file in the directory could not be accessed." );
   }
   catch ( NullReferenceException^ )
   {
      Console::WriteLine( "File must be a .cer file. Program does not have access to that type of file." );
   }

}
using System;
using System.Security.Cryptography;
using System.Security.Permissions;
using System.IO;
using System.Security.Cryptography.X509Certificates;

class CertInfo
{
    //Reads a file.
    internal static byte[] ReadFile (string fileName)
    {
        FileStream f = new FileStream(fileName, FileMode.Open, FileAccess.Read);
        int size = (int)f.Length;
        byte[] data = new byte[size];
        size = f.Read(data, 0, size);
        f.Close();
        return data;
    }
    //Main method begins here.
    static void Main(string[] args)
    {
        //Test for correct number of arguments.
        if (args.Length < 1)
        {
            Console.WriteLine("Usage: CertInfo <filename>");
            return;
        }
        try
        {
            byte[] rawData = ReadFile(args[0]);
            //Create X509Certificate2 object from .cer file.
            X509Certificate2 x509 = new X509Certificate2(rawData);

            //Print to console information contained in the certificate.
            Console.WriteLine("{0}Subject: {1}{0}", Environment.NewLine, x509.Subject);
            Console.WriteLine("{0}Issuer: {1}{0}", Environment.NewLine, x509.Issuer);
            Console.WriteLine("{0}Version: {1}{0}", Environment.NewLine, x509.Version);
            Console.WriteLine("{0}Valid Date: {1}{0}", Environment.NewLine, x509.NotBefore);
            Console.WriteLine("{0}Expiry Date: {1}{0}", Environment.NewLine, x509.NotAfter);
            Console.WriteLine("{0}Thumbprint: {1}{0}", Environment.NewLine, x509.Thumbprint);
            Console.WriteLine("{0}Serial Number: {1}{0}", Environment.NewLine, x509.SerialNumber);
            Console.WriteLine("{0}Friendly Name: {1}{0}", Environment.NewLine, x509.PublicKey.Oid.FriendlyName);
            Console.WriteLine("{0}Public Key Format: {1}{0}", Environment.NewLine, x509.PublicKey.EncodedKeyValue.Format(true));
            Console.WriteLine("{0}Raw Data Length: {1}{0}", Environment.NewLine, x509.RawData.Length);
            Console.WriteLine("{0}Certificate to string: {1}{0}", Environment.NewLine, x509.ToString(true));
            Console.WriteLine("{0}Certificate to XML String: {1}{0}", Environment.NewLine, x509.PublicKey.Key.ToXmlString(false));

            //Add the certificate to a X509Store.
            X509Store store = new X509Store();
            store.Open(OpenFlags.MaxAllowed);
            store.Add(x509);
            store.Close();
        }
        catch (DirectoryNotFoundException)
        {
               Console.WriteLine("Error: The directory specified could not be found.");
        }
        catch (IOException)
        {
            Console.WriteLine("Error: A file in the directory could not be accessed.");
        }
        catch (NullReferenceException)
        {
            Console.WriteLine("File must be a .cer file. Program does not have access to that type of file.");
        }
    }
}
Imports System.Security.Cryptography
Imports System.Security.Permissions
Imports System.IO
Imports System.Security.Cryptography.X509Certificates

Class CertInfo

    'Reads a file.
    Friend Shared Function ReadFile(ByVal fileName As String) As Byte()
        Dim f As New FileStream(fileName, FileMode.Open, FileAccess.Read)
        Dim size As Integer = Fix(f.Length)
        Dim data(size - 1) As Byte
        size = f.Read(data, 0, size)
        f.Close()
        Return data

    End Function 

    <SecurityPermission(SecurityAction.LinkDemand, Unrestricted:=True)> _
    Shared Sub Main(ByVal args() As String)
        'Test for correct number of arguments.
        If args.Length < 1 Then
            Console.WriteLine("Usage: CertInfo <filename>")
            Return
        End If
        Try
            Dim x509 As New X509Certificate2()
            'Create X509Certificate2 object from .cer file.
            Dim rawData As Byte() = ReadFile(args(0))
            
            x509.Import(rawData)

            'Print to console information contained in the certificate.
            Console.WriteLine("{0}Subject: {1}{0}", Environment.NewLine, x509.Subject)
            Console.WriteLine("{0}Issuer: {1}{0}", Environment.NewLine, x509.Issuer)
            Console.WriteLine("{0}Version: {1}{0}", Environment.NewLine, x509.Version)
            Console.WriteLine("{0}Valid Date: {1}{0}", Environment.NewLine, x509.NotBefore)
            Console.WriteLine("{0}Expiry Date: {1}{0}", Environment.NewLine, x509.NotAfter)
            Console.WriteLine("{0}Thumbprint: {1}{0}", Environment.NewLine, x509.Thumbprint)
            Console.WriteLine("{0}Serial Number: {1}{0}", Environment.NewLine, x509.SerialNumber)
            Console.WriteLine("{0}Friendly Name: {1}{0}", Environment.NewLine, x509.PublicKey.Oid.FriendlyName)
            Console.WriteLine("{0}Public Key Format: {1}{0}", Environment.NewLine, x509.PublicKey.EncodedKeyValue.Format(True))
            Console.WriteLine("{0}Raw Data Length: {1}{0}", Environment.NewLine, x509.RawData.Length)
            Console.WriteLine("{0}Certificate to string: {1}{0}", Environment.NewLine, x509.ToString(True))

            Console.WriteLine("{0}Certificate to XML String: {1}{0}", Environment.NewLine, x509.PublicKey.Key.ToXmlString(False))

            'Add the certificate to a X509Store.
            Dim store As New X509Store()
            store.Open(OpenFlags.MaxAllowed)
            store.Add(x509)
            store.Close()

        Catch dnfExcept As DirectoryNotFoundException
            Console.WriteLine("Error: The directory specified could not be found.")
        Catch ioExpcept As IOException
            Console.WriteLine("Error: A file in the directory could not be accessed.")
        Catch nrExcept As NullReferenceException
            Console.WriteLine("File must be a .cer file. Program does not have access to that type of file.")
        End Try

    End Sub
End Class

注解

X.509 结构起源于国际标准化组织 (ISO) 工作组。 此结构可用于表示各种类型的信息,包括身份、权利和持有者属性, (权限、年龄、性别、位置、隶属关系等) 。 尽管 ISO 规范在结构本身方面信息最多, X509Certificate2 但类旨在对 Internet 工程任务组 (IETF) 公钥基础结构、X.509 (PKIX) 工作组发布的规范中定义的使用方案进行建模。 这些规范中信息最丰富的是 RFC 3280“证书和证书吊销列表 (CRL) 配置文件”。

重要

从 .NET Framework 4.6 开始,此类型实现 IDisposable 接口。 在使用完类型后,您应直接或间接释放类型。 若要直接释放类型,请在 try/catch 块中调用其 Dispose 方法。 若要间接释放类型,请使用 using(在 C# 中)或 Using(在 Visual Basic 中)等语言构造。 有关详细信息,请参阅 IDisposable 接口主题中的“使用实现 IDisposable 的对象”一节。

对于面向 .NET Framework 4.5.2 及更早版本的应用, X509Certificate2 类不实现 IDisposable 接口,因此没有 Dispose 方法。

构造函数

X509Certificate2()
已过时.
已过时.

初始化 X509Certificate2 类的新实例。

X509Certificate2(Byte[])
已过时.

使用来自字节数组的信息初始化 X509Certificate2 类的新实例。

X509Certificate2(Byte[], SecureString)
已过时.

使用一个字节数组和一个密码初始化 X509Certificate2 类的新实例。

X509Certificate2(Byte[], SecureString, X509KeyStorageFlags)
已过时.

使用一个字节数组、一个密码和一个密钥存储标志初始化 X509Certificate2 类的新实例。

X509Certificate2(Byte[], String)
已过时.

使用一个字节数组和一个密码初始化 X509Certificate2 类的新实例。

X509Certificate2(Byte[], String, X509KeyStorageFlags)
已过时.

使用一个字节数组、一个密码和一个密钥存储标志初始化 X509Certificate2 类的新实例。

X509Certificate2(IntPtr)

使用非托管句柄初始化 X509Certificate2 类的新实例。

X509Certificate2(ReadOnlySpan<Byte>)
已过时.

用证书数据初始化 X509Certificate2 类的新实例。

X509Certificate2(ReadOnlySpan<Byte>, ReadOnlySpan<Char>, X509KeyStorageFlags)
已过时.

使用证书数据、密码和密钥存储标志初始化 X509Certificate2 类的新实例。

X509Certificate2(SerializationInfo, StreamingContext)
已过时.

使用指定的序列化和流上下文信息初始化 X509Certificate2 类的新实例。

X509Certificate2(String)
已过时.

使用证书文件名初始化 X509Certificate2 类的新实例。

X509Certificate2(String, ReadOnlySpan<Char>, X509KeyStorageFlags)
已过时.

使用一个证书文件名、一个密码和一个密钥存储标志初始化 X509Certificate2 类的新实例。

X509Certificate2(String, SecureString)
已过时.

使用一个证书文件名和一个密码初始化 X509Certificate2 类的新实例。

X509Certificate2(String, SecureString, X509KeyStorageFlags)
已过时.

使用一个证书文件名、一个密码和一个密钥存储标志初始化 X509Certificate2 类的新实例。

X509Certificate2(String, String)
已过时.

使用一个证书文件名和一个用于访问该证书的密码初始化 X509Certificate2 类的新实例。

X509Certificate2(String, String, X509KeyStorageFlags)
已过时.

使用一个证书文件名、一个用于访问该证书的密码和一个密钥存储标志初始化 X509Certificate2 类的新实例。

X509Certificate2(X509Certificate)

使用 X509Certificate 对象初始化 X509Certificate2 类的新实例。

属性

Archived

获取或设置一个指示是否存档 X.509 证书的值。

Extensions

获取 X509Extension 对象的集合。

FriendlyName

获取或设置证书的关联别名。

Handle

获取非托管 PCCERT_CONTEXT 结构所描述的 Microsoft Cryptographic API 证书上下文的句柄。

(继承自 X509Certificate)
HasPrivateKey

获取一个值,该值指示 X509Certificate2 对象是否包含私钥。

Issuer

获取颁发此 X.509v3 证书的证书颁发机构的名称。

(继承自 X509Certificate)
IssuerName

获取证书颁发者的可分辨名称。

NotAfter

获取本地时间中的一个日期,在该日期后证书不再有效。

NotBefore

获取证书生效的本地时间中的日期。

PrivateKey
已过时.

获取或设置 AsymmetricAlgorithm 对象,该对象表示与证书关联的私钥。

PublicKey

获取一个与证书相关联的 PublicKey 对象。

RawData

获取证书的原始 X.509 公共数据。

RawDataMemory

获取证书的原始 X.509 公共数据。

SerialNumber

获取 big-endian 十六进制字符串形式的证书序列号。

SerialNumberBytes

获取证书序列号的 big-endian 表示形式。

(继承自 X509Certificate)
SignatureAlgorithm

获取用于创建证书签名的算法。

Subject

获取证书的主题可分辨名称。

(继承自 X509Certificate)
SubjectName

获取证书中使用者的可分辨名称。

Thumbprint

获取证书的指纹。

Version

获取证书的 X.509 格式版本。

方法

CopyWithPrivateKey(ECDiffieHellman)

将私钥与证书的 ECDiffieHellman 公钥相结合,以生成新的 ECDiffieHellman 证书。

CreateFromEncryptedPem(ReadOnlySpan<Char>, ReadOnlySpan<Char>, ReadOnlySpan<Char>)

用 RFC 7468 PEM 编码的证书的内容和受密码保护的私钥创建新的 X509 证书。

CreateFromEncryptedPemFile(String, ReadOnlySpan<Char>, String)

用 RFC 7468 PEM 编码的证书的文件内容和受密码保护的私钥创建新的 X509 证书。

CreateFromPem(ReadOnlySpan<Char>)

根据 RFC 7468 PEM 编码证书的内容创建新的 X509 证书。

CreateFromPem(ReadOnlySpan<Char>, ReadOnlySpan<Char>)

用 RFC 7468 PEM 编码的证书的内容和私钥创建新的 X509 证书。

CreateFromPemFile(String, String)

用 RFC 7468 PEM 编码的证书的文件内容和私钥创建新的 X509 证书。

Dispose()

释放由当前 X509Certificate 对象使用的所有资源。

(继承自 X509Certificate)
Dispose(Boolean)

释放此 X509Certificate 使用的所有非托管资源,并且可选择释放托管资源。

(继承自 X509Certificate)
Equals(Object)

比较两个 X509Certificate 对象是否相等。

(继承自 X509Certificate)
Equals(X509Certificate)

比较两个 X509Certificate 对象是否相等。

(继承自 X509Certificate)
Export(X509ContentType)

X509Certificate 值之一所描述的格式将当前 X509ContentType 对象导出到字节数组。

(继承自 X509Certificate)
Export(X509ContentType, SecureString)

使用指定的格式和密码将当前 X509Certificate 对象导出到字节数组。

(继承自 X509Certificate)
Export(X509ContentType, String)

使用指定的密码,以 X509Certificate 值之一所描述的格式将当前 X509ContentType 对象导出到字节数组。

(继承自 X509Certificate)
ExportCertificatePem()

导出编码为 PEM 的公共 X.509 证书。

GetCertContentType(Byte[])

指示字节数组中所包含的证书类型。

GetCertContentType(ReadOnlySpan<Byte>)

指示提供的数据中所包含的证书类型。

GetCertContentType(String)

指示文件中所包含的证书类型。

GetCertHash()

将 X.509v3 证书的哈希值作为字节数组返回。

(继承自 X509Certificate)
GetCertHash(HashAlgorithmName)

返回使用指定加密哈希算法计算的 X.509v3 证书的哈希值。

(继承自 X509Certificate)
GetCertHashString()

以十六进制字符串的形式返回 X.509v3 证书的 SHA1 哈希值。

(继承自 X509Certificate)
GetCertHashString(HashAlgorithmName)

返回包含使用指定加密哈希算法计算的 X.509v3 证书的哈希值的十六进制字符串。

(继承自 X509Certificate)
GetECDiffieHellmanPrivateKey()

ECDiffieHellman从此证书获取私钥。

GetECDiffieHellmanPublicKey()

ECDiffieHellman从此证书获取公钥。

GetEffectiveDateString()

返回此 X.509v3 证书的有效日期。

(继承自 X509Certificate)
GetExpirationDateString()

返回此 X.509v3 证书的到期日期。

(继承自 X509Certificate)
GetFormat()

返回此 X.509v3 证书的格式名称。

(继承自 X509Certificate)
GetHashCode()

返回整数形式的 X.509v3 证书的哈希代码。

(继承自 X509Certificate)
GetIssuerName()
已过时.
已过时.
已过时.

返回颁发此 X.509v3 证书的证书颁发机构的名称。

(继承自 X509Certificate)
GetKeyAlgorithm()

以字符串形式返回此 X.509v3 证书的密钥算法信息。

(继承自 X509Certificate)
GetKeyAlgorithmParameters()

将 X.509v3 证书的密钥算法参数作为字节数组返回。

(继承自 X509Certificate)
GetKeyAlgorithmParametersString()

以十六进制字符串的形式返回此 X.509v3 证书的密钥算法参数。

(继承自 X509Certificate)
GetName()
已过时.
已过时.
已过时.

返回已向其颁发证书的主体的名称。

(继承自 X509Certificate)
GetNameInfo(X509NameType, Boolean)

从证书中获取主题和颁发者名称。

GetPublicKey()

将 X.509v3 证书的公钥作为字节数组返回。

(继承自 X509Certificate)
GetPublicKeyString()

将 X.509v3 证书的公钥作为十六进制字符串返回。

(继承自 X509Certificate)
GetRawCertData()

将整个 X.509v3 证书的原始数据作为字节数组返回。

(继承自 X509Certificate)
GetRawCertDataString()

将整个 X.509v3 证书的原始数据作为十六进制字符串返回。

(继承自 X509Certificate)
GetSerialNumber()

将 X.509v3 证书的序列号以 little-endian 的顺序作为字节数组返回。

(继承自 X509Certificate)
GetSerialNumberString()

将 X.509v3 证书的序列号作为 little-endian 十六进制字符串返回。

(继承自 X509Certificate)
GetType()

获取当前实例的 Type

(继承自 Object)
Import(Byte[])
已过时.
已过时.

使用字节数组中的数据填充 X509Certificate2 对象。

Import(Byte[])
已过时.
已过时.

使用字节数组中的数据填充 X509Certificate 对象。

(继承自 X509Certificate)
Import(Byte[], SecureString, X509KeyStorageFlags)
已过时.
已过时.

使用一个字节数组中的数据、一个密码和一个密钥存储标志填充 X509Certificate2 对象。

Import(Byte[], SecureString, X509KeyStorageFlags)
已过时.
已过时.

使用一个字节数组中的数据、一个密码和一个密钥存储标志填充 X509Certificate 对象。

(继承自 X509Certificate)
Import(Byte[], String, X509KeyStorageFlags)
已过时.
已过时.

使用一个字节数组中的数据、一个密码和用于确定如何导入私钥的标志填充 X509Certificate2 对象。

Import(Byte[], String, X509KeyStorageFlags)
已过时.
已过时.

使用一个字节数组中的数据、一个密码和用于确定如何导入私钥的标志填充 X509Certificate 对象。

(继承自 X509Certificate)
Import(String)
已过时.
已过时.

使用证书文件中的信息填充 X509Certificate2 对象。

Import(String)
已过时.
已过时.

使用证书文件中的信息填充 X509Certificate 对象。

(继承自 X509Certificate)
Import(String, SecureString, X509KeyStorageFlags)
已过时.
已过时.

使用一个证书文件中的信息,一个密码和一个密钥存储标志填充 X509Certificate2 对象。

Import(String, SecureString, X509KeyStorageFlags)
已过时.
已过时.

使用一个证书文件中的信息,一个密码和一个密钥存储标志填充 X509Certificate 对象。

(继承自 X509Certificate)
Import(String, String, X509KeyStorageFlags)
已过时.
已过时.

使用一个证书文件中的信息、一个密码和一个 X509Certificate2 值填充 X509KeyStorageFlags 对象。

Import(String, String, X509KeyStorageFlags)
已过时.
已过时.

使用一个证书文件中的信息、一个密码和一个 X509Certificate 值填充 X509KeyStorageFlags 对象。

(继承自 X509Certificate)
MatchesHostname(String, Boolean, Boolean)

检查证书是否与提供的主机名匹配。

MemberwiseClone()

创建当前 Object 的浅表副本。

(继承自 Object)
Reset()

重置 X509Certificate2 对象的状态。

Reset()

重置 X509Certificate2 对象的状态。

(继承自 X509Certificate)
ToString()

以文本格式显示 X.509 证书。

ToString(Boolean)

以文本格式显示 X.509 证书。

TryExportCertificatePem(Span<Char>, Int32)

尝试导出编码为 PEM 的公共 X.509 证书。

TryGetCertHash(HashAlgorithmName, Span<Byte>, Int32)

尝试为证书生成“指纹”,方法是使用指定的哈希算法对已编码的证书表示形式进行哈希处理。

(继承自 X509Certificate)
Verify()

使用基本验证策略执行 X.509 链验证。

显式接口实现

IDeserializationCallback.OnDeserialization(Object)

实现 ISerializable 接口,并在完成反序列化后由反序列化事件回调。

(继承自 X509Certificate)
ISerializable.GetObjectData(SerializationInfo, StreamingContext)

获取序列化信息,其中包含重新创建当前 X509Certificate 对象的实例所需的所有数据。

(继承自 X509Certificate)

扩展方法

CopyWithPrivateKey(X509Certificate2, DSA)

将私钥与 DSA 证书的公钥合并,以生成新的 DSA 证书。

GetDSAPrivateKey(X509Certificate2)

X509Certificate2 获取 DSA 私钥。

GetDSAPublicKey(X509Certificate2)

X509Certificate2 获取 DSA 公钥。

CopyWithPrivateKey(X509Certificate2, ECDsa)

将私钥与 ECDsa 证书的公钥合并,以生成新的 ECDSA 证书。

GetECDsaPrivateKey(X509Certificate2)

X509Certificate2 证书获取 ECDsa 私钥。

GetECDsaPublicKey(X509Certificate2)

X509Certificate2 证书获取 ECDsa 公钥。

CopyWithPrivateKey(X509Certificate2, RSA)

将私钥与 RSA 证书的公钥合并,以生成新的 RSA 证书。

GetRSAPrivateKey(X509Certificate2)

X509Certificate2 获取 RSA 私钥。

GetRSAPublicKey(X509Certificate2)

X509Certificate2 获取 RSA 公钥。

适用于