共用方式為


X509Certificate2 類別

定義

代表 X.509 憑證。

public ref class X509Certificate2 : System::Security::Cryptography::X509Certificates::X509Certificate
public class X509Certificate2 : System.Security.Cryptography.X509Certificates.X509Certificate
[System.Serializable]
public class X509Certificate2 : System.Security.Cryptography.X509Certificates.X509Certificate
type X509Certificate2 = class
    inherit X509Certificate
[<System.Serializable>]
type X509Certificate2 = class
    inherit X509Certificate
Public Class X509Certificate2
Inherits X509Certificate
繼承
X509Certificate2
屬性

範例

下列範例示範如何使用 X509Certificate2 物件來加密和解密檔案。

using System;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using System.IO;
using System.Text;

// To run this sample use the Certificate Creation Tool (Makecert.exe) to generate a test X.509 certificate and
// place it in the local user store.
// To generate an exchange key and make the key exportable run the following command from a Visual Studio command prompt:

//makecert -r -pe -n "CN=CERT_SIGN_TEST_CERT" -b 01/01/2010 -e 01/01/2012 -sky exchange -ss my
namespace X509CertEncrypt
{
    class Program
    {

        // Path variables for source, encryption, and
        // decryption folders. Must end with a backslash.
        private static string encrFolder = @"C:\Encrypt\";
        private static string decrFolder = @"C:\Decrypt\";
        private static string originalFile = "TestData.txt";
        private static string encryptedFile = "TestData.enc";

        static void Main(string[] args)
        {

            // Create an input file with test data.
            StreamWriter sw = File.CreateText(originalFile);
            sw.WriteLine("Test data to be encrypted");
            sw.Close();

            // Get the certificate to use to encrypt the key.
            X509Certificate2 cert = GetCertificateFromStore("CN=CERT_SIGN_TEST_CERT");
            if (cert == null)
            {
                Console.WriteLine("Certificate 'CN=CERT_SIGN_TEST_CERT' not found.");
                Console.ReadLine();
            }

            // Encrypt the file using the public key from the certificate.
            EncryptFile(originalFile, (RSA)cert.PublicKey.Key);

            // Decrypt the file using the private key from the certificate.
            DecryptFile(encryptedFile, cert.GetRSAPrivateKey());

            //Display the original data and the decrypted data.
            Console.WriteLine("Original:   {0}", File.ReadAllText(originalFile));
            Console.WriteLine("Round Trip: {0}", File.ReadAllText(decrFolder + originalFile));
            Console.WriteLine("Press the Enter key to exit.");
            Console.ReadLine();
        }
        private static X509Certificate2 GetCertificateFromStore(string certName)
        {

            // Get the certificate store for the current user.
            X509Store store = new X509Store(StoreLocation.CurrentUser);
            try
            {
                store.Open(OpenFlags.ReadOnly);

                // Place all certificates in an X509Certificate2Collection object.
                X509Certificate2Collection certCollection = store.Certificates;
                // If using a certificate with a trusted root you do not need to FindByTimeValid, instead:
                // currentCerts.Find(X509FindType.FindBySubjectDistinguishedName, certName, true);
                X509Certificate2Collection currentCerts = certCollection.Find(X509FindType.FindByTimeValid, DateTime.Now, false);
                X509Certificate2Collection signingCert = currentCerts.Find(X509FindType.FindBySubjectDistinguishedName, certName, false);
                if (signingCert.Count == 0)
                    return null;
                // Return the first certificate in the collection, has the right name and is current.
                return signingCert[0];
            }
            finally
            {
                store.Close();
            }
        }

        // Encrypt a file using a public key.
        private static void EncryptFile(string inFile, RSA rsaPublicKey)
        {
            using (Aes aes = Aes.Create())
            {
                // Create instance of Aes for
                // symmetric encryption of the data.
                aes.KeySize = 256;
                aes.Mode = CipherMode.CBC;
                using (ICryptoTransform transform = aes.CreateEncryptor())
                {
                    RSAPKCS1KeyExchangeFormatter keyFormatter = new RSAPKCS1KeyExchangeFormatter(rsaPublicKey);
                    byte[] keyEncrypted = keyFormatter.CreateKeyExchange(aes.Key, aes.GetType());

                    // Create byte arrays to contain
                    // the length values of the key and IV.
                    byte[] LenK = new byte[4];
                    byte[] LenIV = new byte[4];

                    int lKey = keyEncrypted.Length;
                    LenK = BitConverter.GetBytes(lKey);
                    int lIV = aes.IV.Length;
                    LenIV = BitConverter.GetBytes(lIV);

                    // Write the following to the FileStream
                    // for the encrypted file (outFs):
                    // - length of the key
                    // - length of the IV
                    // - encrypted key
                    // - the IV
                    // - the encrypted cipher content

                    int startFileName = inFile.LastIndexOf("\\") + 1;
                    // Change the file's extension to ".enc"
                    string outFile = encrFolder + inFile.Substring(startFileName, inFile.LastIndexOf(".") - startFileName) + ".enc";
                    Directory.CreateDirectory(encrFolder);

                    using (FileStream outFs = new FileStream(outFile, FileMode.Create))
                    {

                        outFs.Write(LenK, 0, 4);
                        outFs.Write(LenIV, 0, 4);
                        outFs.Write(keyEncrypted, 0, lKey);
                        outFs.Write(aes.IV, 0, lIV);

                        // Now write the cipher text using
                        // a CryptoStream for encrypting.
                        using (CryptoStream outStreamEncrypted = new CryptoStream(outFs, transform, CryptoStreamMode.Write))
                        {

                            // By encrypting a chunk at
                            // a time, you can save memory
                            // and accommodate large files.
                            int count = 0;

                            // blockSizeBytes can be any arbitrary size.
                            int blockSizeBytes = aes.BlockSize / 8;
                            byte[] data = new byte[blockSizeBytes];
                            int bytesRead = 0;

                            using (FileStream inFs = new FileStream(inFile, FileMode.Open))
                            {
                                do
                                {
                                    count = inFs.Read(data, 0, blockSizeBytes);
                                    outStreamEncrypted.Write(data, 0, count);
                                    bytesRead += count;
                                }
                                while (count > 0);
                                inFs.Close();
                            }
                            outStreamEncrypted.FlushFinalBlock();
                            outStreamEncrypted.Close();
                        }
                        outFs.Close();
                    }
                }
            }
        }


        // Decrypt a file using a private key.
        private static void DecryptFile(string inFile, RSA rsaPrivateKey)
        {

            // Create instance of Aes for
            // symmetric decryption of the data.
            using (Aes aes = Aes.Create())
            {
                aes.KeySize = 256;
                aes.Mode = CipherMode.CBC;

                // Create byte arrays to get the length of
                // the encrypted key and IV.
                // These values were stored as 4 bytes each
                // at the beginning of the encrypted package.
                byte[] LenK = new byte[4];
                byte[] LenIV = new byte[4];

                // Construct the file name for the decrypted file.
                string outFile = decrFolder + inFile.Substring(0, inFile.LastIndexOf(".")) + ".txt";

                // Use FileStream objects to read the encrypted
                // file (inFs) and save the decrypted file (outFs).
                using (FileStream inFs = new FileStream(encrFolder + inFile, FileMode.Open))
                {

                    inFs.Seek(0, SeekOrigin.Begin);
                    inFs.Seek(0, SeekOrigin.Begin);
                    inFs.Read(LenK, 0, 3);
                    inFs.Seek(4, SeekOrigin.Begin);
                    inFs.Read(LenIV, 0, 3);

                    // Convert the lengths to integer values.
                    int lenK = BitConverter.ToInt32(LenK, 0);
                    int lenIV = BitConverter.ToInt32(LenIV, 0);

                    // Determine the start position of
                    // the cipher text (startC)
                    // and its length(lenC).
                    int startC = lenK + lenIV + 8;
                    int lenC = (int)inFs.Length - startC;

                    // Create the byte arrays for
                    // the encrypted Aes key,
                    // the IV, and the cipher text.
                    byte[] KeyEncrypted = new byte[lenK];
                    byte[] IV = new byte[lenIV];

                    // Extract the key and IV
                    // starting from index 8
                    // after the length values.
                    inFs.Seek(8, SeekOrigin.Begin);
                    inFs.Read(KeyEncrypted, 0, lenK);
                    inFs.Seek(8 + lenK, SeekOrigin.Begin);
                    inFs.Read(IV, 0, lenIV);
                    Directory.CreateDirectory(decrFolder);
                    // Use RSA
                    // to decrypt the Aes key.
                    byte[] KeyDecrypted = rsaPrivateKey.Decrypt(KeyEncrypted, RSAEncryptionPadding.Pkcs1);

                    // Decrypt the key.
                    using (ICryptoTransform transform = aes.CreateDecryptor(KeyDecrypted, IV))
                    {

                        // Decrypt the cipher text from
                        // from the FileSteam of the encrypted
                        // file (inFs) into the FileStream
                        // for the decrypted file (outFs).
                        using (FileStream outFs = new FileStream(outFile, FileMode.Create))
                        {

                            int count = 0;

                            int blockSizeBytes = aes.BlockSize / 8;
                            byte[] data = new byte[blockSizeBytes];

                            // By decrypting a chunk a time,
                            // you can save memory and
                            // accommodate large files.

                            // Start at the beginning
                            // of the cipher text.
                            inFs.Seek(startC, SeekOrigin.Begin);
                            using (CryptoStream outStreamDecrypted = new CryptoStream(outFs, transform, CryptoStreamMode.Write))
                            {
                                do
                                {
                                    count = inFs.Read(data, 0, blockSizeBytes);
                                    outStreamDecrypted.Write(data, 0, count);
                                }
                                while (count > 0);

                                outStreamDecrypted.FlushFinalBlock();
                                outStreamDecrypted.Close();
                            }
                            outFs.Close();
                        }
                        inFs.Close();
                    }
                }
            }
        }
    }
}
Imports System.Security.Cryptography
Imports System.Security.Cryptography.X509Certificates
Imports System.IO
Imports System.Text


' To run this sample use the Certificate Creation Tool (Makecert.exe) to generate a test X.509 certificate and
' place it in the local user store.
' To generate an exchange key and make the key exportable run the following command from a Visual Studio command prompt:
'makecert -r -pe -n "CN=CERT_SIGN_TEST_CERT" -b 01/01/2010 -e 01/01/2012 -sky exchange -ss my

Class Program

    ' Path variables for source, encryption, and
    ' decryption folders. Must end with a backslash.
    Private Shared encrFolder As String = "C:\Encrypt\"
    Private Shared decrFolder As String = "C:\Decrypt\"
    Private Shared originalFile As String = "TestData.txt"
    Private Shared encryptedFile As String = "TestData.enc"


    Shared Sub Main(ByVal args() As String)

        ' Create an input file with test data.
        Dim sw As StreamWriter = File.CreateText(originalFile)
        sw.WriteLine("Test data to be encrypted")
        sw.Close()

        ' Get the certificate to use to encrypt the key.
        Dim cert As X509Certificate2 = GetCertificateFromStore("CN=CERT_SIGN_TEST_CERT")
        If cert Is Nothing Then
            Console.WriteLine("Certificate 'CN=CERT_SIGN_TEST_CERT' not found.")
            Console.ReadLine()
        End If


        ' Encrypt the file using the public key from the certificate.
        EncryptFile(originalFile, CType(cert.PublicKey.Key, RSA))

        ' Decrypt the file using the private key from the certificate.
        DecryptFile(encryptedFile, cert.GetRSAPrivateKey())

        'Display the original data and the decrypted data.
        Console.WriteLine("Original:   {0}", File.ReadAllText(originalFile))
        Console.WriteLine("Round Trip: {0}", File.ReadAllText(decrFolder + originalFile))
        Console.WriteLine("Press the Enter key to exit.")
        Console.ReadLine()

    End Sub

    Private Shared Function GetCertificateFromStore(ByVal certName As String) As X509Certificate2
        ' Get the certificate store for the current user.
        Dim store As New X509Store(StoreLocation.CurrentUser)
        Try
            store.Open(OpenFlags.ReadOnly)

            ' Place all certificates in an X509Certificate2Collection object.
            Dim certCollection As X509Certificate2Collection = store.Certificates
            ' If using a certificate with a trusted root you do not need to FindByTimeValid, instead use:
            ' currentCerts.Find(X509FindType.FindBySubjectDistinguishedName, certName, true);
            Dim currentCerts As X509Certificate2Collection = certCollection.Find(X509FindType.FindByTimeValid, DateTime.Now, False)
            Dim signingCert As X509Certificate2Collection = currentCerts.Find(X509FindType.FindBySubjectDistinguishedName, certName, False)
            If signingCert.Count = 0 Then
                Return Nothing
            End If ' Return the first certificate in the collection, has the right name and is current.
            Return signingCert(0)
        Finally
            store.Close()
        End Try


    End Function 'GetCertificateFromStore

    ' Encrypt a file using a public key.
    Private Shared Sub EncryptFile(ByVal inFile As String, ByVal rsaPublicKey As RSA)
        Dim aes As Aes = Aes.Create()
        Try
            ' Create instance of Aes for
            ' symmetric encryption of the data.
            aes.KeySize = 256
            aes.Mode = CipherMode.CBC
            Dim transform As ICryptoTransform = aes.CreateEncryptor()
            Try
                Dim keyFormatter As New RSAPKCS1KeyExchangeFormatter(rsaPublicKey)
                Dim keyEncrypted As Byte() = keyFormatter.CreateKeyExchange(aes.Key, aes.GetType())

                ' Create byte arrays to contain
                ' the length values of the key and IV.
                Dim LenK(3) As Byte
                Dim LenIV(3) As Byte

                Dim lKey As Integer = keyEncrypted.Length
                LenK = BitConverter.GetBytes(lKey)
                Dim lIV As Integer = aes.IV.Length
                LenIV = BitConverter.GetBytes(lIV)

                ' Write the following to the FileStream
                ' for the encrypted file (outFs):
                ' - length of the key
                ' - length of the IV
                ' - encrypted key
                ' - the IV
                ' - the encrypted cipher content
                Dim startFileName As Integer = inFile.LastIndexOf("\") + 1
                ' Change the file's extension to ".enc"
                Dim outFile As String = encrFolder + inFile.Substring(startFileName, inFile.LastIndexOf(".") - startFileName) + ".enc"
                Directory.CreateDirectory(encrFolder)

                Dim outFs As New FileStream(outFile, FileMode.Create)
                Try

                    outFs.Write(LenK, 0, 4)
                    outFs.Write(LenIV, 0, 4)
                    outFs.Write(keyEncrypted, 0, lKey)
                    outFs.Write(aes.IV, 0, lIV)

                    ' Now write the cipher text using
                    ' a CryptoStream for encrypting.
                    Dim outStreamEncrypted As New CryptoStream(outFs, transform, CryptoStreamMode.Write)
                    Try

                        ' By encrypting a chunk at
                        ' a time, you can save memory
                        ' and accommodate large files.
                        Dim count As Integer = 0

                        ' blockSizeBytes can be any arbitrary size.
                        Dim blockSizeBytes As Integer = aes.BlockSize / 8
                        Dim data(blockSizeBytes) As Byte
                        Dim bytesRead As Integer = 0

                        Dim inFs As New FileStream(inFile, FileMode.Open)
                        Try
                            Do
                                count = inFs.Read(data, 0, blockSizeBytes)
                                outStreamEncrypted.Write(data, 0, count)
                                bytesRead += count
                            Loop While count > 0
                            inFs.Close()
                        Finally
                            inFs.Dispose()
                        End Try
                        outStreamEncrypted.FlushFinalBlock()
                        outStreamEncrypted.Close()
                    Finally
                        outStreamEncrypted.Dispose()
                    End Try
                    outFs.Close()
                Finally
                    outFs.Dispose()
                End Try
            Finally
                transform.Dispose()
            End Try
        Finally
            aes.Dispose()
        End Try

    End Sub


    ' Decrypt a file using a private key.
    Private Shared Sub DecryptFile(ByVal inFile As String, ByVal rsaPrivateKey As RSA)

        ' Create instance of Aes for
        ' symmetric decryption of the data.
        Dim aes As Aes = Aes.Create()
        Try
            aes.KeySize = 256
            aes.Mode = CipherMode.CBC

            ' Create byte arrays to get the length of
            ' the encrypted key and IV.
            ' These values were stored as 4 bytes each
            ' at the beginning of the encrypted package.
            Dim LenK() As Byte = New Byte(4 - 1) {}
            Dim LenIV() As Byte = New Byte(4 - 1) {}

            ' Consruct the file name for the decrypted file.
            Dim outFile As String = decrFolder + inFile.Substring(0, inFile.LastIndexOf(".")) + ".txt"

            ' Use FileStream objects to read the encrypted
            ' file (inFs) and save the decrypted file (outFs).
            Dim inFs As New FileStream(encrFolder + inFile, FileMode.Open)
            Try

                inFs.Seek(0, SeekOrigin.Begin)
                inFs.Seek(0, SeekOrigin.Begin)
                inFs.Read(LenK, 0, 3)
                inFs.Seek(4, SeekOrigin.Begin)
                inFs.Read(LenIV, 0, 3)

                ' Convert the lengths to integer values.
                Dim lengthK As Integer = BitConverter.ToInt32(LenK, 0)
                Dim lengthIV As Integer = BitConverter.ToInt32(LenIV, 0)

                ' Determine the start postition of
                ' the cipher text (startC)
                ' and its length(lenC).
                Dim startC As Integer = lengthK + lengthIV + 8
                Dim lenC As Integer = (CType(inFs.Length, Integer) - startC)

                ' Create the byte arrays for
                ' the encrypted AES key,
                ' the IV, and the cipher text.
                Dim KeyEncrypted() As Byte = New Byte(lengthK - 1) {}
                Dim IV() As Byte = New Byte(lengthIV - 1) {}

                ' Extract the key and IV
                ' starting from index 8
                ' after the length values.
                inFs.Seek(8, SeekOrigin.Begin)
                inFs.Read(KeyEncrypted, 0, lengthK)
                inFs.Seek(8 + lengthK, SeekOrigin.Begin)
                inFs.Read(IV, 0, lengthIV)
                Directory.CreateDirectory(decrFolder)
                ' Use RSA
                ' to decrypt the AES key.
                Dim KeyDecrypted As Byte() = rsaPrivateKey.Decrypt(KeyEncrypted, RSAEncryptionPadding.Pkcs1)

                ' Decrypt the key.
                Dim transform As ICryptoTransform = aes.CreateDecryptor(KeyDecrypted, IV)
                ' Decrypt the cipher text from
                ' from the FileSteam of the encrypted
                ' file (inFs) into the FileStream
                ' for the decrypted file (outFs).
                Dim outFs As New FileStream(outFile, FileMode.Create)
                Try
                    ' Decrypt the cipher text from
                    ' from the FileSteam of the encrypted
                    ' file (inFs) into the FileStream
                    ' for the decrypted file (outFs).

                    Dim count As Integer = 0

                    Dim blockSizeBytes As Integer = aes.BlockSize / 8
                    Dim data(blockSizeBytes) As Byte

                    ' By decrypting a chunk a time,
                    ' you can save memory and
                    ' accommodate large files.
                    ' Start at the beginning
                    ' of the cipher text.
                    inFs.Seek(startC, SeekOrigin.Begin)
                    Dim outStreamDecrypted As New CryptoStream(outFs, transform, CryptoStreamMode.Write)
                    Try
                        Do
                            count = inFs.Read(data, 0, blockSizeBytes)
                            outStreamDecrypted.Write(data, 0, count)
                        Loop While count > 0

                        outStreamDecrypted.FlushFinalBlock()
                        outStreamDecrypted.Close()
                    Finally
                        outStreamDecrypted.Dispose()
                    End Try
                    outFs.Close()
                Finally
                    outFs.Dispose()
                End Try
                inFs.Close()

            Finally
                inFs.Dispose()

            End Try

        Finally
            aes.Dispose()
        End Try


    End Sub
End Class

下列範例會建立命令行可執行檔,以憑證檔案作為自變數,並將各種憑證屬性列印至控制台。

#using <System.dll>

using namespace System;
using namespace System::Security::Cryptography;
using namespace System::Security::Permissions;
using namespace System::IO;
using namespace System::Security::Cryptography::X509Certificates;

//Reads a file.
array<Byte>^ ReadFile( String^ fileName )
{
   FileStream^ f = gcnew FileStream( fileName,FileMode::Open,FileAccess::Read );
   int size = (int)f->Length;
   array<Byte>^data = gcnew array<Byte>(size);
   size = f->Read( data, 0, size );
   f->Close();
   return data;
}

[SecurityPermissionAttribute(SecurityAction::LinkDemand, Unrestricted = true)]
int main()
{
   array<String^>^args = Environment::GetCommandLineArgs();

   //Test for correct number of arguments.
   if ( args->Length < 2 )
   {
      Console::WriteLine( "Usage: CertInfo <filename>" );
      return  -1;
   }

   try
   {
      System::Security::Cryptography::X509Certificates::X509Certificate2 ^ x509 =
            gcnew System::Security::Cryptography::X509Certificates::X509Certificate2;

      //Create X509Certificate2 object from .cer file.
      array<Byte>^rawData = ReadFile( args[ 1 ] );

      x509->Import(rawData);

      //Print to console information contained in the certificate.
      Console::WriteLine( "{0}Subject: {1}{0}", Environment::NewLine, x509->Subject );
      Console::WriteLine( "{0}Issuer: {1}{0}", Environment::NewLine, x509->Issuer );
      Console::WriteLine( "{0}Version: {1}{0}", Environment::NewLine, x509->Version );
      Console::WriteLine( "{0}Valid Date: {1}{0}", Environment::NewLine, x509->NotBefore );
      Console::WriteLine( "{0}Expiry Date: {1}{0}", Environment::NewLine, x509->NotAfter );
      Console::WriteLine( "{0}Thumbprint: {1}{0}", Environment::NewLine, x509->Thumbprint );
      Console::WriteLine( "{0}Serial Number: {1}{0}", Environment::NewLine, x509->SerialNumber );
      Console::WriteLine( "{0}Friendly Name: {1}{0}", Environment::NewLine, x509->PublicKey->Oid->FriendlyName );
      Console::WriteLine( "{0}Public Key Format: {1}{0}", Environment::NewLine, x509->PublicKey->EncodedKeyValue->Format(true) );
      Console::WriteLine( "{0}Raw Data Length: {1}{0}", Environment::NewLine, x509->RawData->Length );
      Console::WriteLine( "{0}Certificate to string: {1}{0}", Environment::NewLine, x509->ToString( true ) );
      Console::WriteLine( "{0}Certificate to XML String: {1}{0}", Environment::NewLine, x509->PublicKey->Key->ToXmlString( false ) );

      //Add the certificate to a X509Store.
      X509Store ^ store = gcnew X509Store;
      store->Open( OpenFlags::MaxAllowed );
      store->Add( x509 );
      store->Close();
   }
   catch ( DirectoryNotFoundException^ )
   {
      Console::WriteLine( "Error: The directory specified could not be found." );
   }
   catch ( IOException^ )
   {
      Console::WriteLine( "Error: A file in the directory could not be accessed." );
   }
   catch ( NullReferenceException^ )
   {
      Console::WriteLine( "File must be a .cer file. Program does not have access to that type of file." );
   }

}
using System;
using System.Security.Cryptography;
using System.Security.Permissions;
using System.IO;
using System.Security.Cryptography.X509Certificates;

class CertInfo
{
    //Reads a file.
    internal static byte[] ReadFile (string fileName)
    {
        FileStream f = new FileStream(fileName, FileMode.Open, FileAccess.Read);
        int size = (int)f.Length;
        byte[] data = new byte[size];
        size = f.Read(data, 0, size);
        f.Close();
        return data;
    }
    //Main method begins here.
    static void Main(string[] args)
    {
        //Test for correct number of arguments.
        if (args.Length < 1)
        {
            Console.WriteLine("Usage: CertInfo <filename>");
            return;
        }
        try
        {
            byte[] rawData = ReadFile(args[0]);
            //Create X509Certificate2 object from .cer file.
            X509Certificate2 x509 = new X509Certificate2(rawData);

            //Print to console information contained in the certificate.
            Console.WriteLine("{0}Subject: {1}{0}", Environment.NewLine, x509.Subject);
            Console.WriteLine("{0}Issuer: {1}{0}", Environment.NewLine, x509.Issuer);
            Console.WriteLine("{0}Version: {1}{0}", Environment.NewLine, x509.Version);
            Console.WriteLine("{0}Valid Date: {1}{0}", Environment.NewLine, x509.NotBefore);
            Console.WriteLine("{0}Expiry Date: {1}{0}", Environment.NewLine, x509.NotAfter);
            Console.WriteLine("{0}Thumbprint: {1}{0}", Environment.NewLine, x509.Thumbprint);
            Console.WriteLine("{0}Serial Number: {1}{0}", Environment.NewLine, x509.SerialNumber);
            Console.WriteLine("{0}Friendly Name: {1}{0}", Environment.NewLine, x509.PublicKey.Oid.FriendlyName);
            Console.WriteLine("{0}Public Key Format: {1}{0}", Environment.NewLine, x509.PublicKey.EncodedKeyValue.Format(true));
            Console.WriteLine("{0}Raw Data Length: {1}{0}", Environment.NewLine, x509.RawData.Length);
            Console.WriteLine("{0}Certificate to string: {1}{0}", Environment.NewLine, x509.ToString(true));
            Console.WriteLine("{0}Certificate to XML String: {1}{0}", Environment.NewLine, x509.PublicKey.Key.ToXmlString(false));

            //Add the certificate to a X509Store.
            X509Store store = new X509Store();
            store.Open(OpenFlags.MaxAllowed);
            store.Add(x509);
            store.Close();
        }
        catch (DirectoryNotFoundException)
        {
               Console.WriteLine("Error: The directory specified could not be found.");
        }
        catch (IOException)
        {
            Console.WriteLine("Error: A file in the directory could not be accessed.");
        }
        catch (NullReferenceException)
        {
            Console.WriteLine("File must be a .cer file. Program does not have access to that type of file.");
        }
    }
}
Imports System.Security.Cryptography
Imports System.Security.Permissions
Imports System.IO
Imports System.Security.Cryptography.X509Certificates

Class CertInfo

    'Reads a file.
    Friend Shared Function ReadFile(ByVal fileName As String) As Byte()
        Dim f As New FileStream(fileName, FileMode.Open, FileAccess.Read)
        Dim size As Integer = Fix(f.Length)
        Dim data(size - 1) As Byte
        size = f.Read(data, 0, size)
        f.Close()
        Return data

    End Function 

    <SecurityPermission(SecurityAction.LinkDemand, Unrestricted:=True)> _
    Shared Sub Main(ByVal args() As String)
        'Test for correct number of arguments.
        If args.Length < 1 Then
            Console.WriteLine("Usage: CertInfo <filename>")
            Return
        End If
        Try
            Dim x509 As New X509Certificate2()
            'Create X509Certificate2 object from .cer file.
            Dim rawData As Byte() = ReadFile(args(0))
            
            x509.Import(rawData)

            'Print to console information contained in the certificate.
            Console.WriteLine("{0}Subject: {1}{0}", Environment.NewLine, x509.Subject)
            Console.WriteLine("{0}Issuer: {1}{0}", Environment.NewLine, x509.Issuer)
            Console.WriteLine("{0}Version: {1}{0}", Environment.NewLine, x509.Version)
            Console.WriteLine("{0}Valid Date: {1}{0}", Environment.NewLine, x509.NotBefore)
            Console.WriteLine("{0}Expiry Date: {1}{0}", Environment.NewLine, x509.NotAfter)
            Console.WriteLine("{0}Thumbprint: {1}{0}", Environment.NewLine, x509.Thumbprint)
            Console.WriteLine("{0}Serial Number: {1}{0}", Environment.NewLine, x509.SerialNumber)
            Console.WriteLine("{0}Friendly Name: {1}{0}", Environment.NewLine, x509.PublicKey.Oid.FriendlyName)
            Console.WriteLine("{0}Public Key Format: {1}{0}", Environment.NewLine, x509.PublicKey.EncodedKeyValue.Format(True))
            Console.WriteLine("{0}Raw Data Length: {1}{0}", Environment.NewLine, x509.RawData.Length)
            Console.WriteLine("{0}Certificate to string: {1}{0}", Environment.NewLine, x509.ToString(True))

            Console.WriteLine("{0}Certificate to XML String: {1}{0}", Environment.NewLine, x509.PublicKey.Key.ToXmlString(False))

            'Add the certificate to a X509Store.
            Dim store As New X509Store()
            store.Open(OpenFlags.MaxAllowed)
            store.Add(x509)
            store.Close()

        Catch dnfExcept As DirectoryNotFoundException
            Console.WriteLine("Error: The directory specified could not be found.")
        Catch ioExpcept As IOException
            Console.WriteLine("Error: A file in the directory could not be accessed.")
        Catch nrExcept As NullReferenceException
            Console.WriteLine("File must be a .cer file. Program does not have access to that type of file.")
        End Try

    End Sub
End Class

備註

X.509 結構源自國際標準化組織 (ISO) 工作組。 此結構可用來代表各種類型的資訊,包括身分識別、權利和持有者屬性 (許可權、年齡、性別、位置、關聯性等等) 。 雖然 ISO 規格對結構本身最有資訊,但 類別 X509Certificate2 的設計目的是建立因特網工程工作組 () IETF) 公鑰基礎結構、X.509 (PKIX) 工作組所簽發規格中所定義的使用案例。 這些規格的最資訊是 RFC 3280,「憑證和證書吊銷清單 (CRL) 配置檔」。

重要

從 .NET Framework 4.6 開始,此類型會實作 IDisposable 介面。 當您完成使用型別時,您應該直接或間接處置它。 若要直接處置型別,請呼叫其 try/catch 區塊中的 Dispose 方法。 若要間接處置它,請使用語言建構函式,例如 using (在 C# 中) 或 Using (在 Visual Basic 中)。 如需詳細資訊,請參閱 IDisposable 介面文章中的<使用實作 IDisposable 的物件>一節。

對於以 .NET Framework 4.5.2 和更早版本為目標的應用程式,類別X509Certificate2不會實IDisposable作 介面,因此沒有 Dispose 方法。

建構函式

X509Certificate2()
已淘汰.
已淘汰.

初始化 X509Certificate2 類別的新執行個體。

X509Certificate2(Byte[])
已淘汰.

使用位元組陣列中的資訊,初始化 X509Certificate2 類別的新執行個體。

X509Certificate2(Byte[], SecureString)
已淘汰.

使用位元組陣列和密碼,初始化 X509Certificate2 類別的新執行個體。

X509Certificate2(Byte[], SecureString, X509KeyStorageFlags)
已淘汰.

使用位元組陣列、密碼和金鑰儲存旗標,初始化 X509Certificate2 類別的新執行個體。

X509Certificate2(Byte[], String)
已淘汰.

使用位元組陣列和密碼,初始化 X509Certificate2 類別的新執行個體。

X509Certificate2(Byte[], String, X509KeyStorageFlags)
已淘汰.

使用位元組陣列、密碼和金鑰儲存旗標,初始化 X509Certificate2 類別的新執行個體。

X509Certificate2(IntPtr)

使用 Unmanaged 控制代碼,初始化 X509Certificate2 類別的新執行個體。

X509Certificate2(ReadOnlySpan<Byte>)
已淘汰.

從憑證資料中,初始化 X509Certificate2 類別的新執行個體。

X509Certificate2(ReadOnlySpan<Byte>, ReadOnlySpan<Char>, X509KeyStorageFlags)
已淘汰.

從憑證資料、密碼與金鑰儲存旗標,將 X509Certificate2 類別的新執行個體初始化。

X509Certificate2(SerializationInfo, StreamingContext)
已淘汰.

使用指定的序列化和資料流內容資訊,初始化 X509Certificate2 類別的新執行個體。

X509Certificate2(String)
已淘汰.

使用憑證檔名,初始化 X509Certificate2 類別的新執行個體。

X509Certificate2(String, ReadOnlySpan<Char>, X509KeyStorageFlags)
已淘汰.

使用憑證檔名、密碼和金鑰儲存旗標,初始化 X509Certificate2 類別的新執行個體。

X509Certificate2(String, SecureString)
已淘汰.

使用憑證檔名和密碼,初始化 X509Certificate2 類別的新執行個體。

X509Certificate2(String, SecureString, X509KeyStorageFlags)
已淘汰.

使用憑證檔名、密碼和金鑰儲存旗標,初始化 X509Certificate2 類別的新執行個體。

X509Certificate2(String, String)
已淘汰.

使用憑證檔名和用於存取憑證的密碼,初始化 X509Certificate2 類別的新執行個體。

X509Certificate2(String, String, X509KeyStorageFlags)
已淘汰.

使用憑證檔名、用於存取憑證的密碼和金鑰儲存旗標,初始化 X509Certificate2 類別的新執行個體。

X509Certificate2(X509Certificate)

使用 X509Certificate2 物件,初始化 X509Certificate 類別的新執行個體。

屬性

Archived

取得或設定值,表示 X.509 憑證已封存。

Extensions

取得 X509Extension 物件的集合。

FriendlyName

取得或設定憑證的相關別名 (Alias)。

Handle

取得 Unmanaged PCCERT_CONTEXT 結構所描述之 Microsoft Cryptographic API 憑證內容的控制代碼。

(繼承來源 X509Certificate)
HasPrivateKey

取得值,指出 X509Certificate2 物件是否包含私密金鑰。

Issuer

取得核發 X.509v3 憑證的憑證授權單位名稱。

(繼承來源 X509Certificate)
IssuerName

取得憑證簽發者的辨別名稱。

NotAfter

取得日期 (當地時間),憑證在該日期之後就不再有效。

NotBefore

取得日期 (當地時間),憑證會在該日期生效。

PrivateKey
已淘汰.

取得或設定 AsymmetricAlgorithm 物件,表示與憑證相關聯的私密金鑰。

PublicKey

取得與憑證相關聯的 PublicKey 物件。

RawData

取得憑證的原始 X.509 公用數據。

RawDataMemory

取得憑證的原始 X.509 公用數據。

SerialNumber

取得作為位元組由大到小的十六進位字串的憑證序號。

SerialNumberBytes

取得憑證序號的 big-endian 表示法。

(繼承來源 X509Certificate)
SignatureAlgorithm

取得用於建立憑證簽章的演算法。

Subject

取得憑證的主旨辨別名稱。

(繼承來源 X509Certificate)
SubjectName

取得憑證的主旨辨別名稱。

Thumbprint

取得憑證的指模。

Version

取得憑證的 X.509 格式版本。

方法

CopyWithPrivateKey(ECDiffieHellman)

結合私鑰與憑證的 ECDiffieHellman 公鑰,以產生新的 ECDiffieHellman 憑證。

CreateFromEncryptedPem(ReadOnlySpan<Char>, ReadOnlySpan<Char>, ReadOnlySpan<Char>)

從 RFC 7468 PEM 編碼憑證與受密碼保護之私密金鑰的內容建立新的 X509 憑證。

CreateFromEncryptedPemFile(String, ReadOnlySpan<Char>, String)

從 RFC 7468 PEM 編碼憑證與受密碼保護之私密金鑰的檔案內容建立新的 X509 憑證。

CreateFromPem(ReadOnlySpan<Char>)

從 RFC 7468 PEM 編碼憑證的內容建立新的 X509 憑證。

CreateFromPem(ReadOnlySpan<Char>, ReadOnlySpan<Char>)

從 RFC 7468 PEM 編碼憑證與私密金鑰的內容建立新的 X509 憑證。

CreateFromPemFile(String, String)

從 RFC 7468 PEM 編碼憑證與私密金鑰的檔案內容建立新的 X509 憑證。

Dispose()

釋放由 X509Certificate 物件使用的所有資源。

(繼承來源 X509Certificate)
Dispose(Boolean)

釋放這個 X509Certificate 使用的所有 Unmanaged 資源,並選擇性地釋放 Managed 資源。

(繼承來源 X509Certificate)
Equals(Object)

比較兩個 X509Certificate 物件是否相等。

(繼承來源 X509Certificate)
Equals(X509Certificate)

比較兩個 X509Certificate 物件是否相等。

(繼承來源 X509Certificate)
Export(X509ContentType)

以其中一個 X509Certificate 值所描述的格式,將目前的 X509ContentType 物件匯出至位元組陣列。

(繼承來源 X509Certificate)
Export(X509ContentType, SecureString)

使用指定的格式和密碼,將目前的 X509Certificate 物件匯出至位元組陣列。

(繼承來源 X509Certificate)
Export(X509ContentType, String)

以其中一個 X509Certificate 值所描述的格式,並使用指定的密碼,將目前的 X509ContentType 物件匯出至位元組陣列。

(繼承來源 X509Certificate)
ExportCertificatePem()

匯出公開 X.509 憑證,編碼為 PEM。

GetCertContentType(Byte[])

表示位元組陣列中包含的憑證類型。

GetCertContentType(ReadOnlySpan<Byte>)

指出所提供數據中包含的憑證類型。

GetCertContentType(String)

表示檔案中包含的憑證類型。

GetCertHash()

將 X.509v3 憑證的雜湊值 (Hash Value) 傳回為位元組陣列。

(繼承來源 X509Certificate)
GetCertHash(HashAlgorithmName)

傳回使用指定密碼編譯雜湊演算法所計算 X.509v3 憑證的雜湊值。

(繼承來源 X509Certificate)
GetCertHashString()

將 X.509v3 憑證的 SHA1 雜湊值傳回為十六進位的字串。

(繼承來源 X509Certificate)
GetCertHashString(HashAlgorithmName)

傳回包含使用指定密碼編譯雜湊演算法所計算 X.509v3 憑證雜湊值的十六進位字串。

(繼承來源 X509Certificate)
GetECDiffieHellmanPrivateKey()

從這個憑證取得 ECDiffieHellman 私鑰。

GetECDiffieHellmanPublicKey()

從這個憑證取得 ECDiffieHellman 公鑰。

GetEffectiveDateString()

傳回這個 X.509v3 憑證的有效日期。

(繼承來源 X509Certificate)
GetExpirationDateString()

傳回這個 X.509v3 憑證的到期日。

(繼承來源 X509Certificate)
GetFormat()

傳回這個 X.509v3 憑證的格式名稱。

(繼承來源 X509Certificate)
GetHashCode()

將 X.509v3 憑證的雜湊程式碼傳回為整數。

(繼承來源 X509Certificate)
GetIssuerName()
已淘汰.
已淘汰.
已淘汰.

傳回發出 X.509v3 憑證的憑證授權單位名稱。

(繼承來源 X509Certificate)
GetKeyAlgorithm()

傳回做為字串的這個 X.509v3 憑證金鑰演算法資訊。

(繼承來源 X509Certificate)
GetKeyAlgorithmParameters()

傳回做為位元組陣列的 X.509v3 憑證金鑰演算法參數。

(繼承來源 X509Certificate)
GetKeyAlgorithmParametersString()

傳回做為十六進位字串的 X.509v3 憑證金鑰演算法參數。

(繼承來源 X509Certificate)
GetName()
已淘汰.
已淘汰.
已淘汰.

返回已核發憑證的主要名稱。

(繼承來源 X509Certificate)
GetNameInfo(X509NameType, Boolean)

取得憑證的主旨和簽發者名稱。

GetPublicKey()

傳回做為位元組陣列的 X.509v3 憑證公開金鑰。

(繼承來源 X509Certificate)
GetPublicKeyString()

傳回做為十六進位字串的 X.509v3 憑證公開金鑰。

(繼承來源 X509Certificate)
GetRawCertData()

傳回做為位元組陣列的整個 X.509v3 憑證的未經處理資料。

(繼承來源 X509Certificate)
GetRawCertDataString()

傳回做為十六進位字串的整個 X.509v3 憑證的未經處理資料。

(繼承來源 X509Certificate)
GetSerialNumber()

傳回作為位元組由小到大順序之位元組陣列的 X.509v3 憑證序號。

(繼承來源 X509Certificate)
GetSerialNumberString()

傳回作為位元組由小到大十六進位字串的 X.509v3 憑證序號。

(繼承來源 X509Certificate)
GetType()

取得目前執行個體的 Type

(繼承來源 Object)
Import(Byte[])
已淘汰.
已淘汰.

用位元組陣列的資料,填入 X509Certificate2 物件。

Import(Byte[])
已淘汰.
已淘汰.

用位元組陣列的資料填入 X509Certificate 物件。

(繼承來源 X509Certificate)
Import(Byte[], SecureString, X509KeyStorageFlags)
已淘汰.
已淘汰.

使用位元組陣列的資料、密碼和金鑰儲存旗標,填入 X509Certificate2 物件。

Import(Byte[], SecureString, X509KeyStorageFlags)
已淘汰.
已淘汰.

使用位元組陣列的資料、密碼和金鑰儲存旗標,填入 X509Certificate 物件。

(繼承來源 X509Certificate)
Import(Byte[], String, X509KeyStorageFlags)
已淘汰.
已淘汰.

用位元組陣列的資料、密碼以及用於判斷如何匯入私密金鑰的旗標,填入 X509Certificate2 物件。

Import(Byte[], String, X509KeyStorageFlags)
已淘汰.
已淘汰.

用位元組陣列的資料、密碼和用於判斷如何匯入私密金鑰的旗標,填入 X509Certificate 物件。

(繼承來源 X509Certificate)
Import(String)
已淘汰.
已淘汰.

用憑證檔的資訊,填入 X509Certificate2 物件。

Import(String)
已淘汰.
已淘汰.

用憑證檔的資訊填入 X509Certificate 物件。

(繼承來源 X509Certificate)
Import(String, SecureString, X509KeyStorageFlags)
已淘汰.
已淘汰.

用憑證檔的資訊、密碼和金鑰儲存旗標,填入 X509Certificate2 物件。

Import(String, SecureString, X509KeyStorageFlags)
已淘汰.
已淘汰.

用憑證檔的資訊、密碼和金鑰儲存旗標,填入 X509Certificate 物件。

(繼承來源 X509Certificate)
Import(String, String, X509KeyStorageFlags)
已淘汰.
已淘汰.

用憑證檔的資訊、密碼和 X509Certificate2 值,填入 X509KeyStorageFlags 物件。

Import(String, String, X509KeyStorageFlags)
已淘汰.
已淘汰.

用憑證檔案的資訊、密碼和 X509Certificate 值,填入 X509KeyStorageFlags 物件。

(繼承來源 X509Certificate)
MatchesHostname(String, Boolean, Boolean)

檢查憑證是否符合提供的主機名。

MemberwiseClone()

建立目前 Object 的淺層複製。

(繼承來源 Object)
Reset()

重設 X509Certificate2 物件的狀態。

Reset()

重設 X509Certificate2 物件的狀態。

(繼承來源 X509Certificate)
ToString()

以文字格式顯示 X.509 憑證。

ToString(Boolean)

以文字格式顯示 X.509 憑證。

TryExportCertificatePem(Span<Char>, Int32)

嘗試匯出公用 X.509 憑證,編碼為 PEM。

TryGetCertHash(HashAlgorithmName, Span<Byte>, Int32)

使用所指定雜湊演算法來雜湊憑證的編碼表示,以嘗試產生憑證的「指紋」。

(繼承來源 X509Certificate)
Verify()

使用基本驗證原則,執行 X.509 鏈結驗證。

明確介面實作

IDeserializationCallback.OnDeserialization(Object)

實作 ISerializable 介面並在還原序列化完成時,由還原序列化事件回呼。

(繼承來源 X509Certificate)
ISerializable.GetObjectData(SerializationInfo, StreamingContext)

取得重新建立目前 X509Certificate 物件的執行個體所需之全部資料的序列化資訊。

(繼承來源 X509Certificate)

擴充方法

CopyWithPrivateKey(X509Certificate2, DSA)

結合私密金鑰與 DSA 憑證的公開金鑰,以產生新的 DSA 憑證。

GetDSAPrivateKey(X509Certificate2)

X509Certificate2 取得 DSA 私密金鑰。

GetDSAPublicKey(X509Certificate2)

X509Certificate2 取得 DSA 公開金鑰。

CopyWithPrivateKey(X509Certificate2, ECDsa)

結合私密金鑰與 ECDsa 憑證的公開金鑰,以產生新的 ECDSA 憑證。

GetECDsaPrivateKey(X509Certificate2)

X509Certificate2 憑證取得 ECDsa 私密金鑰。

GetECDsaPublicKey(X509Certificate2)

X509Certificate2 憑證取得 ECDsa 公開金鑰。

CopyWithPrivateKey(X509Certificate2, RSA)

結合私密金鑰與 RSA 憑證的公開金鑰,以產生新的 RSA 憑證。

GetRSAPrivateKey(X509Certificate2)

X509Certificate2 取得 RSA 私密金鑰。

GetRSAPublicKey(X509Certificate2)

X509Certificate2 取得 RSA 公開金鑰。

適用於