版权声明:本文为starfd原创文章,转载请标明出处。 https://blog.csdn.net/starfd/article/details/79217232
首先普及下知识,CSR是证书签名请求,它不是证书,是用于向CA公司申请证书的,以下为代码:
using Org.BouncyCastle.Asn1;
using Org.BouncyCastle.Asn1.Pkcs;
using Org.BouncyCastle.Asn1.X509;
using Org.BouncyCastle.Crypto;
using Org.BouncyCastle.Crypto.Generators;
using Org.BouncyCastle.Crypto.Operators;
using Org.BouncyCastle.Pkcs;
using Org.BouncyCastle.Security;
/// <summary>
/// pcks10辅助类
/// </summary>
public class RSAPcks10Helper
{
/// <summary>
/// 生成CSR及返回其使用的私钥
/// </summary>
/// <param name="dirName">dn</param>
/// <param name="csr">生成的csr内容部分字符串 base64格式</param>
/// <param name="privateKey">生成的RSA秘钥内容部分pcks8格式 base64格式</param>
/// <param name="signatureAlgorithm">签名算法</param>
/// <param name="keyLength">生成的秘钥长度</param>
public static void GenerateCSR(string dirName, out string csr, out string privateKey, string signatureAlgorithm = "SHA1WithRSA", int keyLength = 2048)
{
GenerateCSR(dirName, out byte[] csrData, out byte[] privateKeyPcks8Data, signatureAlgorithm, keyLength);
csr = Convert.ToBase64String(csrData);
privateKey = Convert.ToBase64String(privateKeyPcks8Data);
}
/// <summary>
/// 生成CSR及返回其使用的私钥
/// </summary>
/// <param name="dirName">dn</param>
/// <param name="csrData">生成的csr内容</param>
/// <param name="privateKeyPcks8Data">生成的RSA秘钥内容 pcks8格式</param>
/// <param name="signatureAlgorithm">签名算法</param>
/// <param name="keyLength">生成的秘钥长度</param>
public static void GenerateCSR(string dirName, out byte[] csrData, out byte[] privateKeyPcks8Data, string signatureAlgorithm = "SHA1WithRSA", int keyLength = 2048)
{
RsaKeyPairGenerator generator = new RsaKeyPairGenerator();
generator.Init(new KeyGenerationParameters(new SecureRandom(), keyLength));
var keyPair = generator.GenerateKeyPair();
X509Name subject = new X509Name(dirName);
Pkcs10CertificationRequest p10 = new Pkcs10CertificationRequest(new Asn1SignatureFactory(signatureAlgorithm, keyPair.Private), subject, keyPair.Public, new DerSet(), keyPair.Private);
csrData = p10.GetEncoded();
PrivateKeyInfo privateKeyInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(keyPair.Private);
privateKeyPcks8Data = privateKeyInfo.ToAsn1Object().GetEncoded();
}
/// <summary>
/// 生成CSR及返回其使用的私钥
/// </summary>
/// <param name="dic">dn字典</param>
/// <param name="csr">生成的csr内容部分字符串 base64格式</param>
/// <param name="privateKey">生成的RSA秘钥内容部分pcks8格式 base64格式</param>
/// <param name="signatureAlgorithm"></param>
/// <param name="keyLength"></param>
public static void GenerateCSR(IDictionary<string, string> dic, out string csr, out string privateKey, string signatureAlgorithm = "SHA1WithRSA", int keyLength = 2048)
{
GenerateCSR(GenerateDN(dic), out csr, out privateKey, signatureAlgorithm, keyLength);
}
/// <summary>
/// 生成CSR及返回其使用的私钥
/// </summary>
/// <param name="dic">dn字典</param>
/// <param name="csrData">生成的csr内容</param>
/// <param name="privateKeyPcks8Data">生成的RSA秘钥内容 pcks8格式</param>
/// <param name="signatureAlgorithm"></param>
/// <param name="keyLength"></param>
public static void GenerateCSR(IDictionary<string, string> dic, out byte[] csrData, out byte[] privateKeyPcks8Data, string signatureAlgorithm = "SHA1WithRSA", int keyLength = 2048)
{
GenerateCSR(GenerateDN(dic), out csrData, out privateKeyPcks8Data, signatureAlgorithm, keyLength);
}
/// <summary>
/// 生成X509所需的subject字符串,key值支持哪些字段可通过Org.BouncyCastle.Asn1.X509.X509Name的static reaonly字段查看
/// </summary>
/// <param name="dic"></param>
/// <returns></returns>
public static string GenerateDN(IDictionary<string, string> dic)
{
if (dic == null || dic.Count == 0)
{
throw new ArgumentNullException("dic can not be null or empty");
}
StringBuilder tmp = new StringBuilder();
foreach (var kv in dic)
{
if (!string.IsNullOrWhiteSpace(kv.Value))
{
tmp.AppendFormat("{0}={1},", kv.Key, kv.Value);
}
}
if (tmp.Length > 0)
{
tmp = tmp.Remove(tmp.Length - 1, 1);
}
return tmp.ToString();
}
}
这里就不贴BouncyCastle的下载链接了,这里附上DN说明链接:https://www.cnblogs.com/iiiiher/p/8085698.html,更多支持的Key可以通过Org.BouncyCastle.Asn1.X509.X509Name下的static reaonly字段查看,测试代码如下:
static void GenerateCSRDemo()
{
IDictionary<string, string> dic = new Dictionary<string, string>()
{
{ "CN","公司主题名称"},
{ "O","单位组织名称"},
{ "C","CN"},
{ "ST","上海"},
{ "L","上海"},
};
RSAPcks10Helper.GenerateCSR(dic, out string csrContent, out string privateKey);
Console.WriteLine("-------CSR Content-------");
Console.WriteLine(csrContent);
Console.WriteLine("-------privateKey in pcks8-------");
Console.WriteLine(privateKey);
}
注意方法里返回的csr和私钥都只是主体部分,不包含相应的
-----BEGIN -----END 标签