我有一个 .PEM 文件,其中包含用于 SSL 数据传输的公钥和私钥,如下所示:
-----BEGIN RSA PRIVATE KEY-----
private key data
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
public key data
-----END CERTIFICATE-----
当我想通过以下代码加载 .PEM 文件时:
X509Certificate2 xx = new X509Certificate2("c:\\myKey.pem");
我收到一条异常消息:“找不到请求的对象。” ,全栈:
System.Security.Cryptography.CryptographicException was unhandled
Message=Cannot find the requested object.
Source=mscorlib
StackTrace:
at System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr)
at System.Security.Cryptography.X509Certificates.X509Utils._QueryCertFileType(String fileName)
at System.Security.Cryptography.X509Certificates.X509Certificate.LoadCertificateFromFile(String fileName, Object password, X509KeyStorageFlags keyStorageFlags)
at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(String fileName)
at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName)
at DLLTest.SSL_Test.test() in E:\Projects\DLLTest\DLLTest\SSL_Test.cs:line 165
at DLLTest.SSL_Test.Run() in E:\Projects\DLLTest\DLLTest\SSL_Test.cs:line 21
at DLLTest.Program.Main(String[] args) in E:\Projects\DLLTest\DLLTest\Program.cs:line 21
at System.AppDomain._nExecuteAssembly(RuntimeAssembly assembly, String[] args)
at System.AppDomain.ExecuteAssembly(String assemblyFile, Evidence assemblySecurity, String[] args)
at Microsoft.VisualStudio.HostingProcess.HostProc.RunUsersAssembly()
at System.Threading.ThreadHelper.ThreadStart_Context(Object state)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean ignoreSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Threading.ThreadHelper.ThreadStart()
InnerException:
如果我交换私钥部分和公钥部分的位置,代码可以工作并加载数据,并且我可以只从对象中获取公钥信息,例如。发行人名称,并且其 HasPrivateKey 为假。为什么?我是否被误解并做错了什么?
有一个 article on the Code Project它具有执行此操作所需的所有代码。它只有几个类,因此是一个轻量级解决方案。
要从 PEM 文件中获取证书或 key 的字节,无论 key 和证书在文件中的顺序如何,都可以使用以下方法。
byte[] GetBytesFromPEM( string pemString, string section )
{
var header = String.Format("-----BEGIN {0}-----", section);
var footer = String.Format("-----END {0}-----", section);
var start= pemString.IndexOf(header, StringComparison.Ordinal);
if( start < 0 )
return null;
start += header.Length;
var end = pemString.IndexOf(footer, start, StringComparison.Ordinal) - start;
if( end < 0 )
return null;
return Convert.FromBase64String( pemString.Substring( start, end ) );
}
将 PEM 文件加载到一个字符串中,并调用上面的方法来获取表示证书的字节。接下来,将获得的字节传递给 X509Certificate2 的构造函数:
var pem = System.IO.File.ReadAllText( "c:\\myKey.pem" );
byte[] certBuffer = GetBytesFromPEM( pem, "CERTIFICATE" );
var certificate = new X509Certificate2( certBuffer );
从 PEM 文件加载 (RSA) 私钥有点复杂,但您会在上述文章中找到对此的支持,也可以使用 Crypto.DecodeRsaPrivateKey
方法。
我是一名优秀的程序员,十分优秀!