早上好。我已经尝试了很多天将我使用 iTextSharp 的签名过程转移到 iText7。 它给我的主要错误是在尝试使用 Pkcs12Stores 时,因为它告诉我它不包含构造函数。事实上,查看集成包的代码,该类没有构造函数。怎么可能呢?我必须安装什么软件包?
我尝试过 itext7.bouncy-castle-adapter、itext7.bouncy-castle-fips-adapter、BouncyCastle.Cryptography... 但找不到它。 有人可以帮我吗?
您可以使用 Pkcs12StoreBuilder。
public static void Test()
{
string pfxLocation = @"D:\lol\certificate.pfx";
pfxLocation = @"D:\username\Desktop\DesktopArchiv\20180329_Desktop\CORMailService\CORMailService\CORMailService\CORMailService_TemporaryKey.pfx";
string storePass = "";
Org.BouncyCastle.Pkcs.Pkcs12Store store = new Org.BouncyCastle.Pkcs.Pkcs12StoreBuilder().Build();
using (System.IO.Stream stream = new System.IO.FileStream(pfxLocation, System.IO.FileMode.Open, System.IO.FileAccess.Read, System.IO.FileShare.Read))
{
store.Load(stream, storePass.ToCharArray());
} // End Using stream
System.Console.WriteLine(store);
foreach (string alias in store.Aliases)
{
System.Console.WriteLine(alias);
// https://7thzero.com/blog/bouncy-castle-convert-a-bouncycastle-asymmetrickeyentry-to-a-.ne
if (store.IsKeyEntry((string)alias))
{
Org.BouncyCastle.Pkcs.AsymmetricKeyEntry keyEntry = store.GetKey(alias);
System.Console.WriteLine(keyEntry);
Org.BouncyCastle.Crypto.AsymmetricKeyParameter privateKey = keyEntry.Key;
System.Console.WriteLine(privateKey.IsPrivate);
} // End if (store.IsKeyEntry((string)alias))
Org.BouncyCastle.Pkcs.X509CertificateEntry certEntry = store.GetCertificate(alias);
Org.BouncyCastle.X509.X509Certificate cert = certEntry.Certificate;
System.Console.WriteLine(cert);
Org.BouncyCastle.Crypto.AsymmetricKeyParameter publicKey = cert.GetPublicKey();
System.Console.WriteLine(publicKey);
// Org.BouncyCastle.Pkcs.X509CertificateEntry[] chain = store.GetCertificateChain(alias);
// System.Security.Cryptography.X509Certificates.X509Certificate2 cert2 = new System.Security.Cryptography.X509Certificates.X509Certificate2(cert.GetEncoded());
// Org.BouncyCastle.Security.DotNetUtilities.ToX509Certificate(cert);
System.Security.Cryptography.X509Certificates.X509Certificate2 cert2 = new System.Security.Cryptography.X509Certificates.X509Certificate2(pfxLocation);
// cert2.PrivateKey = null;
if (cert2.HasPrivateKey)
{
System.Console.WriteLine(cert2.PrivateKey);
} // End if (cert2.HasPrivateKey)
} // Next alias
} // End Sub Test
例如
public void LoadCertificateUsingBouncyCastle(byte[] pfxBytes, string password)
{
Org.BouncyCastle.Pkcs.Pkcs12Store pkcs12Store = new Org.BouncyCastle.Pkcs.Pkcs12StoreBuilder().Build();
using (System.IO.Stream stream = new System.IO.MemoryStream(pfxBytes))
{
pkcs12Store.Load(stream, password.ToCharArray());
} // End Using stream
string? alias = null;
foreach (string al in pkcs12Store.Aliases)
{
if (pkcs12Store.IsKeyEntry(al))
{
alias = al;
break;
}
}
Org.BouncyCastle.Pkcs.AsymmetricKeyEntry keyEntry = pkcs12Store.GetKey(alias);
Org.BouncyCastle.Crypto.AsymmetricKeyParameter privateKey = keyEntry.Key; // Private key
Org.BouncyCastle.Pkcs.X509CertificateEntry certificateEntry = pkcs12Store.GetCertificate(alias);
Org.BouncyCastle.X509.X509Certificate certificate = certificateEntry.Certificate; // Certificate
string? privateKeyPem = null;
string? certificatePem = null;
// Export private key and certificate as needed.
using (System.IO.StringWriter privateKeyString = new System.IO.StringWriter())
{
using (Org.BouncyCastle.OpenSsl.PemWriter pemWriter = new Org.BouncyCastle.OpenSsl.PemWriter(privateKeyString))
{
pemWriter.WriteObject(privateKey);
privateKeyPem = privateKeyString.ToString();
}
}
using (System.IO.StringWriter certString = new System.IO.StringWriter())
{
using (Org.BouncyCastle.OpenSsl.PemWriter pemWriter = new Org.BouncyCastle.OpenSsl.PemWriter(certString))
{
pemWriter.WriteObject(certificate);
certificatePem = certString.ToString();
}
}
System.Console.WriteLine("Private Key: " + privateKeyPem);
System.Console.WriteLine("Certificate: " + certificatePem);
}
或者你也可以不使用 BouncyCastle 来实现:
// Load the PFX from bytes
public void LoadCertificateUsingDotNet(byte[] pfxBytes, string password)
{
System.Security.Cryptography.X509Certificates.X509Certificate2 certificate = new System.Security.Cryptography.X509Certificates.X509Certificate2(
pfxBytes,
password,
System.Security.Cryptography.X509Certificates.X509KeyStorageFlags.PersistKeySet |
System.Security.Cryptography.X509Certificates.X509KeyStorageFlags.Exportable
);
// Get the private key (if available)
System.Security.Cryptography.RSA? privateKey = System.Security.Cryptography.X509Certificates.RSACertificateExtensions.GetRSAPrivateKey(certificate);
if (privateKey != null)
{
System.Console.WriteLine("Private Key: " + privateKey.ToXmlString(true)); // Export as XML (for RSA keys)
} // End if (privateKey != null)
// Display certificate details
System.Console.WriteLine("Subject: " + certificate.Subject);
System.Console.WriteLine("Issuer: " + certificate.Issuer);
System.Console.WriteLine("Expiration: " + certificate.NotAfter);
} // End Sub LoadCertificateUsingDotNet