x509

问题 When signing data with RSACryptoServiceProvider in C#, I have a requirement to ensure the certificate was imported with strong key protection and a high security level to require the user enters the password every time they sign with the key. Here's a quick simplified sample of the signing code: X509Store myCurrentUserStore = new X509Store(StoreName.My, StoreLocation.CurrentUser); myCurrentUserStore.Open(OpenFlags.MaxAllowed); X509Certificate2 currentCertificate = myCurrentUserStore

问题 The following code is able to connect to a FTP server using TLS: private FtpClient getFtpsClient(System.Uri uri) { if (uri.Scheme != "ftps") { throw new NotImplementedException("Only ftps is implementent"); } var userInfo = uri.UserInfo.Split(":"); FtpClient client = new FtpClient(uri.Host, userInfo[0], userInfo[1]); client.EncryptionMode = FtpEncryptionMode.Explicit; client.SslProtocols = SslProtocols.Tls; client.ValidateCertificate += new FtpSslValidation(OnValidateCertificate); client

问题 I have a openssl X509 structure with a self signed certificate. I need to get a PEM formatted C++ string from this structure. What are the openssl APIs that I need to use to achieve this? I tried following the example program at https://www.codeblog.org/gonzui/markup/openssl-0.9.8a/demos/x509/mkcert.c. This program shows a way to write the certificate in PEM format to a file. I can read the contents of this file into a C++ string if there is no other way to do it. 回答1: look at the source of

问题 I am using following code (simplified little bit) to get certificate string from X509 structure. Basically PEM_write_bio_X509 function. X509 *certificate... .... BIO *bio = BIO_new(BIO_s_mem()), BIO_vfree); if (!bio || !PEM_write_bio_X509(bio, certificate)) { // error handling } size_t keylen = BIO_pending(bio); unique_ptr<char[]> key(new char[keylen]); int len = BIO_read(bio, key.get(), (int)keylen); if (len <= 0) { // error handling } string result = string(key.get(), len); The result is

问题 I'm trying to sign a CSR file in PEM format using OpenSSL API. I can't use X509_sign() method because I need to sign the request using a third party API. This API requires my application to send the data that needs signing and it will return me a signature. I need to send it the char* to sign to the 3rd party API, but I don't understand how the signing process works: Do I need to construct this char* with only the data from the CSR, for example the subject, the exponent and modulus of the

问题 I'm trying to sign a CSR file in PEM format using OpenSSL API. I can't use X509_sign() method because I need to sign the request using a third party API. This API requires my application to send the data that needs signing and it will return me a signature. I need to send it the char* to sign to the 3rd party API, but I don't understand how the signing process works: Do I need to construct this char* with only the data from the CSR, for example the subject, the exponent and modulus of the

问题 I have only one JDK installed in my machine and the code is pointing to the same JDK. I have installed unlimited strength cryptography library in both the folders(C:\Program Files\Java\jdk1.6.0_25\jre\lib\security and C:\Program Files\Java\jre6\lib\security). I keep getting the same exception even after adding the above mentioned unlimited strength library. This is in continuation to other ticket link Exception: Caused by: java.security.InvalidKeyException: Key is too long for unwrapping at

问题 My users are connecting to my app thanks to a smartcard containing a certificate. I am using httpd to make sure the certificate is valid : SSLCACertificateFile "${SRVROOT}/conf/ssl/certs/usersCA.crt" It works fine but I'd like to know who my user is on the server side (a spring app running on tomcat). The certificat contains a unique ID which I can use to know who the user is. Unfortunately it's stored in the subjectAltName (http://wiki.cacert.org/FAQ/subjectAltName). For reference the

问题 I am looking to encrypt files with X509 certificates using public and private keys and send them to a remote server. How would I do this? Is this even possible? How do I generate the certificate and then the public and private key pairs? 回答1: See this SO question how to create a RSACryptoServiceProvider from a X509Certificate2 that can be used to encrypt and decrypt files. The .NET framework does not contain classes to generate X.509 certificates. Mono's security classes ( Mono.Security.X509

问题 In my iOS library, I have a Base64 encoded string containing the X.509 RSA 2048 bit public key. I want to encrypt a string using this public key. Can anyone please provide some Objective C code reference, mentioning the libraries I need to include? The equivalent java code looks as below: byte[] keyBytes = Base64.decodeBase64(publicKeyData); // Get Public Key X509EncodedKeySpec rsaPublicKeySpec = new X509EncodedKeySpec(keyBytes); KeyFactory fact = KeyFactory.getInstance("RSA"); PublicKey