问题
Does anyone know a C# framework that can generate public/private keys, X.509 certificates and sign those certificates?
回答1:
BouncyCastleCrypto, as crazy of a name it is, I am pretty sure has all of these capabilities. Just about all of the RFC standards are implemented. When I used it a few years ago it was poorly documented, but the unit testing was very thorough, so much so that you could search around for certain key words like "509" and find unit tests that are exercising the part of the framework that you need.
I really found that I had to read through in great detail some of the RFC standards in order to understand how to use the framework. They really didn't put any effort into making things as simple as "cert.Sign(key)". Instead it is very granular, and you have to create half a dozen objects and know exactly how to put them together in order to get something done. This however, gives you complete flexibility and power, should you know how to wield that power.
I personally used it to load X.509 certificates, perform various key generation tasks, digital signing/verification, self signing, etc. but I have long forgotten all of it, so not much help other than a confident, it can be done.
回答2:
I would also recommend the Bouncy Castle library for production purposes. However, if you want something less comprehensive with a milder learning curve, you could use Windows’ own Certificate Creation Tool, makecert.exe. You can run it from C# using Process.Start, providing the correct command-line arguments.
来源:https://stackoverflow.com/questions/11232669/c-sharp-certificate-generation-framework