x509certificate

问题 I'm trying to verify if an specific message is signed with a valid signature from an entity certificate recognized by my own trust anchor. I'm doing this: public static boolean isValid(CMSSignedData signedData, X509Certificate rootCert) throws Exception { CertStore certsAndCRLs = signedData.getCertificatesAndCRLs("Collection", "BC"); SignerInformationStore signers = signedData.getSignerInfos(); Iterator it = signers.getSigners().iterator(); if (it.hasNext()){ SignerInformation signer =

问题 I need to create a RSAParameters object in .Net using a private and public key (.key and .cer file). Is it possible to do this in .Net without the use of third party software? If so, where should I be looking. I ultimately need to extract the Exponent, Modulus, D, P, Q, DP, DQ, InverseQ from this object in order to create a keyblob for a cryptoServer. Thanks! 回答1: ".key" and ".cer" file extensions are in no way an unambiguous specification of how the keys are encoded. However, it is plausible

问题 I am trying to consume a Web Service HTTPS (using a certificate authentication). I have added my Web Service in my Web Reference on my project and "myCertificate.cer" has imported to Console Root\Certificates\Personal. I have an error 401: The request failed with HTTP status 401: Unauthorized. Any idea? .... using System.Security.Cryptography.X509Certificates; ... string certPath = @"C:\myCertificate.cer"; // Load the certificate into an X509Certificate object. X509Certificate cert =

问题 I have certificate file and private key file in pem format. Is it possible to load these files into Java keystore using Java code with default libraries that comes with JDK and not with third party libraries. When I tried googling, I am able to find only files which are in .der format to import into java keystore using java code. http://knowledge-oracle.blogspot.in/2009/02/import-private-key-and-certificate-in.html Is it possible to load key and certificate file which is in pem format into

问题 Ok, I am quite new to the crypto world of bouncyCastle, and perhaps is a mental block, I can't seem to find(/google for) the equivalent to: X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser); store.Open(OpenFlags.ReadOnly); I think it might be the easiest and dumbest thing, but how can I access the windows installed certificates, using bouncy castle? Or if I can't, how can i convert my System.Security.Cryptography.X509Certificates.X509Certificate2 to Org.BouncyCastle

问题 We create a X509Certificate2 object in our ASP.NET app to make periodic outgoing connections. Every time one of these certificates is created a new file is created in: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys That folder now has 4 million files that never get cleaned up. I've tried removing the Persist flag new X509Certificate2(certBytes, p12Pwd, X509KeyStorageFlags.MachineKeySet); //no X509KeyStorageFlags.PersistKeySet but that doesn't help -- still get the 2Kb file on every call. I

问题 I want to use TLS mutual authentication to authenticate a client on a API made in go. I've created a certificate authority, and let's say Bob has a key pair he wants to use with the client. Bob created a certificate request and want me to validate his certificate in order to be authorized and authenticated on the API. I've used this to create my Certificate Authority : openssl genrsa -aes256 -out ca.key 4096 openssl req -new -x509 -sha256 -days 730 -key ca.key -out ca.crt Bob used this to

问题 I have a simple chain setup and can successfully verify in this case: $ openssl version OpenSSL 1.0.2m 2 Nov 2017 $ openssl verify -CAfile chain.pem cert.pem cert.pem: OK However I get errors in these cases: $ openssl verify -CAfile ca-cert.pem cert.pem cert.pem: C = US... error 2 at 1 depth lookup:unable to get issuer certificate Specifically the unable to get issuer certificate . Also get it here: $ openssl verify chain.pem chain.pem: C = US... error 20 at 0 depth lookup:unable to get local

问题 I have a .NET (c#) application which uses the x509Certificate2 in the 'my' Certificate Store, originally coming from an eToken device. When I use the certificate (to decrypt data or use it as a clientcert for web requests), it will ask for the device PIN once. After that, it is cached, the user isn't bothered with the password request every xx minutes. Now, I have multiple processes, that all use the certificate. Each of these processes will request the device PIN. (the cache seems to be per

问题 You can install certificate into certificate store using Wizard in certmgr.msc (Right click install)? Does anyone knows how to "cleanly" remove all the certificate by either using wizard/Code (pref.) /Script ? I want to be able to remove everything (that I have installed earlier) from the LocalMachine and/or CurrentUser Store without leaving any residue. Thanks 回答1: You could try the X509Store and releated classes in the .Net Framework to delete a certificate from the certificate store. The