} // End Sub WriteCerAndCrt
public static void Test()
{
Org.BouncyCastle.Asn1.X509.X509Name caName = new Org.BouncyCastle.Asn1.X509.X509Name("CN=TestCA");
Org.BouncyCastle.Asn1.X509.X509Name eeName = new Org.BouncyCastle.Asn1.X509.X509Name("CN=TestEE");
Org.BouncyCastle.Asn1.X509.X509Name eeName25519 = new Org.BouncyCastle.Asn1.X509.X509Name("CN=TestEE25519");
string countryIso2Characters = "EA";
string stateOrProvince = "ERA";
string localityOrCity = "NeutralZone";
string companyName = "Skynet Earth Inc.";
string division = "Skynet mbH";
string domainName = "sky.net";
string email = "*****@*****.**";
Org.BouncyCastle.Asn1.X509.X509Name subj = CertificateInfo.CreateSubject(
countryIso2Characters, stateOrProvince
, localityOrCity, companyName
, division, domainName, email);
System.Console.WriteLine(subj);
Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair caKey25519 = KeyGenerator.GenerateEcKeyPair("curve25519", s_secureRandom.Value);
Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair caKey = KeyGenerator.GenerateEcKeyPair("secp256r1", s_secureRandom.Value);
Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair eeKey = KeyGenerator.GenerateRsaKeyPair(2048, s_secureRandom.Value);
string publicKey = null;
// id_rsa.pub
using (System.IO.TextWriter textWriter = new System.IO.StringWriter())
{
Org.BouncyCastle.OpenSsl.PemWriter pemWriter = new Org.BouncyCastle.OpenSsl.PemWriter(textWriter);
pemWriter.WriteObject(eeKey);
pemWriter.Writer.Flush();
publicKey = textWriter.ToString();
} // End Using textWriter
System.Console.WriteLine(publicKey);
// https://social.msdn.microsoft.com/Forums/vstudio/de-DE/8d49a681-22c6-417f-af3c-8daebd6f10dd/signierung-eines-hashs-mit-ellipticcurve-crypto?forum=visualcsharpde
// https://stackoverflow.com/questions/22963581/reading-elliptic-curve-private-key-from-file-with-bouncycastle/41947163
// PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(pkcs8key);
// The EC PARAMETERS block in your file is an accident of the way openssl ecparam - genkey works by default;
// it is not needed or used as part of the actual key and you can omit it by specifying - noout
// which is admittedly somewhat unobvious.
// The actual key structure('hidden' in the base64/ DER data) for EC(DSA / DH)
// does contain some parameter info which RSA doesn't but DSA does.
PrivatePublicPemKeyPair keyPair = KeyImportExport.GetPemKeyPair(caKey25519);
// PrivatePublicPemKeyPair keyPair = PrivatePublicPemKeyPair.ImportFrom("", "");
Org.BouncyCastle.X509.X509Certificate caCert = GenerateCertificate(caName, caName, caKey.Private, caKey.Public, s_secureRandom.Value);
Org.BouncyCastle.X509.X509Certificate eeCert = GenerateCertificate(caName, eeName, caKey.Private, eeKey.Public, s_secureRandom.Value);
Org.BouncyCastle.X509.X509Certificate ee25519Cert = GenerateCertificate(caName, eeName25519, caKey25519.Private, caKey25519.Public, s_secureRandom.Value);
bool caOk = ValidateSelfSignedCert(caCert, caKey.Public);
bool eeOk = ValidateSelfSignedCert(eeCert, caKey.Public);
bool ee25519 = ValidateSelfSignedCert(eeCert, caKey.Public);
PfxGenerator.CreatePfxFile("example.pfx", caCert, caKey.Private, null);
// System.IO.File.WriteAllBytes("fileName", caCert.Export(X509ContentType.Pkcs12, PfxPassword));
// https://info.ssl.com/how-to-der-vs-crt-vs-cer-vs-pem-certificates-and-how-to-conver-them/
// The file extensions .CRT and .CER are interchangeable.
// If your server requires that you use the .CER file extension, you can change the extension
// http://www.networksolutions.com/support/what-is-the-difference-between-a-crt-and-a-cer-file/
// https://stackoverflow.com/questions/642284/apache-with-ssl-how-to-convert-cer-to-crt-certificates
// File extensions for cryptographic certificates aren't really as standardized as you'd expect.
// Windows by default treats double - clicking a.crt file as a request to import the certificate
// So, they're different in that sense, at least, that Windows has some inherent different meaning
// for what happens when you double click each type of file.
// One is a "binary" X.509 encoding, and the other is a "text" base64 encoding that usually starts with "-----BEGIN CERTIFICATE-----".
// into the Windows Root Certificate store, but treats a.cer file as a request just to view the certificate.
// CER is an X.509 certificate in binary form, DER encoded
// CRT is a binary X.509 certificate, encapsulated in text (base-64) encoding
// Most systems accept both formats, but if you need to you can convert one to the other via openssl
// Certificate file should be PEM-encoded X.509 Certificate file:
// openssl x509 -inform DER -in certificate.cer -out certificate.pem
using (System.IO.Stream f = System.IO.File.Open("ca.cer", System.IO.FileMode.Create))
{
byte[] buf = caCert.GetEncoded();
f.Write(buf, 0, buf.Length);
f.Flush();
}
using (System.IO.Stream fs = System.IO.File.Open("ee.cer", System.IO.FileMode.Create))
{
byte[] buf = eeCert.GetEncoded();
fs.Write(buf, 0, buf.Length);
fs.Flush();
} // End Using fs
using (System.IO.Stream fs = System.IO.File.Open("ee25519.cer", System.IO.FileMode.Create))
{
byte[] buf = ee25519Cert.GetEncoded();
fs.Write(buf, 0, buf.Length);
fs.Flush();
} // End Using fs
// new System.Text.ASCIIEncoding(false)
// new System.Text.UTF8Encoding(false)
using (System.IO.Stream fs = System.IO.File.Open("ee.crt", System.IO.FileMode.Create))
{
using (System.IO.StreamWriter sw = new System.IO.StreamWriter(fs, System.Text.Encoding.ASCII))
{
byte[] buf = eeCert.GetEncoded();
string pem = ToPem(buf);
sw.Write(pem);
} // End Using sw
} // End Using fs
using (System.IO.Stream fs = System.IO.File.Open("ee25519.crt", System.IO.FileMode.Create))
{
using (System.IO.StreamWriter sw = new System.IO.StreamWriter(fs, System.Text.Encoding.ASCII))
{
byte[] buf = ee25519Cert.GetEncoded();
string pem = ToPem(buf);
sw.Write(pem);
} // End Using sw
} // End Using fs
Org.BouncyCastle.Asn1.X509.X509Name subject = eeName25519;
} // End Sub Test
