public void LookUpTest() { string eku = "TimeStamping"; KeyPurposeID expected = KeyPurposeID.IdKPTimeStamping; KeyPurposeID actual; actual = extendedKeyUsage.LookUp(eku); Assert.AreEqual(expected, actual); }
// Create the Asn1Encodable version private void encode() { KeyPurposeID[] kpUsages = new KeyPurposeID[usage.Count()]; int i = 0; foreach (string eku in usage) { kpUsages[i] = LookUp(eku); i++; } base.encValue = new ExtendedKeyUsage(kpUsages); }
/// <summary> /// Lookup the OID for an Extended Key Usage /// </summary> /// <param name="eku">Extended Key Usage name</param> /// <returns>OID</returns> public static KeyPurposeID LookUp(string eku) { KeyPurposeID oid; try { oid = new KeyPurposeID(eKuOIDs[eku]); } catch (KeyNotFoundException) { throw new ApplicationException("Unknown EKU: " + eku); } return(oid); }
public CertificateOptions(PkiAlgorithm algorithm, string?cn = null, string?o = null, string?ou = null, string?c = null, string?st = null, string?l = null, string?e = null, Memory <byte> serial = default, DateTimeOffset?expires = null, string[]?subjectAltNames = null, PkiShaSize shaSize = PkiShaSize.SHA256, int keyUsages = 0, KeyPurposeID[]?extendedKeyUsages = null) { this.Algorithm = algorithm; this.CN = cn._NonNullTrim(); this.O = o._NonNullTrim(); this.OU = ou._NonNullTrim(); this.C = c._NonNullTrim(); this.ST = st._NonNullTrim(); this.L = l._NonNullTrim(); this.E = e._NonNullTrim(); this.Serial = serial._CloneMemory(); this.ShaSize = shaSize; if (this.Serial.IsEmpty) { this.Serial = Secure.Rand(16); this.Serial.Span[0] = (byte)(this.Serial.Span[0] & 0x7f); } this.Expires = expires ?? Util.MaxDateTimeOffsetValue; this.SubjectAlternativeNames.Add(this.CN); if (keyUsages == 0) { keyUsages = KeyUsage.DigitalSignature | KeyUsage.NonRepudiation | KeyUsage.KeyEncipherment | KeyUsage.DataEncipherment | KeyUsage.KeyCertSign | KeyUsage.CrlSign; } this.KeyUsages = keyUsages; if (extendedKeyUsages == null) { extendedKeyUsages = new KeyPurposeID[] { KeyPurposeID.IdKPServerAuth, KeyPurposeID.IdKPClientAuth, KeyPurposeID.IdKPCodeSigning, KeyPurposeID.IdKPEmailProtection, KeyPurposeID.IdKPIpsecEndSystem, KeyPurposeID.IdKPIpsecTunnel, KeyPurposeID.IdKPIpsecUser, KeyPurposeID.IdKPTimeStamping, KeyPurposeID.IdKPOcspSigning }; } this.ExtendedKeyUsages = extendedKeyUsages; if (subjectAltNames != null) { subjectAltNames.Where(x => x._IsEmpty() == false)._DoForEach(x => this.SubjectAlternativeNames.Add(x.Trim())); } }
public static X509Certificate2 IssueCertificate( string basename, string password, DistinguishedName dn, CertificateType certtype, DateTime notBefore, DateTime notAfter) { var certificateGenerator = new X509V3CertificateGenerator(); var privateOutputPath = ""; var publicOutputPath = ""; /* Prepare output directories */ if (certtype == CertificateType.AuthorityCertificate) { privateOutputPath = AuthorityPrivateCertificatesPath; publicOutputPath = AuthorityPublicCertificatesPath; } else if (certtype == CertificateType.ServerCertificate) { privateOutputPath = ServerPrivateCertificatesPath; publicOutputPath = ServerPublicCertificatesPath; } else { privateOutputPath = UserPrivateCertificatesPath; publicOutputPath = UserPublicCertificatesPath; } /* Certificate Asymmetric Keys */ CryptoApiRandomGenerator randomGenerator = new CryptoApiRandomGenerator(); SecureRandom random = new SecureRandom(randomGenerator); KeyGenerationParameters keyGenerationParameters = new KeyGenerationParameters(random, 2048); RsaKeyPairGenerator keyPairGenerator = new RsaKeyPairGenerator(); keyPairGenerator.Init(keyGenerationParameters); AsymmetricCipherKeyPair subjectKeyPair = keyPairGenerator.GenerateKeyPair(); certificateGenerator.SetPublicKey(subjectKeyPair.Public); /* Certificate Serial Number */ BigInteger serialNumber = BigIntegers.CreateRandomInRange( BigInteger.One, BigInteger.ValueOf(Int64.MaxValue), random); certificateGenerator.SetSerialNumber(serialNumber); /* Certificate Date Constrains */ certificateGenerator.SetNotBefore(notBefore); certificateGenerator.SetNotAfter(notAfter); /* Certificate Issuer and Subject DN */ string issuerName = IssuerDN.ToString(); if (certtype == CertificateType.AuthorityCertificate) { /* A Certification Authority is a self signed certificate */ issuerName = dn.ToString(); } certificateGenerator.SetSubjectDN(new X509Name(dn.ToString())); certificateGenerator.SetIssuerDN(new X509Name(issuerName)); /* Certificate Alternative Names */ if (dn.AlternativeNames != null && dn.AlternativeNames.Any()) { var subjectAlternativeNamesExtension = new DerSequence( dn.AlternativeNames.Select(name => new GeneralName(GeneralName.DnsName, name)) .ToArray <Asn1Encodable> ()); certificateGenerator.AddExtension( X509Extensions.SubjectAlternativeName.Id, false, subjectAlternativeNamesExtension); } /* Certificate Keys Usage */ var keyUsageFlags = KeyUsage.KeyCertSign | KeyUsage.KeyEncipherment | KeyUsage.DataEncipherment | KeyUsage.DigitalSignature; if (certtype == CertificateType.AuthorityCertificate || certtype == CertificateType.ServerCertificate) { keyUsageFlags |= KeyUsage.CrlSign | KeyUsage.NonRepudiation; } certificateGenerator.AddExtension( X509Extensions.KeyUsage.Id, false, new KeyUsage(keyUsageFlags)); /* Certificate Extended Key Usages */ if (certtype != CertificateType.AuthorityCertificate) { KeyPurposeID[] extendedUsages = null; if (certtype == CertificateType.ServerCertificate) { extendedUsages = new KeyPurposeID[] { KeyPurposeID.IdKPServerAuth, }; } else { extendedUsages = new KeyPurposeID[] { KeyPurposeID.IdKPClientAuth, KeyPurposeID.IdKPEmailProtection, }; } certificateGenerator.AddExtension( X509Extensions.ExtendedKeyUsage.Id, false, new ExtendedKeyUsage(extendedUsages)); } /* Certificate Authority Key Identifier */ /* A Certification Authority is a self signed certificate */ AsymmetricCipherKeyPair issuerKeyPair = subjectKeyPair;; if (certtype != CertificateType.AuthorityCertificate) { issuerKeyPair = DotNetUtilities.GetKeyPair(IssuerCertificate.PrivateKey); } var issuerPKIFactory = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(issuerKeyPair.Public); var generalNames = new GeneralNames( new GeneralName(new X509Name(issuerName))); /* A Certification Authority is a self signed certificate */ BigInteger issuerSerialNumber = serialNumber; if (certtype != CertificateType.AuthorityCertificate) { issuerSerialNumber = new BigInteger(IssuerCertificate.GetSerialNumber()); } var authorityKIExtension = new AuthorityKeyIdentifier( issuerPKIFactory, generalNames, issuerSerialNumber); certificateGenerator.AddExtension( X509Extensions.AuthorityKeyIdentifier.Id, false, authorityKIExtension); /* Certificate Subject Key Identifier */ var subjectPKIFactory = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(subjectKeyPair.Public); var subjectKIExtension = new SubjectKeyIdentifier(subjectPKIFactory); certificateGenerator.AddExtension( X509Extensions.SubjectKeyIdentifier.Id, false, subjectKIExtension); /* Certificate Basic constrains */ bool isCertificateAuthority = false; if (certtype == CertificateType.AuthorityCertificate) { isCertificateAuthority = true; } var basicConstrains = new BasicConstraints(isCertificateAuthority); certificateGenerator.AddExtension( X509Extensions.BasicConstraints.Id, true, basicConstrains); /* Generate BouncyCastle Certificate */ ISignatureFactory signatureFactory = new Asn1SignatureFactory( "SHA512WITHRSA", issuerKeyPair.Private, random ); /* Generate P12 Certificate Store and write to disk*/ var store = new Pkcs12Store(); var certificate = certificateGenerator.Generate(signatureFactory); var certificateEntry = new X509CertificateEntry(certificate); var stream = new MemoryStream(); store.SetCertificateEntry(dn.ToString(), certificateEntry); store.SetKeyEntry(dn.ToString(), new AsymmetricKeyEntry(subjectKeyPair.Private), new [] { certificateEntry }); store.Save(stream, password.ToCharArray(), random); File.WriteAllBytes(privateOutputPath + basename + ".p12", stream.ToArray()); /* Convert to Microsoft X509Certificate2 and write to disk pfx and der files */ var convertedCertificate = new X509Certificate2(stream.ToArray(), password, X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable); File.WriteAllBytes(privateOutputPath + basename + ".pfx", convertedCertificate.Export(X509ContentType.Pfx, password)); File.WriteAllBytes(publicOutputPath + basename + ".crt", convertedCertificate.Export(X509ContentType.Cert, password)); return(convertedCertificate); }
/// <summary> /// Generate certificate request and private key file /// </summary> /// <param name="random"></param> /// <param name="subjectKeyPair"></param> /// <param name="subjectSerialNumber"></param> /// <param name="commonName"></param> /// <param name="subjectAlternativeNames"></param> /// <param name="issuerKeyPair"></param> /// <param name="issuerSerialNumber"></param> /// <param name="isCertificateAuthority"></param> /// <param name="usages"></param> /// <param name="signatureAlgorithm"></param> /// <param name="countryCode"></param> /// <param name="stateOrProvinceName"></param> /// <param name="localityName"></param> /// <param name="organization"></param> /// <param name="arrccbKeyUsage"></param> /// <param name="arrExtendedKeyUsage"></param> /// <param name="outputPrivateKeyName"></param> /// <param name="outputCertReqFile"></param> private async void GenerateCertificate(SecureRandom random, AsymmetricCipherKeyPair subjectKeyPair, BigInteger subjectSerialNumber, string commonName, string[] subjectAlternativeNames, AsymmetricCipherKeyPair issuerKeyPair, BigInteger issuerSerialNumber, bool isCertificateAuthority, KeyPurposeID[] usages, string signatureAlgorithm, string countryCode, string stateOrProvinceName, string localityName, string organization, List <int> arrccbKeyUsage, List <string> arrExtendedKeyUsage, string outputPrivateKeyName, string outputCertReqFile) { #region Private Key IDictionary attrs = new Hashtable(); attrs[X509Name.CN] = commonName; attrs[X509Name.C] = countryCode; attrs[X509Name.ST] = stateOrProvinceName; attrs[X509Name.L] = localityName; attrs[X509Name.O] = organization; IList ord = new ArrayList(); ord.Add(X509Name.CN); ord.Add(X509Name.C); ord.Add(X509Name.ST); ord.Add(X509Name.L); ord.Add(X509Name.O); X509Name issuerDN = new X509Name(ord, attrs); try { using (TextWriter tw = new StreamWriter(outputPrivateKeyName)) { PemWriter pw = new PemWriter(tw); pw.WriteObject(subjectKeyPair.Private); tw.Flush(); } tbOutputMessageBox.Text += "File with private key: " + outputPrivateKeyName + " sucessfully generated." + "\n"; } catch (Exception ex) { Brush bckForeground = tbOutputMessageBox.Foreground; tbOutputMessageBox.Foreground = new SolidColorBrush(Colors.Red); tbOutputMessageBox.Text += "ERROR creating certificate private key file (.key)" + "\n" + "Error: " + ex.Source + " " + ex.Message; tbOutputMessageBox.Foreground = bckForeground; var metroWindow = (Application.Current.MainWindow as MetroWindow); await metroWindow.ShowMessageAsync("Info Warning", "ERROR creating certificate private key file (.key)" + "\n" + "Error: " + ex.Source + " " + ex.Message, MessageDialogStyle.Affirmative); return; } #endregion Private Key #region Public Key - old //if (outputPublicKeyName != null) //{ // //SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(subjectKeyPair.Public); // //byte[] serializedPublicBytes = publicKeyInfo.ToAsn1Object().GetDerEncoded(); // //string serializedPublic = Convert.ToBase64String(serializedPublicBytes); // ////StringBuilder publicKeyStrBuilder = new StringBuilder(); // ////PemWriter publicKeyPemWriter = new PemWriter(new StringWriter(publicKeyStrBuilder)); // ////publicKeyPemWriter.WriteObject(subjectKeyPair.Public); // ////publicKeyPemWriter.Writer.Flush(); // ////string publicKey = publicKeyStrBuilder.ToString(); // try // { // var store = new Pkcs12Store(); // string friendlyName = certificate.SubjectDN.ToString(); // var certificateEntry = new X509CertificateEntry(certificate); // store.SetCertificateEntry(friendlyName, certificateEntry); // store.SetKeyEntry(friendlyName, new AsymmetricKeyEntry(subjectKeyPair.Private), new[] { certificateEntry }); // var stream = new MemoryStream(); // store.Save(stream, "password".ToCharArray(), random); // //Verify that the certificate is valid. // var convertedCertificate = new X509Certificate2(stream.ToArray(), "password", X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable); // //Write the file. // File.WriteAllBytes(outputPublicKeyName, stream.ToArray()); // File.WriteAllBytes(System.IO.Path.ChangeExtension(outputPublicKeyName, ".cer"), certificate.GetEncoded()); // //using (TextWriter tw = new StreamWriter(outputPublicKeyName)) // //{ // // PemWriter pw = new PemWriter(tw); // // pw.WriteObject(subjectKeyPair.Public); // // tw.Flush(); // //} // tbOutputMessageBox.Text += "File with private key: " + outputPublicKeyName + " sucessfully generated." + "\n"; // } // catch (Exception ex) // { // var metroWindow = (Application.Current.MainWindow as MetroWindow); // await metroWindow.ShowMessageAsync("Info Warning", // "ERROR creating certificate private key file (.key)" + "\n" + // "Error: " + ex.Source + " " + ex.Message, // MessageDialogStyle.Affirmative); // return; // } //} #endregion Public Key #region CSR - Certificate Request file (.csr) // BasicConstraints var extensions = new Dictionary <DerObjectIdentifier, Org.BouncyCastle.Asn1.X509.X509Extension>() { { X509Extensions.BasicConstraints, new Org.BouncyCastle.Asn1.X509.X509Extension(true, new DerOctetString(new BasicConstraints(false))) } }; DerOctetString tmp = new DerOctetString(new BasicConstraints(false)); //KeyUsage if (arrccbKeyUsage.Count > 0) { int usage = 0; for (int i = 0; i < arrccbKeyUsage.Count; i++) { usage = usage | arrccbKeyUsage[i]; } KeyUsage keyUsage = new KeyUsage(usage); extensions.Add(X509Extensions.KeyUsage, new Org.BouncyCastle.Asn1.X509.X509Extension(true, new DerOctetString(keyUsage))); } //ExtendedKeyUsage if (arrExtendedKeyUsage.Count > 0) { KeyPurposeID[] extendedKeyUsageArr = new KeyPurposeID[arrExtendedKeyUsage.Count]; for (int i = 0; i < arrExtendedKeyUsage.Count; i++) { if (KeyPurposeID.AnyExtendedKeyUsage.ToString() == arrExtendedKeyUsage[i]) { extendedKeyUsageArr[i] = KeyPurposeID.AnyExtendedKeyUsage; } else if (KeyPurposeID.IdKPServerAuth.ToString() == arrExtendedKeyUsage[i]) { extendedKeyUsageArr[i] = KeyPurposeID.IdKPServerAuth; } else if (KeyPurposeID.IdKPClientAuth.ToString() == arrExtendedKeyUsage[i]) { extendedKeyUsageArr[i] = KeyPurposeID.IdKPClientAuth; } else if (KeyPurposeID.IdKPCodeSigning.ToString() == arrExtendedKeyUsage[i]) { extendedKeyUsageArr[i] = KeyPurposeID.IdKPCodeSigning; } else if (KeyPurposeID.IdKPEmailProtection.ToString() == arrExtendedKeyUsage[i]) { extendedKeyUsageArr[i] = KeyPurposeID.IdKPEmailProtection; } else if (KeyPurposeID.IdKPIpsecEndSystem.ToString() == arrExtendedKeyUsage[i]) { extendedKeyUsageArr[i] = KeyPurposeID.IdKPIpsecEndSystem; } else if (KeyPurposeID.IdKPIpsecTunnel.ToString() == arrExtendedKeyUsage[i]) { extendedKeyUsageArr[i] = KeyPurposeID.IdKPIpsecTunnel; } else if (KeyPurposeID.IdKPIpsecUser.ToString() == arrExtendedKeyUsage[i]) { extendedKeyUsageArr[i] = KeyPurposeID.IdKPIpsecUser; } else if (KeyPurposeID.IdKPTimeStamping.ToString() == arrExtendedKeyUsage[i]) { extendedKeyUsageArr[i] = KeyPurposeID.IdKPTimeStamping; } else if (KeyPurposeID.IdKPOcspSigning.ToString() == arrExtendedKeyUsage[i]) { extendedKeyUsageArr[i] = KeyPurposeID.IdKPOcspSigning; } } ExtendedKeyUsage extendedKeyUsage = new ExtendedKeyUsage(extendedKeyUsageArr); Asn1OctetString asn1ost = new DerOctetString(extendedKeyUsage); extensions.Add(X509Extensions.ExtendedKeyUsage, new Org.BouncyCastle.Asn1.X509.X509Extension(false, new DerOctetString(extendedKeyUsage))); } //SubjectAlternativeName if (subjectAlternativeNames.Length > 0) { GeneralNames names = new GeneralNames( subjectAlternativeNames.Select(n => new GeneralName(GeneralName.DnsName, n)).ToArray() ); extensions.Add(X509Extensions.SubjectAlternativeName, new Org.BouncyCastle.Asn1.X509.X509Extension(false, new DerOctetString(names))); } //SubjectKeyIdentifier extensions.Add(X509Extensions.SubjectKeyIdentifier, new Org.BouncyCastle.Asn1.X509.X509Extension(false, new DerOctetString(new SubjectKeyIdentifierStructure(subjectKeyPair.Public)))); ISignatureFactory sigFactory = new Asn1SignatureFactory(signatureAlgorithm, subjectKeyPair.Private); Pkcs10CertificationRequest csr = new Pkcs10CertificationRequest( sigFactory, issuerDN, subjectKeyPair.Public, new DerSet(new AttributePkcs(PkcsObjectIdentifiers.Pkcs9AtExtensionRequest, new DerSet(new X509Extensions(extensions)))), subjectKeyPair.Private); bool isOK = csr.Verify(); if (isOK) { tbOutputMessageBox.Text += "File with certificate request : " + outputCertReqFile + " sucessfully generated." + "\n"; requestFileNamePath = outputCertReqFile; requestFileNamePrivateKeyPath = outputPrivateKeyName; btnContinue.IsEnabled = true; } else { Brush bckForeground = tbOutputMessageBox.Foreground; tbOutputMessageBox.Foreground = new SolidColorBrush(Colors.Red); tbOutputMessageBox.Text += "File with certificate request : " + outputCertReqFile + " DOES NOT generated sucessfully!!!" + "\n"; tbOutputMessageBox.Foreground = bckForeground; var metroWindow = (Application.Current.MainWindow as MetroWindow); await metroWindow.ShowMessageAsync("ERROR", "File with certificate request : " + outputCertReqFile + " DOES NOT generated sucessfully!!!", MessageDialogStyle.Affirmative); return; } try { using (TextWriter tw = new StreamWriter(outputCertReqFile)) { PemWriter pw = new PemWriter(tw); pw.WriteObject(csr); tw.Flush(); } tbOutputMessageBox.Text += "File with certificate request : " + outputCertReqFile + " sucessfully saved." + "\n"; } catch (Exception ex) { Brush bckForeground = tbOutputMessageBox.Foreground; tbOutputMessageBox.Foreground = new SolidColorBrush(Colors.Red); tbOutputMessageBox.Text += "Error, file with certificate request : " + outputCertReqFile + " DOES NOT saved." + "\n"; tbOutputMessageBox.Foreground = bckForeground; var metroWindow = (Application.Current.MainWindow as MetroWindow); await metroWindow.ShowMessageAsync("Info Warning", "ERROR to save certificate reguest file (.csr)" + "\n" + "Error: " + ex.Source + " " + ex.Message, MessageDialogStyle.Affirmative); return; } #endregion CSR }
public void CheckCertificate( int id, byte[] cert) { Asn1Object seq = Asn1Object.FromByteArray(cert); string dump = Asn1Dump.DumpAsString(seq); X509CertificateStructure obj = X509CertificateStructure.GetInstance(seq); TbsCertificateStructure tbsCert = obj.TbsCertificate; if (!tbsCert.Subject.ToString().Equals(subjects[id - 1])) { Fail("failed subject test for certificate id " + id + " got " + tbsCert.Subject.ToString()); } if (tbsCert.Version >= 3) { X509Extensions ext = tbsCert.Extensions; if (ext != null) { foreach (DerObjectIdentifier oid in ext.ExtensionOids) { X509Extension extVal = ext.GetExtension(oid); Asn1Object extObj = Asn1Object.FromByteArray(extVal.Value.GetOctets()); if (oid.Equals(X509Extensions.SubjectKeyIdentifier)) { SubjectKeyIdentifier.GetInstance(extObj); } else if (oid.Equals(X509Extensions.KeyUsage)) { KeyUsage.GetInstance(extObj); } else if (oid.Equals(X509Extensions.ExtendedKeyUsage)) { ExtendedKeyUsage ku = ExtendedKeyUsage.GetInstance(extObj); Asn1Sequence sq = (Asn1Sequence)ku.ToAsn1Object(); for (int i = 0; i != sq.Count; i++) { KeyPurposeID.GetInstance(sq[i]); } } else if (oid.Equals(X509Extensions.SubjectAlternativeName)) { GeneralNames gn = GeneralNames.GetInstance(extObj); Asn1Sequence sq = (Asn1Sequence)gn.ToAsn1Object(); for (int i = 0; i != sq.Count; i++) { GeneralName.GetInstance(sq[i]); } } else if (oid.Equals(X509Extensions.IssuerAlternativeName)) { GeneralNames gn = GeneralNames.GetInstance(extObj); Asn1Sequence sq = (Asn1Sequence)gn.ToAsn1Object(); for (int i = 0; i != sq.Count; i++) { GeneralName.GetInstance(sq[i]); } } else if (oid.Equals(X509Extensions.CrlDistributionPoints)) { CrlDistPoint p = CrlDistPoint.GetInstance(extObj); DistributionPoint[] points = p.GetDistributionPoints(); for (int i = 0; i != points.Length; i++) { // do nothing } } else if (oid.Equals(X509Extensions.CertificatePolicies)) { Asn1Sequence cp = (Asn1Sequence)extObj; for (int i = 0; i != cp.Count; i++) { PolicyInformation.GetInstance(cp[i]); } } else if (oid.Equals(X509Extensions.AuthorityKeyIdentifier)) { AuthorityKeyIdentifier.GetInstance(extObj); } else if (oid.Equals(X509Extensions.BasicConstraints)) { BasicConstraints.GetInstance(extObj); } else { //Console.WriteLine(oid.Id); } } } } }
public static bool HasKeyPurpose(this KeyPurposeID[] list, KeyPurposeID purpose) { return(!list.IsNullOrEmpty() && list.Any(v => String.CompareOrdinal(v.Id, purpose.Id) == 0)); }
public bool HasKeyPurposeId(KeyPurposeID keyPurposeId) { return(usageTable.Contains(keyPurposeId)); }
public ExtendedKeyUsageData(string displayName, KeyPurposeID extendedKeyUsageValueName) { this.DisplayName = displayName; this.ExtendedKeyUsageValueName = extendedKeyUsageValueName; }
/* * creates a certificate and a private key and installs into windows registry */ public static void CreateCertificateKey( string subjectName, string issuerName, string signatureAlgorithm, int strength, DateTime begin, DateTime end, string subjectCountryCode, string subjectOrganization, string subjectTitle, string issuerCountryCode, string issuerOrganization, string issuerTitle, string subjectCommonName, string issuerCommonName) { // creating key pair RsaKeyPairGenerator keyPairGenerator = new RsaKeyPairGenerator(); SecureRandom secureRandom = new SecureRandom(new CryptoApiRandomGenerator()); keyPairGenerator.Init(new KeyGenerationParameters(secureRandom, strength)); AsymmetricCipherKeyPair asCipherKeyPair = keyPairGenerator.GenerateKeyPair(); AsymmetricKeyParameter publicKey = asCipherKeyPair.Public; RsaPrivateCrtKeyParameters privateKey = (RsaPrivateCrtKeyParameters)asCipherKeyPair.Private; // initializing certificate generator X509V3CertificateGenerator certificateGenerator = new X509V3CertificateGenerator(); BigInteger serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(Int64.MaxValue), secureRandom); certificateGenerator.SetSerialNumber(serialNumber); // setting subject name string subjectNameString = "E=" + subjectName; if (subjectCommonName != null) { subjectNameString += ", CN=" + subjectCommonName; } if (subjectCountryCode != null) { subjectNameString += ", C=" + subjectCountryCode; } if (subjectOrganization != null) { subjectNameString += ", O=" + subjectOrganization; } if (subjectTitle != null) { subjectNameString += ", T=" + subjectTitle; } certificateGenerator.SetSubjectDN(new X509Name(subjectNameString)); // setting issuer name string issuerNameString = "E=" + issuerName; if (issuerCommonName != null) { issuerNameString += ", CN=" + issuerCommonName; } if (issuerCountryCode != null) { issuerNameString += ", C=" + issuerCountryCode; } if (issuerOrganization != null) { issuerNameString += ", O=" + issuerOrganization; } if (issuerTitle != null) { issuerNameString += ", T=" + issuerTitle; } certificateGenerator.SetIssuerDN(new X509Name(issuerNameString)); // setting other properties of certificate certificateGenerator.SetNotBefore(begin); certificateGenerator.SetNotAfter(end); certificateGenerator.SetSignatureAlgorithm(signatureAlgorithm); certificateGenerator.SetPublicKey(publicKey); // setting key usage KeyPurposeID[] usages = new KeyPurposeID[] { KeyPurposeID.IdKPEmailProtection }; certificateGenerator.AddExtension( X509Extensions.ExtendedKeyUsage.Id, false, new ExtendedKeyUsage(usages)); // creating certificate and installing into certificate/key database X509Certificate certificate = certificateGenerator.Generate(privateKey); sys.X509Certificate2 windowsCertificate = new sys.X509Certificate2(DotNetUtilities.ToX509Certificate(certificate)); windowsCertificate.PrivateKey = ConvertToSystemKey(privateKey); InstallIntoRegistry(windowsCertificate); }