X509Certificate2 Classe

Definizione

Rappresenta un certificato X.509.Represents an X.509 certificate.

public ref class X509Certificate2 : System::Security::Cryptography::X509Certificates::X509Certificate
[System.Serializable]
public class X509Certificate2 : System.Security.Cryptography.X509Certificates.X509Certificate
type X509Certificate2 = class
    inherit X509Certificate
Public Class X509Certificate2
Inherits X509Certificate
Ereditarietà
X509Certificate2
Attributi

Esempi

Nell'esempio seguente viene illustrato come utilizzare un X509Certificate2 oggetto per crittografare e decrittografare un file.The following example demonstrates how to use an X509Certificate2 object to encrypt and decrypt a file.

using System;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using System.IO;
using System.Text;

// To run this sample use the Certificate Creation Tool (Makecert.exe) to generate a test X.509 certificate and 
// place it in the local user store. 
// To generate an exchange key and make the key exportable run the following command from a Visual Studio command prompt: 

//makecert -r -pe -n "CN=CERT_SIGN_TEST_CERT" -b 01/01/2010 -e 01/01/2012 -sky exchange -ss my
namespace X509CertEncrypt
{
    class Program
    {

        // Path variables for source, encryption, and
        // decryption folders. Must end with a backslash.
        private static string encrFolder = @"C:\Encrypt\";
        private static string decrFolder = @"C:\Decrypt\";
        private static string originalFile = "TestData.txt";
        private static string encryptedFile = "TestData.enc";

        static void Main(string[] args)
        {

            // Create an input file with test data.
            StreamWriter sw = File.CreateText(originalFile);
            sw.WriteLine("Test data to be encrypted");
            sw.Close();

            // Get the certifcate to use to encrypt the key.
            X509Certificate2 cert = GetCertificateFromStore("CN=CERT_SIGN_TEST_CERT");
            if (cert == null)
            {
                Console.WriteLine("Certificate 'CN=CERT_SIGN_TEST_CERT' not found.");
                Console.ReadLine();
            }


            // Encrypt the file using the public key from the certificate.
            EncryptFile(originalFile, (RSACryptoServiceProvider)cert.PublicKey.Key);

            // Decrypt the file using the private key from the certificate.
            DecryptFile(encryptedFile, (RSACryptoServiceProvider)cert.PrivateKey);

            //Display the original data and the decrypted data.
            Console.WriteLine("Original:   {0}", File.ReadAllText(originalFile));
            Console.WriteLine("Round Trip: {0}", File.ReadAllText(decrFolder + originalFile));
            Console.WriteLine("Press the Enter key to exit.");
            Console.ReadLine();
        }
        private static X509Certificate2 GetCertificateFromStore(string certName)
        {

            // Get the certificate store for the current user.
            X509Store store = new X509Store(StoreLocation.CurrentUser);
            try
            {
                store.Open(OpenFlags.ReadOnly);

                // Place all certificates in an X509Certificate2Collection object.
                X509Certificate2Collection certCollection = store.Certificates;
                // If using a certificate with a trusted root you do not need to FindByTimeValid, instead:
                // currentCerts.Find(X509FindType.FindBySubjectDistinguishedName, certName, true);
                X509Certificate2Collection currentCerts = certCollection.Find(X509FindType.FindByTimeValid, DateTime.Now, false);
                X509Certificate2Collection signingCert = currentCerts.Find(X509FindType.FindBySubjectDistinguishedName, certName, false);
                if (signingCert.Count == 0)
                    return null;
                // Return the first certificate in the collection, has the right name and is current.
                return signingCert[0];
            }
            finally
            {
                store.Close();
            }

        }

        // Encrypt a file using a public key.
        private static void EncryptFile(string inFile, RSACryptoServiceProvider rsaPublicKey)
        {
            using (AesManaged aesManaged = new AesManaged())
            {
                // Create instance of AesManaged for
                // symetric encryption of the data.
                aesManaged.KeySize = 256;
                aesManaged.BlockSize = 128;
                aesManaged.Mode = CipherMode.CBC;
                using (ICryptoTransform transform = aesManaged.CreateEncryptor())
                {
                    RSAPKCS1KeyExchangeFormatter keyFormatter = new RSAPKCS1KeyExchangeFormatter(rsaPublicKey);
                    byte[] keyEncrypted = keyFormatter.CreateKeyExchange(aesManaged.Key, aesManaged.GetType());

                    // Create byte arrays to contain
                    // the length values of the key and IV.
                    byte[] LenK = new byte[4];
                    byte[] LenIV = new byte[4];

                    int lKey = keyEncrypted.Length;
                    LenK = BitConverter.GetBytes(lKey);
                    int lIV = aesManaged.IV.Length;
                    LenIV = BitConverter.GetBytes(lIV);

                    // Write the following to the FileStream
                    // for the encrypted file (outFs):
                    // - length of the key
                    // - length of the IV
                    // - ecrypted key
                    // - the IV
                    // - the encrypted cipher content

                    int startFileName = inFile.LastIndexOf("\\") + 1;
                    // Change the file's extension to ".enc"
                    string outFile = encrFolder + inFile.Substring(startFileName, inFile.LastIndexOf(".") - startFileName) + ".enc";
                    Directory.CreateDirectory(encrFolder);

                    using (FileStream outFs = new FileStream(outFile, FileMode.Create))
                    {

                        outFs.Write(LenK, 0, 4);
                        outFs.Write(LenIV, 0, 4);
                        outFs.Write(keyEncrypted, 0, lKey);
                        outFs.Write(aesManaged.IV, 0, lIV);

                        // Now write the cipher text using
                        // a CryptoStream for encrypting.
                        using (CryptoStream outStreamEncrypted = new CryptoStream(outFs, transform, CryptoStreamMode.Write))
                        {

                            // By encrypting a chunk at
                            // a time, you can save memory
                            // and accommodate large files.
                            int count = 0;
                            int offset = 0;

                            // blockSizeBytes can be any arbitrary size.
                            int blockSizeBytes = aesManaged.BlockSize / 8;
                            byte[] data = new byte[blockSizeBytes];
                            int bytesRead = 0;

                            using (FileStream inFs = new FileStream(inFile, FileMode.Open))
                            {
                                do
                                {
                                    count = inFs.Read(data, offset, blockSizeBytes);
                                    offset += count;
                                    outStreamEncrypted.Write(data, 0, count);
                                    bytesRead += count;
                                }
                                while (count > 0);
                                inFs.Close();
                            }
                            outStreamEncrypted.FlushFinalBlock();
                            outStreamEncrypted.Close();
                        }
                        outFs.Close();
                    }
                }
            }
        }


        // Decrypt a file using a private key.
        private static void DecryptFile(string inFile, RSACryptoServiceProvider rsaPrivateKey)
        {

            // Create instance of AesManaged for
            // symetric decryption of the data.
            using (AesManaged aesManaged = new AesManaged())
            {
                aesManaged.KeySize = 256;
                aesManaged.BlockSize = 128;
                aesManaged.Mode = CipherMode.CBC;

                // Create byte arrays to get the length of
                // the encrypted key and IV.
                // These values were stored as 4 bytes each
                // at the beginning of the encrypted package.
                byte[] LenK = new byte[4];
                byte[] LenIV = new byte[4];

                // Consruct the file name for the decrypted file.
                string outFile = decrFolder + inFile.Substring(0, inFile.LastIndexOf(".")) + ".txt";

                // Use FileStream objects to read the encrypted
                // file (inFs) and save the decrypted file (outFs).
                using (FileStream inFs = new FileStream(encrFolder + inFile, FileMode.Open))
                {

                    inFs.Seek(0, SeekOrigin.Begin);
                    inFs.Seek(0, SeekOrigin.Begin);
                    inFs.Read(LenK, 0, 3);
                    inFs.Seek(4, SeekOrigin.Begin);
                    inFs.Read(LenIV, 0, 3);

                    // Convert the lengths to integer values.
                    int lenK = BitConverter.ToInt32(LenK, 0);
                    int lenIV = BitConverter.ToInt32(LenIV, 0);

                    // Determine the start postition of
                    // the ciphter text (startC)
                    // and its length(lenC).
                    int startC = lenK + lenIV + 8;
                    int lenC = (int)inFs.Length - startC;

                    // Create the byte arrays for
                    // the encrypted AesManaged key,
                    // the IV, and the cipher text.
                    byte[] KeyEncrypted = new byte[lenK];
                    byte[] IV = new byte[lenIV];

                    // Extract the key and IV
                    // starting from index 8
                    // after the length values.
                    inFs.Seek(8, SeekOrigin.Begin);
                    inFs.Read(KeyEncrypted, 0, lenK);
                    inFs.Seek(8 + lenK, SeekOrigin.Begin);
                    inFs.Read(IV, 0, lenIV);
                    Directory.CreateDirectory(decrFolder);
                    // Use RSACryptoServiceProvider
                    // to decrypt the AesManaged key.
                    byte[] KeyDecrypted = rsaPrivateKey.Decrypt(KeyEncrypted, false);

                    // Decrypt the key.
                    using (ICryptoTransform transform = aesManaged.CreateDecryptor(KeyDecrypted, IV))
                    {

                        // Decrypt the cipher text from
                        // from the FileSteam of the encrypted
                        // file (inFs) into the FileStream
                        // for the decrypted file (outFs).
                        using (FileStream outFs = new FileStream(outFile, FileMode.Create))
                        {

                            int count = 0;
                            int offset = 0;

                            int blockSizeBytes = aesManaged.BlockSize / 8;
                            byte[] data = new byte[blockSizeBytes];

                            // By decrypting a chunk a time,
                            // you can save memory and
                            // accommodate large files.

                            // Start at the beginning
                            // of the cipher text.
                            inFs.Seek(startC, SeekOrigin.Begin);
                            using (CryptoStream outStreamDecrypted = new CryptoStream(outFs, transform, CryptoStreamMode.Write))
                            {
                                do
                                {
                                    count = inFs.Read(data, offset, blockSizeBytes);
                                    offset += count;
                                    outStreamDecrypted.Write(data, 0, count);
                                }
                                while (count > 0);

                                outStreamDecrypted.FlushFinalBlock();
                                outStreamDecrypted.Close();
                            }
                            outFs.Close();
                        }
                        inFs.Close();
                    }

                }

            }
        }

    }
}
Imports System.Security.Cryptography
Imports System.Security.Cryptography.X509Certificates
Imports System.IO
Imports System.Text


' To run this sample use the Certificate Creation Tool (Makecert.exe) to generate a test X.509 certificate and 
' place it in the local user store. 
' To generate an exchange key and make the key exportable run the following command from a Visual Studio command prompt: 
'makecert -r -pe -n "CN=CERT_SIGN_TEST_CERT" -b 01/01/2010 -e 01/01/2012 -sky exchange -ss my

Class Program

    ' Path variables for source, encryption, and
    ' decryption folders. Must end with a backslash.
    Private Shared encrFolder As String = "C:\Encrypt\"
    Private Shared decrFolder As String = "C:\Decrypt\"
    Private Shared originalFile As String = "TestData.txt"
    Private Shared encryptedFile As String = "TestData.enc"


    Shared Sub Main(ByVal args() As String)

        ' Create an input file with test data.
        Dim sw As StreamWriter = File.CreateText(originalFile)
        sw.WriteLine("Test data to be encrypted")
        sw.Close()

        ' Get the certifcate to use to encrypt the key.
        Dim cert As X509Certificate2 = GetCertificateFromStore("CN=CERT_SIGN_TEST_CERT")
        If cert Is Nothing Then
            Console.WriteLine("Certificate 'CN=CERT_SIGN_TEST_CERT' not found.")
            Console.ReadLine()
        End If


        ' Encrypt the file using the public key from the certificate.
        EncryptFile(originalFile, CType(cert.PublicKey.Key, RSACryptoServiceProvider))

        ' Decrypt the file using the private key from the certificate.
        DecryptFile(encryptedFile, CType(cert.PrivateKey, RSACryptoServiceProvider))

        'Display the original data and the decrypted data.
        Console.WriteLine("Original:   {0}", File.ReadAllText(originalFile))
        Console.WriteLine("Round Trip: {0}", File.ReadAllText(decrFolder + originalFile))
        Console.WriteLine("Press the Enter key to exit.")
        Console.ReadLine()

    End Sub

    Private Shared Function GetCertificateFromStore(ByVal certName As String) As X509Certificate2
        ' Get the certificate store for the current user.
        Dim store As New X509Store(StoreLocation.CurrentUser)
        Try
            store.Open(OpenFlags.ReadOnly)

            ' Place all certificates in an X509Certificate2Collection object.
            Dim certCollection As X509Certificate2Collection = store.Certificates
            ' If using a certificate with a trusted root you do not need to FindByTimeValid, instead use:
            ' currentCerts.Find(X509FindType.FindBySubjectDistinguishedName, certName, true);
            Dim currentCerts As X509Certificate2Collection = certCollection.Find(X509FindType.FindByTimeValid, DateTime.Now, False)
            Dim signingCert As X509Certificate2Collection = currentCerts.Find(X509FindType.FindBySubjectDistinguishedName, certName, False)
            If signingCert.Count = 0 Then
                Return Nothing
            End If ' Return the first certificate in the collection, has the right name and is current.
            Return signingCert(0)
        Finally
            store.Close()
        End Try


    End Function 'GetCertificateFromStore

    ' Encrypt a file using a public key.
    Private Shared Sub EncryptFile(ByVal inFile As String, ByVal rsaPublicKey As RSACryptoServiceProvider)
        Dim aesManaged As New AesManaged()
        Try
            ' Create instance of AesManaged for
            ' symetric encryption of the data.
            aesManaged.KeySize = 256
            aesManaged.BlockSize = 128
            aesManaged.Mode = CipherMode.CBC
            Dim transform As ICryptoTransform = aesManaged.CreateEncryptor()
            Try
                Dim keyFormatter As New RSAPKCS1KeyExchangeFormatter(rsaPublicKey)
                Dim keyEncrypted As Byte() = keyFormatter.CreateKeyExchange(aesManaged.Key, aesManaged.GetType())

                ' Create byte arrays to contain
                ' the length values of the key and IV.
                Dim LenK(3) As Byte
                Dim LenIV(3) As Byte

                Dim lKey As Integer = keyEncrypted.Length
                LenK = BitConverter.GetBytes(lKey)
                Dim lIV As Integer = aesManaged.IV.Length
                LenIV = BitConverter.GetBytes(lIV)

                ' Write the following to the FileStream
                ' for the encrypted file (outFs):
                ' - length of the key
                ' - length of the IV
                ' - ecrypted key
                ' - the IV
                ' - the encrypted cipher content
                Dim startFileName As Integer = inFile.LastIndexOf("\") + 1
                ' Change the file's extension to ".enc"
                Dim outFile As String = encrFolder + inFile.Substring(startFileName, inFile.LastIndexOf(".") - startFileName) + ".enc"
                Directory.CreateDirectory(encrFolder)

                Dim outFs As New FileStream(outFile, FileMode.Create)
                Try

                    outFs.Write(LenK, 0, 4)
                    outFs.Write(LenIV, 0, 4)
                    outFs.Write(keyEncrypted, 0, lKey)
                    outFs.Write(aesManaged.IV, 0, lIV)

                    ' Now write the cipher text using
                    ' a CryptoStream for encrypting.
                    Dim outStreamEncrypted As New CryptoStream(outFs, transform, CryptoStreamMode.Write)
                    Try

                        ' By encrypting a chunk at
                        ' a time, you can save memory
                        ' and accommodate large files.
                        Dim count As Integer = 0
                        Dim offset As Integer = 0

                        ' blockSizeBytes can be any arbitrary size.
                        Dim blockSizeBytes As Integer = aesManaged.BlockSize / 8
                        Dim data(blockSizeBytes) As Byte
                        Dim bytesRead As Integer = 0

                        Dim inFs As New FileStream(inFile, FileMode.Open)
                        Try
                            Do
                                count = inFs.Read(data, offset, blockSizeBytes)
                                offset += count
                                outStreamEncrypted.Write(data, 0, count)
                                bytesRead += count
                            Loop While count > 0
                            inFs.Close()
                        Finally
                            inFs.Dispose()
                        End Try
                        outStreamEncrypted.FlushFinalBlock()
                        outStreamEncrypted.Close()
                    Finally
                        outStreamEncrypted.Dispose()
                    End Try
                    outFs.Close()
                Finally
                    outFs.Dispose()
                End Try
            Finally
                transform.Dispose()
            End Try
        Finally
            aesManaged.Dispose()
        End Try

    End Sub


    ' Decrypt a file using a private key.
    Private Shared Sub DecryptFile(ByVal inFile As String, ByVal rsaPrivateKey As RSACryptoServiceProvider)

        ' Create instance of AesManaged for
        ' symetric decryption of the data.
        Dim aesManaged As New AesManaged()
        Try
            aesManaged.KeySize = 256
            aesManaged.BlockSize = 128
            aesManaged.Mode = CipherMode.CBC

            ' Create byte arrays to get the length of
            ' the encrypted key and IV.
            ' These values were stored as 4 bytes each
            ' at the beginning of the encrypted package.
            Dim LenK() As Byte = New Byte(4 - 1) {}
            Dim LenIV() As Byte = New Byte(4 - 1) {}

            ' Consruct the file name for the decrypted file.
            Dim outFile As String = decrFolder + inFile.Substring(0, inFile.LastIndexOf(".")) + ".txt"

            ' Use FileStream objects to read the encrypted
            ' file (inFs) and save the decrypted file (outFs).
            Dim inFs As New FileStream(encrFolder + inFile, FileMode.Open)
            Try

                inFs.Seek(0, SeekOrigin.Begin)
                inFs.Seek(0, SeekOrigin.Begin)
                inFs.Read(LenK, 0, 3)
                inFs.Seek(4, SeekOrigin.Begin)
                inFs.Read(LenIV, 0, 3)

                ' Convert the lengths to integer values.
                Dim lengthK As Integer = BitConverter.ToInt32(LenK, 0)
                Dim lengthIV As Integer = BitConverter.ToInt32(LenIV, 0)

                ' Determine the start postition of
                ' the ciphter text (startC)
                ' and its length(lenC).
                Dim startC As Integer = lengthK + lengthIV + 8
                Dim lenC As Integer = (CType(inFs.Length, Integer) - startC)

                ' Create the byte arrays for
                ' the encrypted Rijndael key,
                ' the IV, and the cipher text.
                Dim KeyEncrypted() As Byte = New Byte(lengthK - 1) {}
                Dim IV() As Byte = New Byte(lengthIV - 1) {}

                ' Extract the key and IV
                ' starting from index 8
                ' after the length values.
                inFs.Seek(8, SeekOrigin.Begin)
                inFs.Read(KeyEncrypted, 0, lengthK)
                inFs.Seek(8 + lengthK, SeekOrigin.Begin)
                inFs.Read(IV, 0, lengthIV)
                Directory.CreateDirectory(decrFolder)
                ' Use RSACryptoServiceProvider
                ' to decrypt the Rijndael key.
                Dim KeyDecrypted As Byte() = rsaPrivateKey.Decrypt(KeyEncrypted, False)

                ' Decrypt the key.
                Dim transform As ICryptoTransform = aesManaged.CreateDecryptor(KeyDecrypted, IV)
                ' Decrypt the cipher text from
                ' from the FileSteam of the encrypted
                ' file (inFs) into the FileStream
                ' for the decrypted file (outFs).
                Dim outFs As New FileStream(outFile, FileMode.Create)
                Try
                    ' Decrypt the cipher text from
                    ' from the FileSteam of the encrypted
                    ' file (inFs) into the FileStream
                    ' for the decrypted file (outFs).

                    Dim count As Integer = 0
                    Dim offset As Integer = 0

                    Dim blockSizeBytes As Integer = aesManaged.BlockSize / 8
                    Dim data(blockSizeBytes) As Byte

                    ' By decrypting a chunk a time,
                    ' you can save memory and
                    ' accommodate large files.
                    ' Start at the beginning
                    ' of the cipher text.
                    inFs.Seek(startC, SeekOrigin.Begin)
                    Dim outStreamDecrypted As New CryptoStream(outFs, transform, CryptoStreamMode.Write)
                    Try
                        Do
                            count = inFs.Read(data, offset, blockSizeBytes)
                            offset += count
                            outStreamDecrypted.Write(data, 0, count)
                        Loop While count > 0

                        outStreamDecrypted.FlushFinalBlock()
                        outStreamDecrypted.Close()
                    Finally
                        outStreamDecrypted.Dispose()
                    End Try
                    outFs.Close()
                Finally
                    outFs.Dispose()
                End Try
                inFs.Close()

            Finally
                inFs.Dispose()

            End Try

        Finally
            aesManaged.Dispose()
        End Try


    End Sub
End Class

Nell'esempio seguente viene creato un eseguibile della riga di comando che accetta un file di certificato come argomento e stampa varie proprietà del certificato nella console.The following example creates a command-line executable that takes a certificate file as an argument and prints various certificate properties to the console.

#using <System.dll>

using namespace System;
using namespace System::Security::Cryptography;
using namespace System::Security::Permissions;
using namespace System::IO;
using namespace System::Security::Cryptography::X509Certificates;

//Reads a file.
array<Byte>^ ReadFile( String^ fileName )
{
   FileStream^ f = gcnew FileStream( fileName,FileMode::Open,FileAccess::Read );
   int size = (int)f->Length;
   array<Byte>^data = gcnew array<Byte>(size);
   size = f->Read( data, 0, size );
   f->Close();
   return data;
}

[SecurityPermissionAttribute(SecurityAction::LinkDemand, Unrestricted = true)]
int main()
{
   array<String^>^args = Environment::GetCommandLineArgs();

   //Test for correct number of arguments.
   if ( args->Length < 2 )
   {
      Console::WriteLine( "Usage: CertInfo <filename>" );
      return  -1;
   }

   try
   {
      System::Security::Cryptography::X509Certificates::X509Certificate2 ^ x509 =
            gcnew System::Security::Cryptography::X509Certificates::X509Certificate2;

      //Create X509Certificate2 object from .cer file.
      array<Byte>^rawData = ReadFile( args[ 1 ] );

      x509->Import(rawData);

      //Print to console information contained in the certificate.
      Console::WriteLine( "{0}Subject: {1}{0}", Environment::NewLine, x509->Subject );
      Console::WriteLine( "{0}Issuer: {1}{0}", Environment::NewLine, x509->Issuer );
      Console::WriteLine( "{0}Version: {1}{0}", Environment::NewLine, x509->Version );
      Console::WriteLine( "{0}Valid Date: {1}{0}", Environment::NewLine, x509->NotBefore );
      Console::WriteLine( "{0}Expiry Date: {1}{0}", Environment::NewLine, x509->NotAfter );
      Console::WriteLine( "{0}Thumbprint: {1}{0}", Environment::NewLine, x509->Thumbprint );
      Console::WriteLine( "{0}Serial Number: {1}{0}", Environment::NewLine, x509->SerialNumber );
      Console::WriteLine( "{0}Friendly Name: {1}{0}", Environment::NewLine, x509->PublicKey->Oid->FriendlyName );
      Console::WriteLine( "{0}Public Key Format: {1}{0}", Environment::NewLine, x509->PublicKey->EncodedKeyValue->Format(true) );
      Console::WriteLine( "{0}Raw Data Length: {1}{0}", Environment::NewLine, x509->RawData->Length );
      Console::WriteLine( "{0}Certificate to string: {1}{0}", Environment::NewLine, x509->ToString( true ) );
      Console::WriteLine( "{0}Certificate to XML String: {1}{0}", Environment::NewLine, x509->PublicKey->Key->ToXmlString( false ) );

      //Add the certificate to a X509Store.
      X509Store ^ store = gcnew X509Store;
      store->Open( OpenFlags::MaxAllowed );
      store->Add( x509 );
      store->Close();
   }
   catch ( DirectoryNotFoundException^ )
   {
      Console::WriteLine( "Error: The directory specified could not be found." );
   }
   catch ( IOException^ )
   {
      Console::WriteLine( "Error: A file in the directory could not be accessed." );
   }
   catch ( NullReferenceException^ )
   {
      Console::WriteLine( "File must be a .cer file. Program does not have access to that type of file." );
   }

}

using System;
using System.Security.Cryptography;
using System.Security.Permissions;
using System.IO;
using System.Security.Cryptography.X509Certificates;

class CertInfo
{
    //Reads a file.
    internal static byte[] ReadFile (string fileName)
    {
        FileStream f = new FileStream(fileName, FileMode.Open, FileAccess.Read);
        int size = (int)f.Length;
        byte[] data = new byte[size];
        size = f.Read(data, 0, size);
        f.Close();
        return data;
    }
    //Main method begins here.
    static void Main(string[] args)
    {
        //Test for correct number of arguments.
        if (args.Length < 1)
        {
            Console.WriteLine("Usage: CertInfo <filename>");
            return;
        }
        try
        {
            X509Certificate2 x509 = new X509Certificate2();
            //Create X509Certificate2 object from .cer file.
            byte[] rawData = ReadFile(args[0]);
            x509.Import(rawData);

            //Print to console information contained in the certificate.
            Console.WriteLine("{0}Subject: {1}{0}", Environment.NewLine, x509.Subject);
            Console.WriteLine("{0}Issuer: {1}{0}", Environment.NewLine, x509.Issuer);
            Console.WriteLine("{0}Version: {1}{0}", Environment.NewLine, x509.Version);
            Console.WriteLine("{0}Valid Date: {1}{0}", Environment.NewLine, x509.NotBefore);
            Console.WriteLine("{0}Expiry Date: {1}{0}", Environment.NewLine, x509.NotAfter);
            Console.WriteLine("{0}Thumbprint: {1}{0}", Environment.NewLine, x509.Thumbprint);
            Console.WriteLine("{0}Serial Number: {1}{0}", Environment.NewLine, x509.SerialNumber);
            Console.WriteLine("{0}Friendly Name: {1}{0}", Environment.NewLine, x509.PublicKey.Oid.FriendlyName);
            Console.WriteLine("{0}Public Key Format: {1}{0}", Environment.NewLine, x509.PublicKey.EncodedKeyValue.Format(true));
            Console.WriteLine("{0}Raw Data Length: {1}{0}", Environment.NewLine, x509.RawData.Length);
            Console.WriteLine("{0}Certificate to string: {1}{0}", Environment.NewLine, x509.ToString(true));
            Console.WriteLine("{0}Certificate to XML String: {1}{0}", Environment.NewLine, x509.PublicKey.Key.ToXmlString(false));

            //Add the certificate to a X509Store.
            X509Store store = new X509Store();
            store.Open(OpenFlags.MaxAllowed);
            store.Add(x509);
            store.Close();
        }
        catch (DirectoryNotFoundException)
        {
               Console.WriteLine("Error: The directory specified could not be found.");
        }
        catch (IOException)
        {
            Console.WriteLine("Error: A file in the directory could not be accessed.");
        }
        catch (NullReferenceException)
        {
            Console.WriteLine("File must be a .cer file. Program does not have access to that type of file.");
        }
    }
}
Imports System.Security.Cryptography
Imports System.Security.Permissions
Imports System.IO
Imports System.Security.Cryptography.X509Certificates

Class CertInfo

    'Reads a file.
    Friend Shared Function ReadFile(ByVal fileName As String) As Byte()
        Dim f As New FileStream(fileName, FileMode.Open, FileAccess.Read)
        Dim size As Integer = Fix(f.Length)
        Dim data(size - 1) As Byte
        size = f.Read(data, 0, size)
        f.Close()
        Return data

    End Function 

    <SecurityPermission(SecurityAction.LinkDemand, Unrestricted:=True)> _
    Shared Sub Main(ByVal args() As String)
        'Test for correct number of arguments.
        If args.Length < 1 Then
            Console.WriteLine("Usage: CertInfo <filename>")
            Return
        End If
        Try
            Dim x509 As New X509Certificate2()
            'Create X509Certificate2 object from .cer file.
            Dim rawData As Byte() = ReadFile(args(0))
            
            x509.Import(rawData)

            'Print to console information contained in the certificate.
            Console.WriteLine("{0}Subject: {1}{0}", Environment.NewLine, x509.Subject)
            Console.WriteLine("{0}Issuer: {1}{0}", Environment.NewLine, x509.Issuer)
            Console.WriteLine("{0}Version: {1}{0}", Environment.NewLine, x509.Version)
            Console.WriteLine("{0}Valid Date: {1}{0}", Environment.NewLine, x509.NotBefore)
            Console.WriteLine("{0}Expiry Date: {1}{0}", Environment.NewLine, x509.NotAfter)
            Console.WriteLine("{0}Thumbprint: {1}{0}", Environment.NewLine, x509.Thumbprint)
            Console.WriteLine("{0}Serial Number: {1}{0}", Environment.NewLine, x509.SerialNumber)
            Console.WriteLine("{0}Friendly Name: {1}{0}", Environment.NewLine, x509.PublicKey.Oid.FriendlyName)
            Console.WriteLine("{0}Public Key Format: {1}{0}", Environment.NewLine, x509.PublicKey.EncodedKeyValue.Format(True))
            Console.WriteLine("{0}Raw Data Length: {1}{0}", Environment.NewLine, x509.RawData.Length)
            Console.WriteLine("{0}Certificate to string: {1}{0}", Environment.NewLine, x509.ToString(True))

            Console.WriteLine("{0}Certificate to XML String: {1}{0}", Environment.NewLine, x509.PublicKey.Key.ToXmlString(False))

            'Add the certificate to a X509Store.
            Dim store As New X509Store()
            store.Open(OpenFlags.MaxAllowed)
            store.Add(x509)
            store.Close()

        Catch dnfExcept As DirectoryNotFoundException
            Console.WriteLine("Error: The directory specified could not be found.")
        Catch ioExpcept As IOException
            Console.WriteLine("Error: A file in the directory could not be accessed.")
        Catch nrExcept As NullReferenceException
            Console.WriteLine("File must be a .cer file. Program does not have access to that type of file.")
        End Try

    End Sub
End Class

Commenti

La struttura X. 509 è stata originata nei gruppi di lavoro International Organization for Standardization (ISO).The X.509 structure originated in the International Organization for Standardization (ISO) working groups. Questa struttura può essere usata per rappresentare vari tipi di informazioni, tra cui attributi di identità, diritti e titolari (autorizzazioni, età, sesso, località, affiliazione e così via).This structure can be used to represent various types of information including identity, entitlement, and holder attributes (permissions, age, sex, location, affiliation, and so forth). Sebbene le specifiche ISO siano più informative sulla struttura stessa, X509Certificate2 la classe è progettata per modellare gli scenari di utilizzo definiti nelle specifiche rilasciate dall'infrastruttura a chiave pubblica IETF (Internet Engineering Task Force), X. 509 (PKIX ) gruppo di lavoro.Although the ISO specifications are most informative on the structure itself, the X509Certificate2 class is designed to model the usage scenarios defined in specifications issued by the Internet Engineering Task Force (IETF) Public Key Infrastructure, X.509 (PKIX) working group. Il più informativo di queste specifiche è RFC 3280, "Certificate and Certificate Revocation List (CRL) profile".The most informative of these specifications is RFC 3280, "Certificate and Certificate Revocation List (CRL) Profile."

Importante

A partire da .NET Framework 4.6.NET Framework 4.6, questo tipo implementa l' IDisposable interfaccia.Starting with the .NET Framework 4.6.NET Framework 4.6, this type implements the IDisposable interface. Dopo aver utilizzato il tipo, è necessario eliminarlo direttamente o indirettamente.When you have finished using the type, you should dispose of it either directly or indirectly. Per eliminare direttamente il tipo, chiamare il relativo Dispose metodo in un try / catch blocco.To dispose of the type directly, call its Dispose method in a try/catch block. Per eliminarlo indirettamente, utilizzare un costrutto di linguaggio come ad esempio using in C# o Using in Visual Basic.To dispose of it indirectly, use a language construct such as using (in C#) or Using (in Visual Basic). Per ulteriori informazioni, vedere la sezione "utilizzo di un oggetto che implementa IDisposable" nell' IDisposable argomento relativo all'interfaccia.For more information, see the "Using an Object that Implements IDisposable" section in the IDisposable interface topic.

Per le app destinate .NET Framework 4.5.2.NET Framework 4.5.2 a e versioni precedenti, X509Certificate2 la classe non implementa l' IDisposable interfaccia e pertanto non dispone di un Dispose metodo.For apps that target the .NET Framework 4.5.2.NET Framework 4.5.2 and earlier versions, the X509Certificate2 class does not implement the IDisposable interface and therefore does not have a Dispose method.

Costruttori

X509Certificate2()

Inizializza una nuova istanza della classe X509Certificate2.Initializes a new instance of the X509Certificate2 class.

X509Certificate2(Byte[])

Inizializza una nuova istanza della classe X509Certificate2 utilizzando le informazioni ottenute da una matrice di byte.Initializes a new instance of the X509Certificate2 class using information from a byte array.

X509Certificate2(Byte[], SecureString)

Inizializza una nuova istanza della classe X509Certificate2 usando una matrice di byte e una password.Initializes a new instance of the X509Certificate2 class using a byte array and a password.

X509Certificate2(Byte[], SecureString, X509KeyStorageFlags)

Inizializza una nuova istanza della classe X509Certificate2 usando una matrice di byte, una password e un flag di archiviazione delle chiavi.Initializes a new instance of the X509Certificate2 class using a byte array, a password, and a key storage flag.

X509Certificate2(Byte[], String)

Inizializza una nuova istanza della classe X509Certificate2 usando una matrice di byte e una password.Initializes a new instance of the X509Certificate2 class using a byte array and a password.

X509Certificate2(Byte[], String, X509KeyStorageFlags)

Inizializza una nuova istanza della classe X509Certificate2 usando una matrice di byte, una password e un flag di archiviazione delle chiavi.Initializes a new instance of the X509Certificate2 class using a byte array, a password, and a key storage flag.

X509Certificate2(IntPtr)

Inizializza una nuova istanza della classe X509Certificate2 utilizzando un handle non gestito.Initializes a new instance of the X509Certificate2 class using an unmanaged handle.

X509Certificate2(SerializationInfo, StreamingContext)

Inizializza una nuova istanza della classe X509Certificate2 utilizzando le informazioni di serializzazione e del contesto di flusso specificate.Initializes a new instance of the X509Certificate2 class using the specified serialization and stream context information.

X509Certificate2(String)

Inizializza una nuova istanza della classe X509Certificate2 tramite un nome di file di certificato.Initializes a new instance of the X509Certificate2 class using a certificate file name.

X509Certificate2(String, SecureString)

Inizializza una nuova istanza della classe X509Certificate2 usando un nome di file di certificato e una password.Initializes a new instance of the X509Certificate2 class using a certificate file name and a password.

X509Certificate2(String, SecureString, X509KeyStorageFlags)

Inizializza una nuova istanza della classe X509Certificate2 usando un nome di file di certificato, una password e un flag di archiviazione delle chiavi.Initializes a new instance of the X509Certificate2 class using a certificate file name, a password, and a key storage flag.

X509Certificate2(String, String)

Inizializza una nuova istanza della classe X509Certificate2 utilizzando un nome di file di certificato e una password necessaria per accedere al certificato.Initializes a new instance of the X509Certificate2 class using a certificate file name and a password used to access the certificate.

X509Certificate2(String, String, X509KeyStorageFlags)

Inizializza una nuova istanza della classe X509Certificate2 utilizzando un nome di file di certificato, una password necessaria per accedere al certificato e un flag di archiviazione delle chiavi.Initializes a new instance of the X509Certificate2 class using a certificate file name, a password used to access the certificate, and a key storage flag.

X509Certificate2(X509Certificate)

Inizializza una nuova istanza della classe X509Certificate2 utilizzando un oggetto X509Certificate.Initializes a new instance of the X509Certificate2 class using an X509Certificate object.

Proprietà

Archived

Ottiene o imposta un valore che indica che un certificato X.509 è archiviato.Gets or sets a value indicating that an X.509 certificate is archived.

Extensions

Ottiene una raccolta di oggetti X509Extension.Gets a collection of X509Extension objects.

FriendlyName

Ottiene o imposta l'alias associato a un certificato.Gets or sets the associated alias for a certificate.

Handle

Ottiene un handle per un contesto di certificato dell'API di crittografia Microsoft descritto da una struttura PCCERT_CONTEXT non gestita.Gets a handle to a Microsoft Cryptographic API certificate context described by an unmanaged PCCERT_CONTEXT structure.

(Ereditato da X509Certificate)
HasPrivateKey

Ottiene un valore che indica se un oggetto X509Certificate2 contiene una chiave privata.Gets a value that indicates whether an X509Certificate2 object contains a private key.

Issuer

Ottiene il nome dell'autorità di certificazione che ha emesso il certificato X.509v3.Gets the name of the certificate authority that issued the X.509v3 certificate.

(Ereditato da X509Certificate)
IssuerName

Ottiene il nome distinto dell'autorità emittente del certificato.Gets the distinguished name of the certificate issuer.

NotAfter

Ottiene la data locale dopo la quale il certificato non è più valido.Gets the date in local time after which a certificate is no longer valid.

NotBefore

Ottiene la data locale in cui il certificato diventa valido.Gets the date in local time on which a certificate becomes valid.

PrivateKey

Ottiene o imposta l'oggetto AsymmetricAlgorithm che rappresenta la chiave privata associata a un certificato.Gets or sets the AsymmetricAlgorithm object that represents the private key associated with a certificate.

PublicKey

Ottiene un oggetto PublicKey associato a un certificato.Gets a PublicKey object associated with a certificate.

RawData

Ottiene i dati non elaborati di un certificato.Gets the raw data of a certificate.

SerialNumber

Ottiene il numero di serie di un certificato sotto forma di stringa esadecimale Big Endian.Gets the serial number of a certificate as a big-endian hexadecimal string.

SignatureAlgorithm

Ottiene l'algoritmo utilizzato per creare la firma di un certificato.Gets the algorithm used to create the signature of a certificate.

Subject

Ottiene il nome distinto dell'oggetto dal certificato.Gets the subject distinguished name from the certificate.

(Ereditato da X509Certificate)
SubjectName

Ottiene il nome distinto del soggetto da un certificato.Gets the subject distinguished name from a certificate.

Thumbprint

Ottiene l'identificazione personale di un certificato.Gets the thumbprint of a certificate.

Version

Ottiene la versione del formato X.509 di un certificato.Gets the X.509 format version of a certificate.

Metodi

Dispose()

Rilascia tutte le risorse usate dall'oggetto X509Certificate corrente.Releases all resources used by the current X509Certificate object.

(Ereditato da X509Certificate)
Dispose(Boolean)

Rilascia tutte le risorse non gestite usate da questo oggetto X509Certificate e, facoltativamente, le risorse gestite.Releases all of the unmanaged resources used by this X509Certificate and optionally releases the managed resources.

(Ereditato da X509Certificate)
Equals(Object)

Confronta due oggetti X509Certificate per stabilirne l'uguaglianza.Compares two X509Certificate objects for equality.

(Ereditato da X509Certificate)
Equals(X509Certificate)

Confronta due oggetti X509Certificate per stabilirne l'uguaglianza.Compares two X509Certificate objects for equality.

(Ereditato da X509Certificate)
Export(X509ContentType)

Esporta l'oggetto X509Certificate corrente in una matrice di byte in un formato descritto da uno dei valori di X509ContentType.Exports the current X509Certificate object to a byte array in a format described by one of the X509ContentType values.

(Ereditato da X509Certificate)
Export(X509ContentType, SecureString)

Esporta l'oggetto X509Certificate corrente in una matrice di byte usando il formato specificato e una password.Exports the current X509Certificate object to a byte array using the specified format and a password.

(Ereditato da X509Certificate)
Export(X509ContentType, String)
GetCertContentType(Byte[])

Indica il tipo di certificato contenuto in una matrice di byte.Indicates the type of certificate contained in a byte array.

GetCertContentType(String)

Indica il tipo di certificato contenuto in un file.Indicates the type of certificate contained in a file.

GetCertHash()

Restituisce il valore hash del certificato X.509v3 sotto forma di matrice di byte.Returns the hash value for the X.509v3 certificate as an array of bytes.

(Ereditato da X509Certificate)
GetCertHash(HashAlgorithmName)

Restituisce il valore hash per il certificato x.509v3 calcolato usando l'algoritmo di hash di crittografia specificato.Returns the hash value for the X.509v3 certificate that is computed by using the specified cryptographic hash algorithm.

(Ereditato da X509Certificate)
GetCertHashString()

Restituisce il valore hash SHA1 del certificato X.509v3 sotto forma di stringa esadecimale.Returns the SHA1 hash value for the X.509v3 certificate as a hexadecimal string.

(Ereditato da X509Certificate)
GetCertHashString(HashAlgorithmName)

Restituisce una stringa esadecimale contenente il valore hash per il certificato x.509v3 calcolato usando l'algoritmo di hash di crittografia specificato.Returns a hexadecimal string containing the hash value for the X.509v3 certificate computed using the specified cryptographic hash algorithm.

(Ereditato da X509Certificate)
GetEffectiveDateString()

Restituisce la data effettiva del certificato X.509v3.Returns the effective date of this X.509v3 certificate.

(Ereditato da X509Certificate)
GetExpirationDateString()

Restituisce la data di scadenza del certificato X.509v3.Returns the expiration date of this X.509v3 certificate.

(Ereditato da X509Certificate)
GetFormat()

Restituisce il nome del formato del certificato X.509v3.Returns the name of the format of this X.509v3 certificate.

(Ereditato da X509Certificate)
GetHashCode()

Restituisce il codice hash del certificato X.509v3 sotto forma di intero.Returns the hash code for the X.509v3 certificate as an integer.

(Ereditato da X509Certificate)
GetIssuerName()

Restituisce il nome dell'autorità di certificazione che ha emesso il certificato X.509v3.Returns the name of the certification authority that issued the X.509v3 certificate.

(Ereditato da X509Certificate)
GetKeyAlgorithm()

Restituisce le informazioni dell'algoritmo delle chiavi per il certificato X.509v3 sotto forma di stringa.Returns the key algorithm information for this X.509v3 certificate as a string.

(Ereditato da X509Certificate)
GetKeyAlgorithmParameters()

Restituisce i parametri dell'algoritmo delle chiavi per il certificato X.509v3 sotto forma di matrice di byte.Returns the key algorithm parameters for the X.509v3 certificate as an array of bytes.

(Ereditato da X509Certificate)
GetKeyAlgorithmParametersString()

Restituisce i parametri dell'algoritmo delle chiavi per il certificato X.509v3 sotto forma di stringa esadecimale.Returns the key algorithm parameters for the X.509v3 certificate as a hexadecimal string.

(Ereditato da X509Certificate)
GetName()

Restituisce il nome dell'oggetto Principal a cui è stato rilasciato il certificato.Returns the name of the principal to which the certificate was issued.

(Ereditato da X509Certificate)
GetNameInfo(X509NameType, Boolean)

Ottiene il soggetto e il nome dell'autorità emittente di un certificato.Gets the subject and issuer names from a certificate.

GetPublicKey()

Restituisce la chiave pubblica del certificato X.509v3 sotto forma di matrice di byte.Returns the public key for the X.509v3 certificate as an array of bytes.

(Ereditato da X509Certificate)
GetPublicKeyString()

Restituisce la chiave pubblica del certificato X.509v3 sotto forma di stringa esadecimale.Returns the public key for the X.509v3 certificate as a hexadecimal string.

(Ereditato da X509Certificate)
GetRawCertData()

Restituisce i dati non elaborati dell'intero certificato X.509v3 sotto forma di matrice di byte.Returns the raw data for the entire X.509v3 certificate as an array of bytes.

(Ereditato da X509Certificate)
GetRawCertDataString()

Restituisce i dati non elaborati dell'intero certificato X.509v3 sotto forma di stringa esadecimale.Returns the raw data for the entire X.509v3 certificate as a hexadecimal string.

(Ereditato da X509Certificate)
GetSerialNumber()

Restituisce il numero di serie del certificato X.509v3 sotto forma di matrice di byte in ordine Little Endian.Returns the serial number of the X.509v3 certificate as an array of bytes in little-endian order.

(Ereditato da X509Certificate)
GetSerialNumberString()

Restituisce il numero di serie del certificato X.509v3 sotto forma di stringa esadecimale Little Endian.Returns the serial number of the X.509v3 certificate as a little-endian hexadecimal string .

(Ereditato da X509Certificate)
GetType()

Ottiene l'oggetto Type dell'istanza corrente.Gets the Type of the current instance.

(Ereditato da Object)
Import(Byte[])

Compila un oggetto X509Certificate2 con i dati di una matrice di byte.Populates an X509Certificate2 object with data from a byte array.

Import(Byte[], SecureString, X509KeyStorageFlags)

Popola un oggetto X509Certificate2 usando i dati di una matrice di byte, una password e un flag di archiviazione delle chiavi.Populates an X509Certificate2 object using data from a byte array, a password, and a key storage flag.

Import(Byte[], String, X509KeyStorageFlags)

Compila un oggetto X509Certificate2 utilizzando i dati di una matrice di byte, una password e flag per determinare la modalità di importazione della chiave privata.Populates an X509Certificate2 object using data from a byte array, a password, and flags for determining how to import the private key.

Import(String)

Compila un oggetto X509Certificate2 con le informazioni di un file di certificato.Populates an X509Certificate2 object with information from a certificate file.

Import(String, SecureString, X509KeyStorageFlags)

Popola un oggetto X509Certificate2 con le informazioni di un file di certificato, una password e un flag di archiviazione delle chiavi.Populates an X509Certificate2 object with information from a certificate file, a password, and a key storage flag.

Import(String, String, X509KeyStorageFlags)

Compila un oggetto X509Certificate2 con le informazioni di un file di certificato, una password e un valore X509KeyStorageFlags.Populates an X509Certificate2 object with information from a certificate file, a password, and a X509KeyStorageFlags value.

MemberwiseClone()

Crea una copia superficiale dell'oggetto Object corrente.Creates a shallow copy of the current Object.

(Ereditato da Object)
Reset()

Reimposta lo stato di un oggetto X509Certificate2.Resets the state of an X509Certificate2 object.

ToString()

Visualizza un certificato X.509 in formato testo.Displays an X.509 certificate in text format.

ToString(Boolean)

Visualizza un certificato X.509 in formato testo.Displays an X.509 certificate in text format.

TryGetCertHash(HashAlgorithmName, Span<Byte>, Int32) (Ereditato da X509Certificate)
Verify()

Esegue la convalida di una catena X.509 mediante i criteri di convalida di base.Performs a X.509 chain validation using basic validation policy.

Implementazioni dell'interfaccia esplicita

IDeserializationCallback.OnDeserialization(Object)

Implementa l'interfaccia ISerializable e viene richiamato dall'evento di deserializzazione al termine della deserializzazione.Implements the ISerializable interface and is called back by the deserialization event when deserialization is complete.

(Ereditato da X509Certificate)
ISerializable.GetObjectData(SerializationInfo, StreamingContext)

Ottiene le informazioni di serializzazione con tutti i dati necessari per ricreare un'istanza dell'oggetto X509Certificate corrente.Gets serialization information with all the data needed to recreate an instance of the current X509Certificate object.

(Ereditato da X509Certificate)

Metodi di estensione

CopyWithPrivateKey(X509Certificate2, DSA)

Combina una chiave privata con la chiave pubblica di un certificato DSA per generare un nuovo certificato DSA.Combines a private key with the public key of a DSA certificate to generate a new DSA certificate.

GetDSAPrivateKey(X509Certificate2)

Ottiene la chiave privata DSA da X509Certificate2.Gets the DSA private key from the X509Certificate2.

GetDSAPublicKey(X509Certificate2)

Ottiene la chiave pubblica DSA dal certificato X509Certificate2.Gets the DSA public key from the X509Certificate2.

CopyWithPrivateKey(X509Certificate2, ECDsa)

Combina una chiave privata con la chiave pubblica di un certificato ECDsa per generare un nuovo certificato ECDSA.Combines a private key with the public key of an ECDsa certificate to generate a new ECDSA certificate.

GetECDsaPrivateKey(X509Certificate2)

Ottiene la chiave privata ECDsa dal certificato X509Certificate2.Gets the ECDsa private key from the X509Certificate2 certificate.

GetECDsaPublicKey(X509Certificate2)

Ottiene la chiave pubblica ECDsa dal certificato X509Certificate2.Gets the ECDsa public key from the X509Certificate2 certificate.

CopyWithPrivateKey(X509Certificate2, RSA)

Combina una chiave privata con la chiave pubblica di un certificato RSA per generare un nuovo certificato RSA.Combines a private key with the public key of an RSA certificate to generate a new RSA certificate.

GetRSAPrivateKey(X509Certificate2)

Ottiene la chiave privata RSA da X509Certificate2.Gets the RSA private key from the X509Certificate2.

GetRSAPublicKey(X509Certificate2)

Ottiene la chiave pubblica RSA dal certificato X509Certificate2.Gets the RSA public key from the X509Certificate2.

Si applica a