X509Certificate2 類別

定義

表示 X.509 憑證。Represents an X.509 certificate.

public ref class X509Certificate2 : System::Security::Cryptography::X509Certificates::X509Certificate
[System.Serializable]
public class X509Certificate2 : System.Security.Cryptography.X509Certificates.X509Certificate
type X509Certificate2 = class
    inherit X509Certificate
Public Class X509Certificate2
Inherits X509Certificate
繼承
X509Certificate2
屬性

範例

下列範例示範如何使用X509Certificate2物件來加密和解密檔案。The following example demonstrates how to use an X509Certificate2 object to encrypt and decrypt a file.

using System;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using System.IO;
using System.Text;

// To run this sample use the Certificate Creation Tool (Makecert.exe) to generate a test X.509 certificate and 
// place it in the local user store. 
// To generate an exchange key and make the key exportable run the following command from a Visual Studio command prompt: 

//makecert -r -pe -n "CN=CERT_SIGN_TEST_CERT" -b 01/01/2010 -e 01/01/2012 -sky exchange -ss my
namespace X509CertEncrypt
{
    class Program
    {

        // Path variables for source, encryption, and
        // decryption folders. Must end with a backslash.
        private static string encrFolder = @"C:\Encrypt\";
        private static string decrFolder = @"C:\Decrypt\";
        private static string originalFile = "TestData.txt";
        private static string encryptedFile = "TestData.enc";

        static void Main(string[] args)
        {

            // Create an input file with test data.
            StreamWriter sw = File.CreateText(originalFile);
            sw.WriteLine("Test data to be encrypted");
            sw.Close();

            // Get the certifcate to use to encrypt the key.
            X509Certificate2 cert = GetCertificateFromStore("CN=CERT_SIGN_TEST_CERT");
            if (cert == null)
            {
                Console.WriteLine("Certificate 'CN=CERT_SIGN_TEST_CERT' not found.");
                Console.ReadLine();
            }


            // Encrypt the file using the public key from the certificate.
            EncryptFile(originalFile, (RSACryptoServiceProvider)cert.PublicKey.Key);

            // Decrypt the file using the private key from the certificate.
            DecryptFile(encryptedFile, (RSACryptoServiceProvider)cert.PrivateKey);

            //Display the original data and the decrypted data.
            Console.WriteLine("Original:   {0}", File.ReadAllText(originalFile));
            Console.WriteLine("Round Trip: {0}", File.ReadAllText(decrFolder + originalFile));
            Console.WriteLine("Press the Enter key to exit.");
            Console.ReadLine();
        }
        private static X509Certificate2 GetCertificateFromStore(string certName)
        {

            // Get the certificate store for the current user.
            X509Store store = new X509Store(StoreLocation.CurrentUser);
            try
            {
                store.Open(OpenFlags.ReadOnly);

                // Place all certificates in an X509Certificate2Collection object.
                X509Certificate2Collection certCollection = store.Certificates;
                // If using a certificate with a trusted root you do not need to FindByTimeValid, instead:
                // currentCerts.Find(X509FindType.FindBySubjectDistinguishedName, certName, true);
                X509Certificate2Collection currentCerts = certCollection.Find(X509FindType.FindByTimeValid, DateTime.Now, false);
                X509Certificate2Collection signingCert = currentCerts.Find(X509FindType.FindBySubjectDistinguishedName, certName, false);
                if (signingCert.Count == 0)
                    return null;
                // Return the first certificate in the collection, has the right name and is current.
                return signingCert[0];
            }
            finally
            {
                store.Close();
            }

        }

        // Encrypt a file using a public key.
        private static void EncryptFile(string inFile, RSACryptoServiceProvider rsaPublicKey)
        {
            using (AesManaged aesManaged = new AesManaged())
            {
                // Create instance of AesManaged for
                // symetric encryption of the data.
                aesManaged.KeySize = 256;
                aesManaged.BlockSize = 128;
                aesManaged.Mode = CipherMode.CBC;
                using (ICryptoTransform transform = aesManaged.CreateEncryptor())
                {
                    RSAPKCS1KeyExchangeFormatter keyFormatter = new RSAPKCS1KeyExchangeFormatter(rsaPublicKey);
                    byte[] keyEncrypted = keyFormatter.CreateKeyExchange(aesManaged.Key, aesManaged.GetType());

                    // Create byte arrays to contain
                    // the length values of the key and IV.
                    byte[] LenK = new byte[4];
                    byte[] LenIV = new byte[4];

                    int lKey = keyEncrypted.Length;
                    LenK = BitConverter.GetBytes(lKey);
                    int lIV = aesManaged.IV.Length;
                    LenIV = BitConverter.GetBytes(lIV);

                    // Write the following to the FileStream
                    // for the encrypted file (outFs):
                    // - length of the key
                    // - length of the IV
                    // - ecrypted key
                    // - the IV
                    // - the encrypted cipher content

                    int startFileName = inFile.LastIndexOf("\\") + 1;
                    // Change the file's extension to ".enc"
                    string outFile = encrFolder + inFile.Substring(startFileName, inFile.LastIndexOf(".") - startFileName) + ".enc";
                    Directory.CreateDirectory(encrFolder);

                    using (FileStream outFs = new FileStream(outFile, FileMode.Create))
                    {

                        outFs.Write(LenK, 0, 4);
                        outFs.Write(LenIV, 0, 4);
                        outFs.Write(keyEncrypted, 0, lKey);
                        outFs.Write(aesManaged.IV, 0, lIV);

                        // Now write the cipher text using
                        // a CryptoStream for encrypting.
                        using (CryptoStream outStreamEncrypted = new CryptoStream(outFs, transform, CryptoStreamMode.Write))
                        {

                            // By encrypting a chunk at
                            // a time, you can save memory
                            // and accommodate large files.
                            int count = 0;
                            int offset = 0;

                            // blockSizeBytes can be any arbitrary size.
                            int blockSizeBytes = aesManaged.BlockSize / 8;
                            byte[] data = new byte[blockSizeBytes];
                            int bytesRead = 0;

                            using (FileStream inFs = new FileStream(inFile, FileMode.Open))
                            {
                                do
                                {
                                    count = inFs.Read(data, offset, blockSizeBytes);
                                    offset += count;
                                    outStreamEncrypted.Write(data, 0, count);
                                    bytesRead += count;
                                }
                                while (count > 0);
                                inFs.Close();
                            }
                            outStreamEncrypted.FlushFinalBlock();
                            outStreamEncrypted.Close();
                        }
                        outFs.Close();
                    }
                }
            }
        }


        // Decrypt a file using a private key.
        private static void DecryptFile(string inFile, RSACryptoServiceProvider rsaPrivateKey)
        {

            // Create instance of AesManaged for
            // symetric decryption of the data.
            using (AesManaged aesManaged = new AesManaged())
            {
                aesManaged.KeySize = 256;
                aesManaged.BlockSize = 128;
                aesManaged.Mode = CipherMode.CBC;

                // Create byte arrays to get the length of
                // the encrypted key and IV.
                // These values were stored as 4 bytes each
                // at the beginning of the encrypted package.
                byte[] LenK = new byte[4];
                byte[] LenIV = new byte[4];

                // Consruct the file name for the decrypted file.
                string outFile = decrFolder + inFile.Substring(0, inFile.LastIndexOf(".")) + ".txt";

                // Use FileStream objects to read the encrypted
                // file (inFs) and save the decrypted file (outFs).
                using (FileStream inFs = new FileStream(encrFolder + inFile, FileMode.Open))
                {

                    inFs.Seek(0, SeekOrigin.Begin);
                    inFs.Seek(0, SeekOrigin.Begin);
                    inFs.Read(LenK, 0, 3);
                    inFs.Seek(4, SeekOrigin.Begin);
                    inFs.Read(LenIV, 0, 3);

                    // Convert the lengths to integer values.
                    int lenK = BitConverter.ToInt32(LenK, 0);
                    int lenIV = BitConverter.ToInt32(LenIV, 0);

                    // Determine the start postition of
                    // the ciphter text (startC)
                    // and its length(lenC).
                    int startC = lenK + lenIV + 8;
                    int lenC = (int)inFs.Length - startC;

                    // Create the byte arrays for
                    // the encrypted AesManaged key,
                    // the IV, and the cipher text.
                    byte[] KeyEncrypted = new byte[lenK];
                    byte[] IV = new byte[lenIV];

                    // Extract the key and IV
                    // starting from index 8
                    // after the length values.
                    inFs.Seek(8, SeekOrigin.Begin);
                    inFs.Read(KeyEncrypted, 0, lenK);
                    inFs.Seek(8 + lenK, SeekOrigin.Begin);
                    inFs.Read(IV, 0, lenIV);
                    Directory.CreateDirectory(decrFolder);
                    // Use RSACryptoServiceProvider
                    // to decrypt the AesManaged key.
                    byte[] KeyDecrypted = rsaPrivateKey.Decrypt(KeyEncrypted, false);

                    // Decrypt the key.
                    using (ICryptoTransform transform = aesManaged.CreateDecryptor(KeyDecrypted, IV))
                    {

                        // Decrypt the cipher text from
                        // from the FileSteam of the encrypted
                        // file (inFs) into the FileStream
                        // for the decrypted file (outFs).
                        using (FileStream outFs = new FileStream(outFile, FileMode.Create))
                        {

                            int count = 0;
                            int offset = 0;

                            int blockSizeBytes = aesManaged.BlockSize / 8;
                            byte[] data = new byte[blockSizeBytes];

                            // By decrypting a chunk a time,
                            // you can save memory and
                            // accommodate large files.

                            // Start at the beginning
                            // of the cipher text.
                            inFs.Seek(startC, SeekOrigin.Begin);
                            using (CryptoStream outStreamDecrypted = new CryptoStream(outFs, transform, CryptoStreamMode.Write))
                            {
                                do
                                {
                                    count = inFs.Read(data, offset, blockSizeBytes);
                                    offset += count;
                                    outStreamDecrypted.Write(data, 0, count);
                                }
                                while (count > 0);

                                outStreamDecrypted.FlushFinalBlock();
                                outStreamDecrypted.Close();
                            }
                            outFs.Close();
                        }
                        inFs.Close();
                    }

                }

            }
        }

    }
}
Imports System.Security.Cryptography
Imports System.Security.Cryptography.X509Certificates
Imports System.IO
Imports System.Text


' To run this sample use the Certificate Creation Tool (Makecert.exe) to generate a test X.509 certificate and 
' place it in the local user store. 
' To generate an exchange key and make the key exportable run the following command from a Visual Studio command prompt: 
'makecert -r -pe -n "CN=CERT_SIGN_TEST_CERT" -b 01/01/2010 -e 01/01/2012 -sky exchange -ss my

Class Program

    ' Path variables for source, encryption, and
    ' decryption folders. Must end with a backslash.
    Private Shared encrFolder As String = "C:\Encrypt\"
    Private Shared decrFolder As String = "C:\Decrypt\"
    Private Shared originalFile As String = "TestData.txt"
    Private Shared encryptedFile As String = "TestData.enc"


    Shared Sub Main(ByVal args() As String)

        ' Create an input file with test data.
        Dim sw As StreamWriter = File.CreateText(originalFile)
        sw.WriteLine("Test data to be encrypted")
        sw.Close()

        ' Get the certifcate to use to encrypt the key.
        Dim cert As X509Certificate2 = GetCertificateFromStore("CN=CERT_SIGN_TEST_CERT")
        If cert Is Nothing Then
            Console.WriteLine("Certificate 'CN=CERT_SIGN_TEST_CERT' not found.")
            Console.ReadLine()
        End If


        ' Encrypt the file using the public key from the certificate.
        EncryptFile(originalFile, CType(cert.PublicKey.Key, RSACryptoServiceProvider))

        ' Decrypt the file using the private key from the certificate.
        DecryptFile(encryptedFile, CType(cert.PrivateKey, RSACryptoServiceProvider))

        'Display the original data and the decrypted data.
        Console.WriteLine("Original:   {0}", File.ReadAllText(originalFile))
        Console.WriteLine("Round Trip: {0}", File.ReadAllText(decrFolder + originalFile))
        Console.WriteLine("Press the Enter key to exit.")
        Console.ReadLine()

    End Sub

    Private Shared Function GetCertificateFromStore(ByVal certName As String) As X509Certificate2
        ' Get the certificate store for the current user.
        Dim store As New X509Store(StoreLocation.CurrentUser)
        Try
            store.Open(OpenFlags.ReadOnly)

            ' Place all certificates in an X509Certificate2Collection object.
            Dim certCollection As X509Certificate2Collection = store.Certificates
            ' If using a certificate with a trusted root you do not need to FindByTimeValid, instead use:
            ' currentCerts.Find(X509FindType.FindBySubjectDistinguishedName, certName, true);
            Dim currentCerts As X509Certificate2Collection = certCollection.Find(X509FindType.FindByTimeValid, DateTime.Now, False)
            Dim signingCert As X509Certificate2Collection = currentCerts.Find(X509FindType.FindBySubjectDistinguishedName, certName, False)
            If signingCert.Count = 0 Then
                Return Nothing
            End If ' Return the first certificate in the collection, has the right name and is current.
            Return signingCert(0)
        Finally
            store.Close()
        End Try


    End Function 'GetCertificateFromStore

    ' Encrypt a file using a public key.
    Private Shared Sub EncryptFile(ByVal inFile As String, ByVal rsaPublicKey As RSACryptoServiceProvider)
        Dim aesManaged As New AesManaged()
        Try
            ' Create instance of AesManaged for
            ' symetric encryption of the data.
            aesManaged.KeySize = 256
            aesManaged.BlockSize = 128
            aesManaged.Mode = CipherMode.CBC
            Dim transform As ICryptoTransform = aesManaged.CreateEncryptor()
            Try
                Dim keyFormatter As New RSAPKCS1KeyExchangeFormatter(rsaPublicKey)
                Dim keyEncrypted As Byte() = keyFormatter.CreateKeyExchange(aesManaged.Key, aesManaged.GetType())

                ' Create byte arrays to contain
                ' the length values of the key and IV.
                Dim LenK(3) As Byte
                Dim LenIV(3) As Byte

                Dim lKey As Integer = keyEncrypted.Length
                LenK = BitConverter.GetBytes(lKey)
                Dim lIV As Integer = aesManaged.IV.Length
                LenIV = BitConverter.GetBytes(lIV)

                ' Write the following to the FileStream
                ' for the encrypted file (outFs):
                ' - length of the key
                ' - length of the IV
                ' - ecrypted key
                ' - the IV
                ' - the encrypted cipher content
                Dim startFileName As Integer = inFile.LastIndexOf("\") + 1
                ' Change the file's extension to ".enc"
                Dim outFile As String = encrFolder + inFile.Substring(startFileName, inFile.LastIndexOf(".") - startFileName) + ".enc"
                Directory.CreateDirectory(encrFolder)

                Dim outFs As New FileStream(outFile, FileMode.Create)
                Try

                    outFs.Write(LenK, 0, 4)
                    outFs.Write(LenIV, 0, 4)
                    outFs.Write(keyEncrypted, 0, lKey)
                    outFs.Write(aesManaged.IV, 0, lIV)

                    ' Now write the cipher text using
                    ' a CryptoStream for encrypting.
                    Dim outStreamEncrypted As New CryptoStream(outFs, transform, CryptoStreamMode.Write)
                    Try

                        ' By encrypting a chunk at
                        ' a time, you can save memory
                        ' and accommodate large files.
                        Dim count As Integer = 0
                        Dim offset As Integer = 0

                        ' blockSizeBytes can be any arbitrary size.
                        Dim blockSizeBytes As Integer = aesManaged.BlockSize / 8
                        Dim data(blockSizeBytes) As Byte
                        Dim bytesRead As Integer = 0

                        Dim inFs As New FileStream(inFile, FileMode.Open)
                        Try
                            Do
                                count = inFs.Read(data, offset, blockSizeBytes)
                                offset += count
                                outStreamEncrypted.Write(data, 0, count)
                                bytesRead += count
                            Loop While count > 0
                            inFs.Close()
                        Finally
                            inFs.Dispose()
                        End Try
                        outStreamEncrypted.FlushFinalBlock()
                        outStreamEncrypted.Close()
                    Finally
                        outStreamEncrypted.Dispose()
                    End Try
                    outFs.Close()
                Finally
                    outFs.Dispose()
                End Try
            Finally
                transform.Dispose()
            End Try
        Finally
            aesManaged.Dispose()
        End Try

    End Sub


    ' Decrypt a file using a private key.
    Private Shared Sub DecryptFile(ByVal inFile As String, ByVal rsaPrivateKey As RSACryptoServiceProvider)

        ' Create instance of AesManaged for
        ' symetric decryption of the data.
        Dim aesManaged As New AesManaged()
        Try
            aesManaged.KeySize = 256
            aesManaged.BlockSize = 128
            aesManaged.Mode = CipherMode.CBC

            ' Create byte arrays to get the length of
            ' the encrypted key and IV.
            ' These values were stored as 4 bytes each
            ' at the beginning of the encrypted package.
            Dim LenK() As Byte = New Byte(4 - 1) {}
            Dim LenIV() As Byte = New Byte(4 - 1) {}

            ' Consruct the file name for the decrypted file.
            Dim outFile As String = decrFolder + inFile.Substring(0, inFile.LastIndexOf(".")) + ".txt"

            ' Use FileStream objects to read the encrypted
            ' file (inFs) and save the decrypted file (outFs).
            Dim inFs As New FileStream(encrFolder + inFile, FileMode.Open)
            Try

                inFs.Seek(0, SeekOrigin.Begin)
                inFs.Seek(0, SeekOrigin.Begin)
                inFs.Read(LenK, 0, 3)
                inFs.Seek(4, SeekOrigin.Begin)
                inFs.Read(LenIV, 0, 3)

                ' Convert the lengths to integer values.
                Dim lengthK As Integer = BitConverter.ToInt32(LenK, 0)
                Dim lengthIV As Integer = BitConverter.ToInt32(LenIV, 0)

                ' Determine the start postition of
                ' the ciphter text (startC)
                ' and its length(lenC).
                Dim startC As Integer = lengthK + lengthIV + 8
                Dim lenC As Integer = (CType(inFs.Length, Integer) - startC)

                ' Create the byte arrays for
                ' the encrypted Rijndael key,
                ' the IV, and the cipher text.
                Dim KeyEncrypted() As Byte = New Byte(lengthK - 1) {}
                Dim IV() As Byte = New Byte(lengthIV - 1) {}

                ' Extract the key and IV
                ' starting from index 8
                ' after the length values.
                inFs.Seek(8, SeekOrigin.Begin)
                inFs.Read(KeyEncrypted, 0, lengthK)
                inFs.Seek(8 + lengthK, SeekOrigin.Begin)
                inFs.Read(IV, 0, lengthIV)
                Directory.CreateDirectory(decrFolder)
                ' Use RSACryptoServiceProvider
                ' to decrypt the Rijndael key.
                Dim KeyDecrypted As Byte() = rsaPrivateKey.Decrypt(KeyEncrypted, False)

                ' Decrypt the key.
                Dim transform As ICryptoTransform = aesManaged.CreateDecryptor(KeyDecrypted, IV)
                ' Decrypt the cipher text from
                ' from the FileSteam of the encrypted
                ' file (inFs) into the FileStream
                ' for the decrypted file (outFs).
                Dim outFs As New FileStream(outFile, FileMode.Create)
                Try
                    ' Decrypt the cipher text from
                    ' from the FileSteam of the encrypted
                    ' file (inFs) into the FileStream
                    ' for the decrypted file (outFs).

                    Dim count As Integer = 0
                    Dim offset As Integer = 0

                    Dim blockSizeBytes As Integer = aesManaged.BlockSize / 8
                    Dim data(blockSizeBytes) As Byte

                    ' By decrypting a chunk a time,
                    ' you can save memory and
                    ' accommodate large files.
                    ' Start at the beginning
                    ' of the cipher text.
                    inFs.Seek(startC, SeekOrigin.Begin)
                    Dim outStreamDecrypted As New CryptoStream(outFs, transform, CryptoStreamMode.Write)
                    Try
                        Do
                            count = inFs.Read(data, offset, blockSizeBytes)
                            offset += count
                            outStreamDecrypted.Write(data, 0, count)
                        Loop While count > 0

                        outStreamDecrypted.FlushFinalBlock()
                        outStreamDecrypted.Close()
                    Finally
                        outStreamDecrypted.Dispose()
                    End Try
                    outFs.Close()
                Finally
                    outFs.Dispose()
                End Try
                inFs.Close()

            Finally
                inFs.Dispose()

            End Try

        Finally
            aesManaged.Dispose()
        End Try


    End Sub
End Class

下列範例會建立命令列可執行檔, 它會採用憑證檔案作為引數, 並將各種憑證屬性列印到主控台。The following example creates a command-line executable that takes a certificate file as an argument and prints various certificate properties to the console.

#using <System.dll>

using namespace System;
using namespace System::Security::Cryptography;
using namespace System::Security::Permissions;
using namespace System::IO;
using namespace System::Security::Cryptography::X509Certificates;

//Reads a file.
array<Byte>^ ReadFile( String^ fileName )
{
   FileStream^ f = gcnew FileStream( fileName,FileMode::Open,FileAccess::Read );
   int size = (int)f->Length;
   array<Byte>^data = gcnew array<Byte>(size);
   size = f->Read( data, 0, size );
   f->Close();
   return data;
}

[SecurityPermissionAttribute(SecurityAction::LinkDemand, Unrestricted = true)]
int main()
{
   array<String^>^args = Environment::GetCommandLineArgs();

   //Test for correct number of arguments.
   if ( args->Length < 2 )
   {
      Console::WriteLine( "Usage: CertInfo <filename>" );
      return  -1;
   }

   try
   {
      System::Security::Cryptography::X509Certificates::X509Certificate2 ^ x509 =
            gcnew System::Security::Cryptography::X509Certificates::X509Certificate2;

      //Create X509Certificate2 object from .cer file.
      array<Byte>^rawData = ReadFile( args[ 1 ] );

      x509->Import(rawData);

      //Print to console information contained in the certificate.
      Console::WriteLine( "{0}Subject: {1}{0}", Environment::NewLine, x509->Subject );
      Console::WriteLine( "{0}Issuer: {1}{0}", Environment::NewLine, x509->Issuer );
      Console::WriteLine( "{0}Version: {1}{0}", Environment::NewLine, x509->Version );
      Console::WriteLine( "{0}Valid Date: {1}{0}", Environment::NewLine, x509->NotBefore );
      Console::WriteLine( "{0}Expiry Date: {1}{0}", Environment::NewLine, x509->NotAfter );
      Console::WriteLine( "{0}Thumbprint: {1}{0}", Environment::NewLine, x509->Thumbprint );
      Console::WriteLine( "{0}Serial Number: {1}{0}", Environment::NewLine, x509->SerialNumber );
      Console::WriteLine( "{0}Friendly Name: {1}{0}", Environment::NewLine, x509->PublicKey->Oid->FriendlyName );
      Console::WriteLine( "{0}Public Key Format: {1}{0}", Environment::NewLine, x509->PublicKey->EncodedKeyValue->Format(true) );
      Console::WriteLine( "{0}Raw Data Length: {1}{0}", Environment::NewLine, x509->RawData->Length );
      Console::WriteLine( "{0}Certificate to string: {1}{0}", Environment::NewLine, x509->ToString( true ) );
      Console::WriteLine( "{0}Certificate to XML String: {1}{0}", Environment::NewLine, x509->PublicKey->Key->ToXmlString( false ) );

      //Add the certificate to a X509Store.
      X509Store ^ store = gcnew X509Store;
      store->Open( OpenFlags::MaxAllowed );
      store->Add( x509 );
      store->Close();
   }
   catch ( DirectoryNotFoundException^ )
   {
      Console::WriteLine( "Error: The directory specified could not be found." );
   }
   catch ( IOException^ )
   {
      Console::WriteLine( "Error: A file in the directory could not be accessed." );
   }
   catch ( NullReferenceException^ )
   {
      Console::WriteLine( "File must be a .cer file. Program does not have access to that type of file." );
   }

}

using System;
using System.Security.Cryptography;
using System.Security.Permissions;
using System.IO;
using System.Security.Cryptography.X509Certificates;

class CertInfo
{
    //Reads a file.
    internal static byte[] ReadFile (string fileName)
    {
        FileStream f = new FileStream(fileName, FileMode.Open, FileAccess.Read);
        int size = (int)f.Length;
        byte[] data = new byte[size];
        size = f.Read(data, 0, size);
        f.Close();
        return data;
    }
    //Main method begins here.
    static void Main(string[] args)
    {
        //Test for correct number of arguments.
        if (args.Length < 1)
        {
            Console.WriteLine("Usage: CertInfo <filename>");
            return;
        }
        try
        {
            X509Certificate2 x509 = new X509Certificate2();
            //Create X509Certificate2 object from .cer file.
            byte[] rawData = ReadFile(args[0]);
            x509.Import(rawData);

            //Print to console information contained in the certificate.
            Console.WriteLine("{0}Subject: {1}{0}", Environment.NewLine, x509.Subject);
            Console.WriteLine("{0}Issuer: {1}{0}", Environment.NewLine, x509.Issuer);
            Console.WriteLine("{0}Version: {1}{0}", Environment.NewLine, x509.Version);
            Console.WriteLine("{0}Valid Date: {1}{0}", Environment.NewLine, x509.NotBefore);
            Console.WriteLine("{0}Expiry Date: {1}{0}", Environment.NewLine, x509.NotAfter);
            Console.WriteLine("{0}Thumbprint: {1}{0}", Environment.NewLine, x509.Thumbprint);
            Console.WriteLine("{0}Serial Number: {1}{0}", Environment.NewLine, x509.SerialNumber);
            Console.WriteLine("{0}Friendly Name: {1}{0}", Environment.NewLine, x509.PublicKey.Oid.FriendlyName);
            Console.WriteLine("{0}Public Key Format: {1}{0}", Environment.NewLine, x509.PublicKey.EncodedKeyValue.Format(true));
            Console.WriteLine("{0}Raw Data Length: {1}{0}", Environment.NewLine, x509.RawData.Length);
            Console.WriteLine("{0}Certificate to string: {1}{0}", Environment.NewLine, x509.ToString(true));
            Console.WriteLine("{0}Certificate to XML String: {1}{0}", Environment.NewLine, x509.PublicKey.Key.ToXmlString(false));

            //Add the certificate to a X509Store.
            X509Store store = new X509Store();
            store.Open(OpenFlags.MaxAllowed);
            store.Add(x509);
            store.Close();
        }
        catch (DirectoryNotFoundException)
        {
               Console.WriteLine("Error: The directory specified could not be found.");
        }
        catch (IOException)
        {
            Console.WriteLine("Error: A file in the directory could not be accessed.");
        }
        catch (NullReferenceException)
        {
            Console.WriteLine("File must be a .cer file. Program does not have access to that type of file.");
        }
    }
}
Imports System.Security.Cryptography
Imports System.Security.Permissions
Imports System.IO
Imports System.Security.Cryptography.X509Certificates

Class CertInfo

    'Reads a file.
    Friend Shared Function ReadFile(ByVal fileName As String) As Byte()
        Dim f As New FileStream(fileName, FileMode.Open, FileAccess.Read)
        Dim size As Integer = Fix(f.Length)
        Dim data(size - 1) As Byte
        size = f.Read(data, 0, size)
        f.Close()
        Return data

    End Function 

    <SecurityPermission(SecurityAction.LinkDemand, Unrestricted:=True)> _
    Shared Sub Main(ByVal args() As String)
        'Test for correct number of arguments.
        If args.Length < 1 Then
            Console.WriteLine("Usage: CertInfo <filename>")
            Return
        End If
        Try
            Dim x509 As New X509Certificate2()
            'Create X509Certificate2 object from .cer file.
            Dim rawData As Byte() = ReadFile(args(0))
            
            x509.Import(rawData)

            'Print to console information contained in the certificate.
            Console.WriteLine("{0}Subject: {1}{0}", Environment.NewLine, x509.Subject)
            Console.WriteLine("{0}Issuer: {1}{0}", Environment.NewLine, x509.Issuer)
            Console.WriteLine("{0}Version: {1}{0}", Environment.NewLine, x509.Version)
            Console.WriteLine("{0}Valid Date: {1}{0}", Environment.NewLine, x509.NotBefore)
            Console.WriteLine("{0}Expiry Date: {1}{0}", Environment.NewLine, x509.NotAfter)
            Console.WriteLine("{0}Thumbprint: {1}{0}", Environment.NewLine, x509.Thumbprint)
            Console.WriteLine("{0}Serial Number: {1}{0}", Environment.NewLine, x509.SerialNumber)
            Console.WriteLine("{0}Friendly Name: {1}{0}", Environment.NewLine, x509.PublicKey.Oid.FriendlyName)
            Console.WriteLine("{0}Public Key Format: {1}{0}", Environment.NewLine, x509.PublicKey.EncodedKeyValue.Format(True))
            Console.WriteLine("{0}Raw Data Length: {1}{0}", Environment.NewLine, x509.RawData.Length)
            Console.WriteLine("{0}Certificate to string: {1}{0}", Environment.NewLine, x509.ToString(True))

            Console.WriteLine("{0}Certificate to XML String: {1}{0}", Environment.NewLine, x509.PublicKey.Key.ToXmlString(False))

            'Add the certificate to a X509Store.
            Dim store As New X509Store()
            store.Open(OpenFlags.MaxAllowed)
            store.Add(x509)
            store.Close()

        Catch dnfExcept As DirectoryNotFoundException
            Console.WriteLine("Error: The directory specified could not be found.")
        Catch ioExpcept As IOException
            Console.WriteLine("Error: A file in the directory could not be accessed.")
        Catch nrExcept As NullReferenceException
            Console.WriteLine("File must be a .cer file. Program does not have access to that type of file.")
        End Try

    End Sub
End Class

備註

X.509 結構源自國際標準組織 (ISO) 工作群組。The X.509 structure originated in the International Organization for Standardization (ISO) working groups. 此結構可用來代表各種類型的資訊, 包括身分識別、權利和持有人屬性 (許可權、年齡、性別、位置、關係等等)。This structure can be used to represent various types of information including identity, entitlement, and holder attributes (permissions, age, sex, location, affiliation, and so forth). 雖然 ISO 規格對於結構本身而言是最具資訊性的X509Certificate2 , 但類別是設計用來建立由網際網路工程任務推動小組 (IETF) 公開金鑰基礎結構 (x.509 (PKIX) 所發行之規格中所定義的使用案例模型。) 工作群組。Although the ISO specifications are most informative on the structure itself, the X509Certificate2 class is designed to model the usage scenarios defined in specifications issued by the Internet Engineering Task Force (IETF) Public Key Infrastructure, X.509 (PKIX) working group. 這些規格的最具資訊性是 RFC 3280 「憑證和憑證撤銷清單 (CRL) 設定檔」。The most informative of these specifications is RFC 3280, "Certificate and Certificate Revocation List (CRL) Profile."

重要

從開始IDisposable , 這個型別會實作為介面。 .NET Framework 4.6.NET Framework 4.6Starting with the .NET Framework 4.6.NET Framework 4.6, this type implements the IDisposable interface. 當您完成使用類型時, 您應該直接或間接處置它。When you have finished using the type, you should dispose of it either directly or indirectly. 若要直接Dispose處置類型, 請try / catch在區塊中呼叫其方法。To dispose of the type directly, call its Dispose method in a try/catch block. 若要間接處置它, 請使用語言結構, 例如using (在C#中) Using或 (在 Visual Basic 中)。To dispose of it indirectly, use a language construct such as using (in C#) or Using (in Visual Basic). 如需詳細資訊, 請參閱IDisposable介面主題中的「使用可執行 IDisposable 的物件」一節。For more information, see the "Using an Object that Implements IDisposable" section in the IDisposable interface topic.

針對以.NET Framework 4.5.2.NET Framework 4.5.2和舊版為目標的應用程式X509Certificate2 , IDisposable類別不會執行介面, 因此不會有Dispose方法。For apps that target the .NET Framework 4.5.2.NET Framework 4.5.2 and earlier versions, the X509Certificate2 class does not implement the IDisposable interface and therefore does not have a Dispose method.

建構函式

X509Certificate2()

初始化 X509Certificate2 類別的新執行個體。Initializes a new instance of the X509Certificate2 class.

X509Certificate2(Byte[])

使用位元組陣列中的資訊,初始化 X509Certificate2 類別的新執行個體。Initializes a new instance of the X509Certificate2 class using information from a byte array.

X509Certificate2(Byte[], SecureString)

使用位元組陣列和密碼,初始化 X509Certificate2 類別的新執行個體。Initializes a new instance of the X509Certificate2 class using a byte array and a password.

X509Certificate2(Byte[], SecureString, X509KeyStorageFlags)

使用位元組陣列、密碼和金鑰儲存旗標,初始化 X509Certificate2 類別的新執行個體。Initializes a new instance of the X509Certificate2 class using a byte array, a password, and a key storage flag.

X509Certificate2(Byte[], String)

使用位元組陣列和密碼,初始化 X509Certificate2 類別的新執行個體。Initializes a new instance of the X509Certificate2 class using a byte array and a password.

X509Certificate2(Byte[], String, X509KeyStorageFlags)

使用位元組陣列、密碼和金鑰儲存旗標,初始化 X509Certificate2 類別的新執行個體。Initializes a new instance of the X509Certificate2 class using a byte array, a password, and a key storage flag.

X509Certificate2(IntPtr)

使用 Unmanaged 控制代碼,初始化 X509Certificate2 類別的新執行個體。Initializes a new instance of the X509Certificate2 class using an unmanaged handle.

X509Certificate2(SerializationInfo, StreamingContext)

使用指定的序列化和資料流內容資訊,初始化 X509Certificate2 類別的新執行個體。Initializes a new instance of the X509Certificate2 class using the specified serialization and stream context information.

X509Certificate2(String)

使用憑證檔名,初始化 X509Certificate2 類別的新執行個體。Initializes a new instance of the X509Certificate2 class using a certificate file name.

X509Certificate2(String, SecureString)

使用憑證檔名和密碼,初始化 X509Certificate2 類別的新執行個體。Initializes a new instance of the X509Certificate2 class using a certificate file name and a password.

X509Certificate2(String, SecureString, X509KeyStorageFlags)

使用憑證檔名、密碼和金鑰儲存旗標,初始化 X509Certificate2 類別的新執行個體。Initializes a new instance of the X509Certificate2 class using a certificate file name, a password, and a key storage flag.

X509Certificate2(String, String)

使用憑證檔名和用於存取憑證的密碼,初始化 X509Certificate2 類別的新執行個體。Initializes a new instance of the X509Certificate2 class using a certificate file name and a password used to access the certificate.

X509Certificate2(String, String, X509KeyStorageFlags)

使用憑證檔名、用於存取憑證的密碼和金鑰儲存旗標,初始化 X509Certificate2 類別的新執行個體。Initializes a new instance of the X509Certificate2 class using a certificate file name, a password used to access the certificate, and a key storage flag.

X509Certificate2(X509Certificate)

使用 X509Certificate2 物件,初始化 X509Certificate 類別的新執行個體。Initializes a new instance of the X509Certificate2 class using an X509Certificate object.

屬性

Archived

取得或設定值,表示 X.509 憑證已封存。Gets or sets a value indicating that an X.509 certificate is archived.

Extensions

取得 X509Extension 物件的集合。Gets a collection of X509Extension objects.

FriendlyName

取得或設定憑證的相關別名 (Alias)。Gets or sets the associated alias for a certificate.

Handle

取得 Unmanaged PCCERT_CONTEXT 結構所描述之 Microsoft Cryptographic API 憑證內容的控制代碼。Gets a handle to a Microsoft Cryptographic API certificate context described by an unmanaged PCCERT_CONTEXT structure.

(繼承來源 X509Certificate)
HasPrivateKey

取得值,指出 X509Certificate2 物件是否包含私密金鑰。Gets a value that indicates whether an X509Certificate2 object contains a private key.

Issuer

取得核發 X.509v3 憑證的憑證授權單位名稱。Gets the name of the certificate authority that issued the X.509v3 certificate.

(繼承來源 X509Certificate)
IssuerName

取得憑證簽發者的辨別名稱。Gets the distinguished name of the certificate issuer.

NotAfter

取得日期 (當地時間),憑證在該日期之後就不再有效。Gets the date in local time after which a certificate is no longer valid.

NotBefore

取得日期 (當地時間),憑證會在該日期生效。Gets the date in local time on which a certificate becomes valid.

PrivateKey

取得或設定 AsymmetricAlgorithm 物件,表示與憑證相關聯的私密金鑰。Gets or sets the AsymmetricAlgorithm object that represents the private key associated with a certificate.

PublicKey

取得與憑證相關聯的 PublicKey 物件。Gets a PublicKey object associated with a certificate.

RawData

取得憑證的未經處理資料 (Raw Data)。Gets the raw data of a certificate.

SerialNumber

取得作為位元組由大到小的十六進位字串的憑證序號。Gets the serial number of a certificate as a big-endian hexadecimal string.

SignatureAlgorithm

取得用於建立憑證簽章的演算法。Gets the algorithm used to create the signature of a certificate.

Subject

取得憑證的主旨辨別名稱。Gets the subject distinguished name from the certificate.

(繼承來源 X509Certificate)
SubjectName

取得憑證的主旨辨別名稱。Gets the subject distinguished name from a certificate.

Thumbprint

取得憑證的指模。Gets the thumbprint of a certificate.

Version

取得憑證的 X.509 格式版本。Gets the X.509 format version of a certificate.

方法

Dispose()

釋放由 X509Certificate 物件使用的所有資源。Releases all resources used by the current X509Certificate object.

(繼承來源 X509Certificate)
Dispose(Boolean)

釋放這個 X509Certificate 使用的所有 Unmanaged 資源,並選擇性地釋放 Managed 資源。Releases all of the unmanaged resources used by this X509Certificate and optionally releases the managed resources.

(繼承來源 X509Certificate)
Equals(Object)

比較兩個 X509Certificate 物件是否相等。Compares two X509Certificate objects for equality.

(繼承來源 X509Certificate)
Equals(X509Certificate)

比較兩個 X509Certificate 物件是否相等。Compares two X509Certificate objects for equality.

(繼承來源 X509Certificate)
Export(X509ContentType)

以其中一個 X509Certificate 值所描述的格式,將目前的 X509ContentType 物件匯出至位元組陣列。Exports the current X509Certificate object to a byte array in a format described by one of the X509ContentType values.

(繼承來源 X509Certificate)
Export(X509ContentType, SecureString)

使用指定的格式和密碼,將目前的 X509Certificate 物件匯出至位元組陣列。Exports the current X509Certificate object to a byte array using the specified format and a password.

(繼承來源 X509Certificate)
Export(X509ContentType, String)
GetCertContentType(Byte[])

表示位元組陣列中包含的憑證類型。Indicates the type of certificate contained in a byte array.

GetCertContentType(String)

表示檔案中包含的憑證類型。Indicates the type of certificate contained in a file.

GetCertHash()

將 X.509v3 憑證的雜湊值 (Hash Value) 傳回為位元組陣列。Returns the hash value for the X.509v3 certificate as an array of bytes.

(繼承來源 X509Certificate)
GetCertHash(HashAlgorithmName)

傳回使用指定密碼編譯雜湊演算法所計算 X.509v3 憑證的雜湊值。Returns the hash value for the X.509v3 certificate that is computed by using the specified cryptographic hash algorithm.

(繼承來源 X509Certificate)
GetCertHashString()

將 X.509v3 憑證的 SHA1 雜湊值傳回為十六進位的字串。Returns the SHA1 hash value for the X.509v3 certificate as a hexadecimal string.

(繼承來源 X509Certificate)
GetCertHashString(HashAlgorithmName)

傳回包含使用指定密碼編譯雜湊演算法所計算 X.509v3 憑證雜湊值的十六進位字串。Returns a hexadecimal string containing the hash value for the X.509v3 certificate computed using the specified cryptographic hash algorithm.

(繼承來源 X509Certificate)
GetEffectiveDateString()

傳回這個 X.509v3 憑證的有效日期。Returns the effective date of this X.509v3 certificate.

(繼承來源 X509Certificate)
GetExpirationDateString()

傳回這個 X.509v3 憑證的到期日。Returns the expiration date of this X.509v3 certificate.

(繼承來源 X509Certificate)
GetFormat()

傳回這個 X.509v3 憑證的格式名稱。Returns the name of the format of this X.509v3 certificate.

(繼承來源 X509Certificate)
GetHashCode()

將 X.509v3 憑證的雜湊程式碼傳回為整數。Returns the hash code for the X.509v3 certificate as an integer.

(繼承來源 X509Certificate)
GetIssuerName()

傳回發出 X.509v3 憑證的憑證授權單位名稱。Returns the name of the certification authority that issued the X.509v3 certificate.

(繼承來源 X509Certificate)
GetKeyAlgorithm()

傳回做為字串的這個 X.509v3 憑證金鑰演算法資訊。Returns the key algorithm information for this X.509v3 certificate as a string.

(繼承來源 X509Certificate)
GetKeyAlgorithmParameters()

傳回做為位元組陣列的 X.509v3 憑證金鑰演算法參數。Returns the key algorithm parameters for the X.509v3 certificate as an array of bytes.

(繼承來源 X509Certificate)
GetKeyAlgorithmParametersString()

傳回做為十六進位字串的 X.509v3 憑證金鑰演算法參數。Returns the key algorithm parameters for the X.509v3 certificate as a hexadecimal string.

(繼承來源 X509Certificate)
GetName()

返回已核發憑證的主要名稱。Returns the name of the principal to which the certificate was issued.

(繼承來源 X509Certificate)
GetNameInfo(X509NameType, Boolean)

取得憑證的主旨和簽發者名稱。Gets the subject and issuer names from a certificate.

GetPublicKey()

傳回做為位元組陣列的 X.509v3 憑證公開金鑰。Returns the public key for the X.509v3 certificate as an array of bytes.

(繼承來源 X509Certificate)
GetPublicKeyString()

傳回做為十六進位字串的 X.509v3 憑證公開金鑰。Returns the public key for the X.509v3 certificate as a hexadecimal string.

(繼承來源 X509Certificate)
GetRawCertData()

傳回做為位元組陣列的整個 X.509v3 憑證的未經處理資料。Returns the raw data for the entire X.509v3 certificate as an array of bytes.

(繼承來源 X509Certificate)
GetRawCertDataString()

傳回做為十六進位字串的整個 X.509v3 憑證的未經處理資料。Returns the raw data for the entire X.509v3 certificate as a hexadecimal string.

(繼承來源 X509Certificate)
GetSerialNumber()

傳回作為位元組由小到大順序之位元組陣列的 X.509v3 憑證序號。Returns the serial number of the X.509v3 certificate as an array of bytes in little-endian order.

(繼承來源 X509Certificate)
GetSerialNumberString()

傳回作為位元組由小到大十六進位字串的 X.509v3 憑證序號。Returns the serial number of the X.509v3 certificate as a little-endian hexadecimal string .

(繼承來源 X509Certificate)
GetType()

取得目前執行個體的 TypeGets the Type of the current instance.

(繼承來源 Object)
Import(Byte[])

用位元組陣列的資料,填入 X509Certificate2 物件。Populates an X509Certificate2 object with data from a byte array.

Import(Byte[], SecureString, X509KeyStorageFlags)

使用位元組陣列的資料、密碼和金鑰儲存旗標,填入 X509Certificate2 物件。Populates an X509Certificate2 object using data from a byte array, a password, and a key storage flag.

Import(Byte[], String, X509KeyStorageFlags)

用位元組陣列的資料、密碼以及用於判斷如何匯入私密金鑰的旗標,填入 X509Certificate2 物件。Populates an X509Certificate2 object using data from a byte array, a password, and flags for determining how to import the private key.

Import(String)

用憑證檔的資訊,填入 X509Certificate2 物件。Populates an X509Certificate2 object with information from a certificate file.

Import(String, SecureString, X509KeyStorageFlags)

用憑證檔的資訊、密碼和金鑰儲存旗標,填入 X509Certificate2 物件。Populates an X509Certificate2 object with information from a certificate file, a password, and a key storage flag.

Import(String, String, X509KeyStorageFlags)

用憑證檔的資訊、密碼和 X509Certificate2 值,填入 X509KeyStorageFlags 物件。Populates an X509Certificate2 object with information from a certificate file, a password, and a X509KeyStorageFlags value.

MemberwiseClone()

建立目前 Object 的淺層複製。Creates a shallow copy of the current Object.

(繼承來源 Object)
Reset()

重設 X509Certificate2 物件的狀態。Resets the state of an X509Certificate2 object.

ToString()

以文字格式顯示 X.509 憑證。Displays an X.509 certificate in text format.

ToString(Boolean)

以文字格式顯示 X.509 憑證。Displays an X.509 certificate in text format.

TryGetCertHash(HashAlgorithmName, Span<Byte>, Int32) (繼承來源 X509Certificate)
Verify()

使用基本驗證原則,執行 X.509 鏈結驗證。Performs a X.509 chain validation using basic validation policy.

明確介面實作

IDeserializationCallback.OnDeserialization(Object)

實作 ISerializable 介面並在還原序列化完成時,由還原序列化事件回呼。Implements the ISerializable interface and is called back by the deserialization event when deserialization is complete.

(繼承來源 X509Certificate)
ISerializable.GetObjectData(SerializationInfo, StreamingContext)

取得重新建立目前 X509Certificate 物件的執行個體所需之全部資料的序列化資訊。Gets serialization information with all the data needed to recreate an instance of the current X509Certificate object.

(繼承來源 X509Certificate)

擴充方法

CopyWithPrivateKey(X509Certificate2, DSA)

結合私密金鑰與 DSA 憑證的公開金鑰,以產生新的 DSA 憑證。Combines a private key with the public key of a DSA certificate to generate a new DSA certificate.

GetDSAPrivateKey(X509Certificate2)

X509Certificate2 取得 DSA 私密金鑰。Gets the DSA private key from the X509Certificate2.

GetDSAPublicKey(X509Certificate2)

X509Certificate2 取得 DSA 公開金鑰。Gets the DSA public key from the X509Certificate2.

CopyWithPrivateKey(X509Certificate2, ECDsa)

結合私密金鑰與 ECDsa 憑證的公開金鑰,以產生新的 ECDSA 憑證。Combines a private key with the public key of an ECDsa certificate to generate a new ECDSA certificate.

GetECDsaPrivateKey(X509Certificate2)

X509Certificate2 憑證取得 ECDsa 私密金鑰。Gets the ECDsa private key from the X509Certificate2 certificate.

GetECDsaPublicKey(X509Certificate2)

X509Certificate2 憑證取得 ECDsa 公開金鑰。Gets the ECDsa public key from the X509Certificate2 certificate.

CopyWithPrivateKey(X509Certificate2, RSA)

結合私密金鑰與 RSA 憑證的公開金鑰,以產生新的 RSA 憑證。Combines a private key with the public key of an RSA certificate to generate a new RSA certificate.

GetRSAPrivateKey(X509Certificate2)

X509Certificate2 取得 RSA 私密金鑰。Gets the RSA private key from the X509Certificate2.

GetRSAPublicKey(X509Certificate2)

X509Certificate2 取得 RSA 公開金鑰。Gets the RSA public key from the X509Certificate2.

適用於