生成一个公钥和私钥
可以使用下述网站生成公钥和私钥(当然,使用外部网站来生成公钥和私钥是不安全的,建议仅作为测试时使用)
https://easydmarc.com/tools/dkim-record-generator
通过证书生成一个公钥和私钥
使用OpenSSL创建证书
1.安装 OpenSSL:首先,在计算机上安装 OpenSSL。可以从 OpenSSL 官方网站(https://www.openssl.org/)下载适用于操作系统的适当版本。
2. openssl genpkey -algorithm RSA -out private.key 这将生成一个名为 private.key 的私钥文件。
3. 生成证书签名请求(CSR):使用私钥生成证书签名请求(CSR),该请求包含有关您的证书的信息。使用以下命令生成 CSR 文件:
openssl req -new -key private.key -out csr.csr
4.在生成 CSR 过程中,您将需要提供一些证书的相关信息,例如组织名称、常用名称 (CN) 等。
自签名证书:如果您只是需要自签名证书,您可以使用以下命令生成自签名证书:
openssl x509 -req -days 365 -in csr.csr -signkey private.key -out certificate.crt
这将生成一个名为 certificate.crt 的自签名证书文件。
※以上方法来自于Chatgpt,未经验证,不保证是否正确
使用C# code创建证书
.Net创建证书存在限制,出于防止私钥被意外泄露的安全考虑,证书的私钥正常是无法导出的(RSACng 类的 AllowPlaintextExport 属性不再可用)
当然,我们也可以通过其他方式绕过这种限制,具体可以参考下面的code
创建证书
1 /// <summary>
2 /// Use this method to create a certificate
3 /// </summary>
4 /// <returns></returns>
5 public static X509Certificate2 CreateCertificateWithPrivateKey()
6 {
7 // 创建 RSA 密钥对
8 RSA rsa = RSA.Create();
9
10 // 创建证书请求
11 CertificateRequest request = new CertificateRequest("CN=My Certificate", rsa, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
12
13 // 添加扩展名,可选
14 request.CertificateExtensions.Add(new X509BasicConstraintsExtension(false, false, 0, false));
15 request.CertificateExtensions.Add(new X509KeyUsageExtension(System.Security.Cryptography.X509Certificates.X509KeyUsageFlags.DigitalSignature, false));
16
17 // 创建自签名证书
18 X509Certificate2 certificate = request.CreateSelfSigned(DateTimeOffset.Now.AddDays(-1), DateTimeOffset.Now.AddYears(1));
19
20 //var content = certificate.Export(X509ContentType.Pfx, password);
21 //File.WriteAllBytes(exportPath, content);
22 return certificate;
23 }
导出证书的私钥
/// <summary>
/// Use this method to export private key
/// certificate not support export private key if created by C# code
/// use this method to support export private key
/// refer path:https://stackoverflow.com/questions/65242917/unable-to-export-rsa-private-parameters-when-running-as-administrator
/// for now, not find a method to support .Net Framwork to export private key.
/// </summary>
/// <param name="cert"></param>
/// <returns></returns>
public static RSA GetExportableRSAPrivateKey(X509Certificate2 cert)
{
const CngExportPolicies exportability = CngExportPolicies.AllowExport | CngExportPolicies.AllowPlaintextExport;
var rsa = cert.GetRSAPrivateKey();
// Thankfully we don't have to deal with all this shit on Linux
if (!RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
return rsa;
// We always expect an RSACng on Windows these days, but that could change
if (!(rsa is RSACng rsaCng))
return rsa;
// Is the AllowPlaintextExport policy flag already set?
if ((rsaCng.Key.ExportPolicy & exportability) != CngExportPolicies.AllowExport)
return rsa;
try
{
// Export the original RSA private key to an encrypted blob - note you will get "The requested operation
// is not supported" if trying to export without encryption, so we export with encryption!
var exported = rsa.ExportEncryptedPkcs8PrivateKey(nameof(GetExportableRSAPrivateKey),
new PbeParameters(PbeEncryptionAlgorithm.Aes256Cbc, HashAlgorithmName.SHA256, 2048));
// Load the exported blob into a fresh RSA object, which will have the AllowPlaintextExport policy without
// having to do anything else
RSA copy = RSA.Create();
copy.ImportEncryptedPkcs8PrivateKey(nameof(GetExportableRSAPrivateKey), exported, out _);
return copy;
}
finally
{
rsa.Dispose();
}
}
标签:公钥,私钥,证书,rsa,private,RSA,key,DKIM From: https://www.cnblogs.com/xluoblog/p/18019369