生成一个公钥和私钥
可以使用下述网站生成公钥和私钥(当然,使用外部网站来生成公钥和私钥是不安全的,建议仅作为测试时使用)
https://easydmarc.com/tools/dkim-record-generator
通过证书生成一个公钥和私钥
使用OpenSSL创建证书
1.安装 OpenSSL:首先,在计算机上安装 OpenSSL。可以从 OpenSSL 官方网站(https://www.openssl.org/)下载适用于操作系统的适当版本。
2. openssl genpkey -algorithm RSA -out private.key 这将生成一个名为 private.key 的私钥文件。
3. 生成证书签名请求(CSR):使用私钥生成证书签名请求(CSR),该请求包含有关您的证书的信息。使用以下命令生成 CSR 文件:
openssl req -new -key private.key -out csr.csr
4.在生成 CSR 过程中,您将需要提供一些证书的相关信息,例如组织名称、常用名称 (CN) 等。
自签名证书:如果您只是需要自签名证书,您可以使用以下命令生成自签名证书:
openssl x509 -req -days 365 -in csr.csr -signkey private.key -out certificate.crt
这将生成一个名为 certificate.crt 的自签名证书文件。
※以上方法来自于Chatgpt,未经验证,不保证是否正确
使用C# code创建证书
.Net创建证书存在限制,出于防止私钥被意外泄露的安全考虑,证书的私钥正常是无法导出的(RSACng 类的 AllowPlaintextExport 属性不再可用)
当然,我们也可以通过其他方式绕过这种限制,具体可以参考下面的code
创建证书
1 /// <summary> 2 /// Use this method to create a certificate 3 /// </summary> 4 /// <returns></returns> 5 public static X509Certificate2 CreateCertificateWithPrivateKey() 6 { 7 // 创建 RSA 密钥对 8 RSA rsa = RSA.Create(); 9 10 // 创建证书请求 11 CertificateRequest request = new CertificateRequest("CN=My Certificate", rsa, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1); 12 13 // 添加扩展名,可选 14 request.CertificateExtensions.Add(new X509BasicConstraintsExtension(false, false, 0, false)); 15 request.CertificateExtensions.Add(new X509KeyUsageExtension(System.Security.Cryptography.X509Certificates.X509KeyUsageFlags.DigitalSignature, false)); 16 17 // 创建自签名证书 18 X509Certificate2 certificate = request.CreateSelfSigned(DateTimeOffset.Now.AddDays(-1), DateTimeOffset.Now.AddYears(1)); 19 20 //var content = certificate.Export(X509ContentType.Pfx, password); 21 //File.WriteAllBytes(exportPath, content); 22 return certificate; 23 }
导出证书的私钥
/// <summary> /// Use this method to export private key /// certificate not support export private key if created by C# code /// use this method to support export private key /// refer path:https://stackoverflow.com/questions/65242917/unable-to-export-rsa-private-parameters-when-running-as-administrator /// for now, not find a method to support .Net Framwork to export private key. /// </summary> /// <param name="cert"></param> /// <returns></returns> public static RSA GetExportableRSAPrivateKey(X509Certificate2 cert) { const CngExportPolicies exportability = CngExportPolicies.AllowExport | CngExportPolicies.AllowPlaintextExport; var rsa = cert.GetRSAPrivateKey(); // Thankfully we don't have to deal with all this shit on Linux if (!RuntimeInformation.IsOSPlatform(OSPlatform.Windows)) return rsa; // We always expect an RSACng on Windows these days, but that could change if (!(rsa is RSACng rsaCng)) return rsa; // Is the AllowPlaintextExport policy flag already set? if ((rsaCng.Key.ExportPolicy & exportability) != CngExportPolicies.AllowExport) return rsa; try { // Export the original RSA private key to an encrypted blob - note you will get "The requested operation // is not supported" if trying to export without encryption, so we export with encryption! var exported = rsa.ExportEncryptedPkcs8PrivateKey(nameof(GetExportableRSAPrivateKey), new PbeParameters(PbeEncryptionAlgorithm.Aes256Cbc, HashAlgorithmName.SHA256, 2048)); // Load the exported blob into a fresh RSA object, which will have the AllowPlaintextExport policy without // having to do anything else RSA copy = RSA.Create(); copy.ImportEncryptedPkcs8PrivateKey(nameof(GetExportableRSAPrivateKey), exported, out _); return copy; } finally { rsa.Dispose(); } }
标签:公钥,私钥,证书,rsa,private,RSA,key,DKIM From: https://www.cnblogs.com/xluoblog/p/18019369