如何使用 id-ecc 创建自签名证书以用于 ECDSA 签名和验证?
How do I create self signed certificate with id-ecc for use with ECDSA signature and verification?
我正在尝试更新 this article's code to allow me to create (and use) an ECC based self signed certificate, and do basic signing and verification with it (ECDSA)。
- 是否有任何方法可以使用跨平台 .NET Core API 来完成此操作,或者是否需要 Win32 P/Invoke?
根据,我需要使用the more standard id-ecc类型
Is there any way to accomplish this with cross platform .NET Core APIs
是的!
X509Certificate2 cert;
using (ECDsa key = ECDsa.Create(ECCurve.NamedCurves.nistP256))
{
CertificateRequest request = new CertificateRequest(
"CN=Self-Signed ECDSA",
key,
HashAlgorithmName.SHA256);
request.CertificateExtensions.Add(
new X509KeyUsageExtension(X509KeyUsageFlags.DigitalSignature, critical: false));
request.CertificateExtensions.Add(
new X509BasicConstraintsExtension(false, false, 0, false));
// If it was for TLS, then Subject Alternative Names and
// Extended (Enhanced) Key Usages would also be useful.
DateTimeOffset start = DateTimeOffset.UtcNow;
cert = request.CreateSelfSigned(notBefore: start, notAfter: start.AddMonths(3));
}
// If you want to save a PFX or something, you can do so now.
我正在尝试更新 this article's code to allow me to create (and use) an ECC based self signed certificate, and do basic signing and verification with it (ECDSA)。
- 是否有任何方法可以使用跨平台 .NET Core API 来完成此操作,或者是否需要 Win32 P/Invoke?
根据the more standard id-ecc类型
Is there any way to accomplish this with cross platform .NET Core APIs
是的!
X509Certificate2 cert;
using (ECDsa key = ECDsa.Create(ECCurve.NamedCurves.nistP256))
{
CertificateRequest request = new CertificateRequest(
"CN=Self-Signed ECDSA",
key,
HashAlgorithmName.SHA256);
request.CertificateExtensions.Add(
new X509KeyUsageExtension(X509KeyUsageFlags.DigitalSignature, critical: false));
request.CertificateExtensions.Add(
new X509BasicConstraintsExtension(false, false, 0, false));
// If it was for TLS, then Subject Alternative Names and
// Extended (Enhanced) Key Usages would also be useful.
DateTimeOffset start = DateTimeOffset.UtcNow;
cert = request.CreateSelfSigned(notBefore: start, notAfter: start.AddMonths(3));
}
// If you want to save a PFX or something, you can do so now.