我可以将 X509 证书转换为 string/byte 以便以后使用吗?
Can I Convert X509 Certificate to string/byte to use later?
我遇到一种情况,我需要 X509 证书并且可以轻松地向它传递字符串。我能以某种方式将证书转换为字符串并返回证书吗?
我尝试了以下操作,除了更改了证书指纹外,一切正常。
var originalCert = new X509Certificate2("C:\cert.pfx", "password");
var byteCert = originalCert.GetRawCertData();
var stringCert = Encoding.Unicode.GetString(byteCert);
var convertedBytes = Encoding.Unicode.GetBytes(stringCert);
var convertedCert = new X509Certificate2(convertedBytes);
var equalThumbprints = originalCert.Thumbprint == convertedCert.Thumbprint; //this returns false
在这种情况下如何获得完全相同的证书?
证书指纹不应该是唯一的并且由证书颁发机构生成吗?
正如评论中所建议的,当您需要通过文本传输传输字节数组并保持其完整性时,您应该使用 Base64 编码:
String b64 = Convert.ToBase64String(originalCert.RawData);
然后当您需要从字符串中恢复字节数组时:
Byte[] rawData = Convert.FromBase64String(b64);
Base64只使用ASCIItable(实际上只有7位),并且抵抗控制字符,如CR/LF/CRLF、空格、制表符等字符。
在这里回答关于指纹的疑问是答案:
The thumbprint is dynamically generated using the SHA1 algorithm and
does not physically exist in the certificate. Since the thumbprint is
a unique value for the certificate, it is commonly used to find a
particular certificate in a certificate store.
更多here ...
要检查您是否拥有相同的证书,请使用 Equals 方法。
var equalcerts = originalCert.Equals(convertedCert);
更新
The Equals method should not be used when comparing certificates for
security purposes. Instead, use a hash of the RawData property, or the
Thumbprint property.
因此,使用 RawData 创建您的新证书,例如:
var originalCert = new X509Certificate2("C:\cert.pfx", "password");
var byteCert = Convert.ToBase64String(originalCert.RawData);
var convertedCert = new X509Certificate2(Convert.FromBase64String(byteCert));
var equalThumbprints = originalCert.Thumbprint == convertedCert.Thumbprint; //true
var equalcerts = originalCert.Equals(convertedCert); //true
我遇到一种情况,我需要 X509 证书并且可以轻松地向它传递字符串。我能以某种方式将证书转换为字符串并返回证书吗?
我尝试了以下操作,除了更改了证书指纹外,一切正常。
var originalCert = new X509Certificate2("C:\cert.pfx", "password");
var byteCert = originalCert.GetRawCertData();
var stringCert = Encoding.Unicode.GetString(byteCert);
var convertedBytes = Encoding.Unicode.GetBytes(stringCert);
var convertedCert = new X509Certificate2(convertedBytes);
var equalThumbprints = originalCert.Thumbprint == convertedCert.Thumbprint; //this returns false
在这种情况下如何获得完全相同的证书?
证书指纹不应该是唯一的并且由证书颁发机构生成吗?
正如评论中所建议的,当您需要通过文本传输传输字节数组并保持其完整性时,您应该使用 Base64 编码:
String b64 = Convert.ToBase64String(originalCert.RawData);
然后当您需要从字符串中恢复字节数组时:
Byte[] rawData = Convert.FromBase64String(b64);
Base64只使用ASCIItable(实际上只有7位),并且抵抗控制字符,如CR/LF/CRLF、空格、制表符等字符。
在这里回答关于指纹的疑问是答案:
The thumbprint is dynamically generated using the SHA1 algorithm and does not physically exist in the certificate. Since the thumbprint is a unique value for the certificate, it is commonly used to find a particular certificate in a certificate store.
更多here ...
要检查您是否拥有相同的证书,请使用 Equals 方法。
var equalcerts = originalCert.Equals(convertedCert);
更新
The Equals method should not be used when comparing certificates for security purposes. Instead, use a hash of the RawData property, or the Thumbprint property.
因此,使用 RawData 创建您的新证书,例如:
var originalCert = new X509Certificate2("C:\cert.pfx", "password");
var byteCert = Convert.ToBase64String(originalCert.RawData);
var convertedCert = new X509Certificate2(Convert.FromBase64String(byteCert));
var equalThumbprints = originalCert.Thumbprint == convertedCert.Thumbprint; //true
var equalcerts = originalCert.Equals(convertedCert); //true