1

我正在尝试更新本文的代码,以允许我创建(和使用)基于 ECC 的自签名证书,并使用它进行基本的签名和验证ECDSA)。

  • 有什么方法可以通过跨平台 .NET Core API 实现这一点,还是需要 Win32 P/Invoke?

根据这篇文章,我需要使用the more standard id-ecc类型

4

1 回答 1

4

有什么方法可以通过跨平台 .NET Core API 实现这一点

是的!

X509Certificate2 cert;

using (ECDsa key = ECDsa.Create(ECCurve.NamedCurves.nistP256))
{
    CertificateRequest request = new CertificateRequest(
        "CN=Self-Signed ECDSA",
        key,
        HashAlgorithmName.SHA256);

    request.CertificateExtensions.Add(
        new X509KeyUsageExtension(X509KeyUsageFlags.DigitalSignature, critical: false));

    request.CertificateExtensions.Add(
        new X509BasicConstraintsExtension(false, false, 0, false));

    // If it was for TLS, then Subject Alternative Names and
    // Extended (Enhanced) Key Usages would also be useful.

    DateTimeOffset start = DateTimeOffset.UtcNow;

    cert = request.CreateSelfSigned(notBefore: start, notAfter: start.AddMonths(3));
}

// If you want to save a PFX or something, you can do so now.
于 2018-12-19T16:51:20.877 回答