【问题标题】:Bouncy Castle valid OID for Ed25519 key pair to generate X509CertificateBouncy Castle valid OID for Ed25519 key pair to generate X509Certificate
【发布时间】:2022-12-28 14:11:06
【问题描述】:

我正在使用 BouncyCastle 库生成 x509Certificate,我能够成功生成基于 RSA 密钥对的证书,但无法使用基于 Ed25519 密钥对的证书生成。

签名算法的字符串值 SHA256WithEd25519 似乎不是 BouncyCastle 中的有效 OID。

    public static X509Certificate GenerateCertificate(string subject, bool isNotRSA)
    {
        X509V3CertificateGenerator x509V3CertificateGenerator = new X509V3CertificateGenerator();

        X509Name x509Name = new X509Name(subject);
        BigInteger bigInteger = BigInteger.ProbablePrime(120, new Random());
        x509V3CertificateGenerator.SetSerialNumber(bigInteger);
        x509V3CertificateGenerator.SetSubjectDN(x509Name);
        x509V3CertificateGenerator.SetIssuerDN(x509Name);
        x509V3CertificateGenerator.SetNotAfter(DateTime.UtcNow.AddMonths(10));
        x509V3CertificateGenerator.SetNotBefore(DateTime.UtcNow);

        AsymmetricCipherKeyPair asymmetricCipherKeyPair = null;
        string signatureAlgorithm = string.Empty;
        if (isNotRSA)
        {
            Ed25519KeyPairGenerator ed25519KeyPairGenerator = new Ed25519KeyPairGenerator();
            ed25519KeyPairGenerator.Init(new Ed25519KeyGenerationParameters(new SecureRandom()));
            asymmetricCipherKeyPair = ed25519KeyPairGenerator.GenerateKeyPair();
            signatureAlgorithm = "SHA256WithEd25519";
        }
        else
        {
            RsaKeyPairGenerator rsaKeyPairGenerator = new RsaKeyPairGenerator();
            rsaKeyPairGenerator.Init(new KeyGenerationParameters(new SecureRandom(new CryptoApiRandomGenerator()), 2048));
            asymmetricCipherKeyPair = rsaKeyPairGenerator.GenerateKeyPair();
            signatureAlgorithm = "SHA256WithRSA";
        }

        x509V3CertificateGenerator.SetPublicKey(asymmetricCipherKeyPair.Public);

        ISignatureFactory signatureFactory = new Asn1SignatureFactory(signatureAlgorithm, asymmetricCipherKeyPair.Private, new SecureRandom(new CryptoApiRandomGenerator()));

        X509Certificate x509Certificate = x509V3CertificateGenerator.Generate(signatureFactory);

        return x509Certificate;
    }

BouncyCastle 库中 Ed25519 密钥对的有效 OID 是什么?

【问题讨论】:

    标签: bouncycastle ed25519


    【解决方案1】:

    我正在研究基于类似的代码,发现使用“Ed25519”作为签名算法通过了签名行,但未能让 BouncyCastle 库生成 X.509 证书。它抱怨:不支持的公钥类型与 OID '1.3.101.112'

    只是为了给遇到同样问题的人提供指导。

    【讨论】:

      猜你喜欢
      • 2019-05-24
      • 2013-12-15
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 2021-07-20
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      相关资源
      最近更新 更多