我想让OpenSSL.net 1)创建一个密钥对用于CA签名和2)使用此CA创建和签署证书。我设法创建了RSA/SHA1 X509CertificateAuthority,并创建了X509Request和密钥,但是我遇到了实际签名请求的问题。使用OpenSSL.net签署证书的问题
'create the request and request key
Dim rsa As OpenSSL.Crypto.RSA = New OpenSSL.Crypto.RSA()
rsa.GenerateKeys(1024, 65569, Nothing, Nothing)
Dim req_key As OpenSSL.Crypto.CryptoKey = New OpenSSL.Crypto.CryptoKey(rsa)
Dim req_key_b As OpenSSL.Core.BIO = OpenSSL.Core.BIO.MemoryBuffer
req_key_b.Write(req_key.GetRSA.PrivateKeyAsPEM)
WriteBio(req_key_b, IO.Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "req.key"))
'make the request
Dim req As OpenSSL.X509.X509Request = New OpenSSL.X509.X509Request(3, "CN=newcert", req_key)
Dim req_cert As OpenSSL.X509.X509Certificate = ca.ProcessRequest(req, Now, Now.AddDays(365))
'** ^^^ Exception on this line ^^^ ***
Dim req_cert_b As OpenSSL.Core.BIO = OpenSSL.Core.BIO.MemoryBuffer
req_cert.Write(req_cert_b)
WriteBio(req_cert_b, IO.Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "req.crt"))
我正在上线的OpenSslException上面提到的,与消息
error:0606B06E:digital envelope routines:EVP_SignFinal:wrong public key type error:0D0C3006:asn1 encoding routines:ASN1_item_sign:EVP lib
任何想法?
我最终放弃了openSSL并改用了BouncyCastle。更好的文档 – insertjokehere