Created
October 13, 2021 16:54
-
-
Save wqweto/c8d38bce9a310b107f7ab8e317aad675 to your computer and use it in GitHub Desktop.
ECDSA server certificate signed by a ECDSA self-signed CA
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| D:\TEMP>openssl pkcs12 -info -in aaa.pfx | openssl.exe x509 -noout -text | |
| Enter Import Password: | |
| MAC: sha1, Iteration 2000 | |
| MAC length: 20, salt length: 20 | |
| PKCS7 Encrypted data: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2000 | |
| Certificate bag | |
| Certificate: | |
| Data: | |
| Version: 3 (0x2) | |
| Serial Number: 123 (0x7b) | |
| Signature Algorithm: ecdsa-with-SHA256 | |
| Issuer: CN = MyCA | |
| Validity | |
| Not Before: Oct 12 16:50:25 2021 GMT | |
| Not After : Jan 11 16:50:25 2022 GMT | |
| Subject: CN = MyServer | |
| Subject Public Key Info: | |
| Public Key Algorithm: id-ecPublicKey | |
| Public-Key: (256 bit) | |
| pub: | |
| 04:36:19:a5:f1:79:25:da:7d:dc:f5:42:34:ac:19: | |
| f3:00:90:37:d2:dc:42:3c:80:c5:90:dc:cb:3b:95: | |
| da:82:0b:d7:f8:7e:82:52:7e:22:c5:db:91:9b:bd: | |
| 50:6c:64:f9:cc:86:66:f9:c3:8f:76:5d:b7:fb:36: | |
| 51:ef:d6:56:4a | |
| ASN1 OID: prime256v1 | |
| NIST CURVE: P-256 | |
| X509v3 extensions: | |
| X509v3 Key Usage: | |
| Digital Signature, Data Encipherment | |
| X509v3 Subject Key Identifier: | |
| C1:83:41:4B:6F:C8:4A:06:43:E6:F4:46:8A:DA:EA:3C:FE:4A:E4:78 | |
| Signature Algorithm: ecdsa-with-SHA256 | |
| 30:43:02:1f:09:0e:53:66:5d:de:ba:4d:57:aa:e1:75:8e:9c: | |
| 86:48:4b:d5:b9:be:2e:f1:02:ff:4b:83:f4:ba:be:d6:ed:02: | |
| 20:4d:16:92:67:20:39:6e:9d:d0:3c:fd:cf:ca:0e:3b:e8:5f: | |
| f4:dc:30:54:db:47:90:f4:04:a2:2b:67:21:57:13 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.IO; | |
| using System.Security.Cryptography; | |
| using System.Security.Cryptography.X509Certificates; | |
| namespace ConsoleApp1 | |
| { | |
| class Program | |
| { | |
| static void Main(string[] args) | |
| { | |
| using (var parent = ECDsa.Create(ECCurve.NamedCurves.nistP256)) | |
| using (var srv = ECDsa.Create(ECCurve.NamedCurves.nistP256)) | |
| { | |
| CertificateRequest parentReq = new CertificateRequest("CN=MyCA", parent, HashAlgorithmName.SHA256); | |
| parentReq.CertificateExtensions.Add( | |
| new X509BasicConstraintsExtension(true, false, 0, true)); | |
| parentReq.CertificateExtensions.Add( | |
| new X509SubjectKeyIdentifierExtension(parentReq.PublicKey, false)); | |
| using (X509Certificate2 parentCert = parentReq.CreateSelfSigned( | |
| DateTimeOffset.UtcNow.AddDays(-45), | |
| DateTimeOffset.UtcNow.AddDays(365))) | |
| { | |
| CertificateRequest srvReq = new CertificateRequest( | |
| "CN=MyServer", | |
| srv, | |
| HashAlgorithmName.SHA256); | |
| srvReq.CertificateExtensions.Add( | |
| new X509KeyUsageExtension( | |
| X509KeyUsageFlags.DigitalSignature | X509KeyUsageFlags.DataEncipherment, | |
| false)); | |
| srvReq.CertificateExtensions.Add( | |
| new X509SubjectKeyIdentifierExtension(srvReq.PublicKey, false)); | |
| using (X509Certificate2 cert = srvReq.Create( | |
| parentCert, | |
| DateTimeOffset.UtcNow.AddDays(-1), | |
| DateTimeOffset.UtcNow.AddDays(90), | |
| new byte[] { 123 })) | |
| { | |
| File.WriteAllBytes(@"D:\TEMP\aaa.pfx", cert.Export(X509ContentType.Pfx)); | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment