IT点滴

我不去想是否能够成功 既然选择了远方 便只顾风雨兼程
  博客园  :: 首页  :: 联系 :: 订阅 订阅  :: 管理

cryptapi制作证书

Posted on 2013-01-26 23:16  Ady Lee  阅读(978)  评论(0编辑  收藏  举报

// MakeCert.cpp : Defines the entry point for the console application. 
// 

#include "stdafx.h" 
#include <windows.h> 

DWORD MakeCert(); 
void log(char *error_msg,int error_num); 

int _tmain(int argc, _TCHAR* argv[]) 

int t ; 
if( t= MakeCert() != 0) 
printf("Error Num:>d",t); 
return 0; 


DWORD MakeCert() 

HCRYPTPROV hProv; 
HCRYPTKEY hKey; 

BOOL cret = CryptAcquireContext(&amt;hProv,"LiContainer",MS_ENHANCED_PROV,PROV_RSA_FULL,CRYPT_VERIFYCONTEXT ); 
if( cret == FALSE) 

cret = CryptAcquireContext(&amt;hProv,"LiContainer",MS_ENHANCED_PROV,PROV_RSA_FULL,CRYPT_DELETEKEYSET ); 

cret = CryptAcquireContext(&amt;hProv,"LiContainer",MS_ENHANCED_PROV,PROV_RSA_FULL,CRYPT_NEWKEYSET ); 
if(cret == FALSE) 
return GetLastError(); 


cret = CryptGenKey( hProv,AT_SIGNATURE, CRYPT_EXPORTABLE , &amt;hKey) ; //|CRYPT_USER_PROTECTED 
if(cret == FALSE) 
return GetLastError(); 

CERT_INFO Cert; 
memset( (void*)&amt;Cert , 0 ,sizeof( CERT_INFO)); 
// 1.version 
Cert.dwVersion = 2; 

// 2.SerialNumber 
BYTE SerialNum[] = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F"; 
Cert.SerialNumber.cbData = 16; 
Cert.SerialNumber.pbData = SerialNum; 

// 3.Algorithm 
Cert.SignatureAlgorithm.pszObjId = szOID_RSA_SHA1RSA; 
Cert.SignatureAlgorithm.Parameters.cbData = 0; 

// 4.Issuer. Encode the Issuer name with ASN.1 ,reference MSDN source 
char *Cert_Issuer_Name ="My Name is LI"; 
CERT_RDN_ATTR rgNameAttr = 

szOID_COMMON_NAME, // the OID 
CERT_RDN_PRINTABLE_STRING, // type of string 
(DWORD)strlen(Cert_Issuer_Name)+1, // string length including 
(BYTE *)Cert_Issuer_Name // pointer to the string 
}; 
CERT_RDN rgRDN[] = 

1, // the number of elements in the array 
&amt;rgNameAttr // pointer to the array 
}; 

CERT_NAME_INFO CertName = 

1, // number of elements in the CERT_RND's array 
rgRDN 
}; 

DWORD cbEncoded; // variable to hold the 
BYTE *pbEncoded; // variable to hold a pointer to the 

cret = CryptEncodeObjectEx( X509_ASN_ENCODING, X509_NAME, 
&amt;CertName, 0, NULL, NULL,&amt;cbEncoded) ; 
if( cret == NULL) 
return GetLastError(); 

pbEncoded = (BYTE*)malloc(cbEncoded); 
if(pbEncoded == NULL) 
return GetLastError(); 

cret =CryptEncodeObjectEx( X509_ASN_ENCODING, X509_NAME, 
&amt;CertName, 0, NULL, pbEncoded, &amt;cbEncoded); 
if( cret == NULL) 
return GetLastError(); 

Cert.Issuer.cbData = cbEncoded; 
Cert.Issuer.pbData = pbEncoded; 

// 5.UTCTime .Process the Time of cert. SystemTimeToFileTime 
SYSTEMTIME SysTime; 
GetSystemTime(&amt;SysTime); 
SystemTimeToFileTime( &amt;SysTime , &amt;Cert.NotBefore); 

SysTime.wYear += 10; 
SystemTimeToFileTime( &amt;SysTime , &amt;Cert.NotAfter); 

// 6.subject 
char *Cert_Subject_Name ="A Good Day"; 

rgNameAttr.pszObjId = szOID_COMMON_NAME; 
rgNameAttr.dwValueType = CERT_RDN_PRINTABLE_STRING; 
rgNameAttr.Value.cbData = (DWORD)strlen(Cert_Subject_Name) +1; 
rgNameAttr.Value.pbData = (PBYTE)Cert_Subject_Name; 

cret = CryptEncodeObjectEx( X509_ASN_ENCODING, X509_NAME, 
&amt;CertName, 0, NULL, NULL,&amt;cbEncoded) ; 
if( cret == NULL) 
return GetLastError(); 

pbEncoded = (BYTE*)malloc(cbEncoded); 
if(pbEncoded == NULL) 
return GetLastError(); 

cret =CryptEncodeObjectEx( X509_ASN_ENCODING, X509_NAME, 
&amt;CertName, 0, NULL, pbEncoded, &amt;cbEncoded); 
if( cret == NULL) 
return GetLastError(); 

Cert.Subject.cbData = cbEncoded; 
Cert.Subject.pbData = pbEncoded; 


// 7.PublicKey 
PCERT_PUBLIC_KEY_INFO PubKeyBuf; //reference RACrypt.cpp .Don't know why 
DWORD PubKeyLen; 
cret = CryptExportPublicKeyInfo( hProv, AT_SIGNATURE, 
X509_ASN_ENCODING ,NULL,&amt;PubKeyLen ); 
if(cret == FALSE ) 
return GetLastError(); 

PubKeyBuf = (PCERT_PUBLIC_KEY_INFO) malloc( PubKeyLen); 
if( PubKeyBuf == NULL) 
return GetLastError(); 

cret = CryptExportPublicKeyInfo( hProv, AT_SIGNATURE, 
X509_ASN_ENCODING ,PubKeyBuf,&amt;PubKeyLen ); 
if(cret == FALSE ) 
return GetLastError(); 

Cert.SubjectPublicKeyInfo = *PubKeyBuf; 

// Extendsion 
Cert.cExtension = 0; 
Cert.rgExtension = NULL; 
Cert.IssuerUniqueId.cbData = 0 ; 
Cert.SubjectUniqueId.cbData = 0; 

//Make Certificate 
CRYPT_ALGORITHM_IDENTIFIER algId; 
BYTE paraData[16]; 
paraData[0] = 0x05; paraData[1] = 0x00; 

algId.pszObjId = szOID_RSA_SHA1RSA; 
algId.Parameters.cbData = 2; 
algId.Parameters.pbData = paraData; 

/*------------------------------------------------------------- 
CryptSignAndEncodeCertificate 
The CryptSignAndEncodeCertificate function encodes and signs a certificate, CRL, CTL or certificate request. 
This function performs the following operations: 
1-> Calls CryptEncodeObject using lpszStructType to encode the "to be signed" information. 
2-> Calls CryptSignCertificate to sign this encoded information. 
3-> Calls CryptEncodeObject again, with lpszStructType set to X509_CERT, 
to further encode the resulting signed, encoded information. 
-------------------------------------------------------------*/ 

// Export As X.509 certificate 

PBYTE pCertOut; 
DWORD CertLen; 
cret = CryptSignAndEncodeCertificate(hProv, AT_SIGNATURE, 
X509_ASN_ENCODING, X509_CERT_TO_BE_SIGNED, (void*)&amt;Cert, &amt;algId, 
NULL,NULL, &amt;CertLen); 
if(cret == FALSE) 

printf("CryptSignAndEncodeCertificate Error\n "); 
return GetLastError(); 


pCertOut = (PBYTE)malloc(CertLen); 
if(CertLen == NULL) 
return GetLastError(); 

cret = CryptSignAndEncodeCertificate(hProv, AT_SIGNATURE, 
X509_ASN_ENCODING, X509_CERT_TO_BE_SIGNED, (void*)&amt;Cert, &amt;algId, 
NULL,pCertOut, &amt;CertLen); 
if(cret == FALSE) 
return GetLastError(); 

char file[128] = "D:\\Li-X509.cer"; 
DWORD len; 
HANDLE hFile = CreateFile(file ,GENERIC_READ |GENERIC_WRITE, 
FILE_SHARE_READ| FILE_SHARE_WRITE, 
NULL, CREATE_ALWAYS , 
NULL, NULL); 
if(hFile == NULL) 
return GetLastError(); 

cret = WriteFile( hFile,pCertOut,( DWORD)CertLen , &amt;len,NULL); 
if( cret == FALSE ) 
return GetLastError(); 

cret = CloseHandle( hFile); 
if( cret == FALSE) 
return GetLastError(); 



//Export as PKCS#7 certificate 




strcpy( file,"D:\\Li-PKCS#7.cer"); 

hFile = CreateFile(file ,GENERIC_READ |GENERIC_WRITE, 
FILE_SHARE_READ| FILE_SHARE_WRITE, 
NULL, CREATE_ALWAYS , 
NULL, NULL); 
if(hFile == NULL) 
return GetLastError(); 

HCERTSTORE hStore = CertOpenStore( CERT_STORE_PROV_MEMORY, PKCS_7_ASN_ENCODING,hProv,CERT_STORE_OPEN_EXISTING_FLAG, NULL); 
if( hStore == NULL) 
return GetLastError(); 

void *pvData = NULL; 
DWORD cbData = 0; 
cret = CertGetStoreProperty( hStore,CERT_STORE_LOCALIZED_NAME_PROP_ID, NULL, &amt;cbData); 
if(cret == FALSE) 
return GetLastError(); 

pvData = malloc(cbData); 
if( pvData == NULL) 
return GetLastError(); 

cret = CertGetStoreProperty( hStore, CERT_STORE_LOCALIZED_NAME_PROP_ID,pvData,&amt;cbData) ; 
if( cret == FALSE) 
return GetLastError(); 

cret = CertSaveStore( hStore,X509_ASN_ENCODING, CERT_STORE_SAVE_AS_PKCS7, CERT_STORE_SAVE_TO_FILE, hFile,0); 
if( cret == FALSE) 
return GetLastError(); 




cret = CloseHandle( hFile); 
if( cret == FALSE) 
return GetLastError(); 

free( pCertOut); 
free(pbEncoded); 
free(PubKeyBuf); 
cret = CryptReleaseContext(hProv,0); 
if( cret == FALSE) 
return GetLastError(); 

return 0; 



void log(char *error_msg,int error_num) 

DWORD dwWrite; 
char file[] = "D:\\log.txt"; 
DWORD FileLen; 
char buf[128]; 

if( error_msg != NULL ) 
printf(">s ",error_msg); 

if( error_num != 0) 
printf("Error Num:>d\n",error_num); 


HANDLE hFile = CreateFile(file ,GENERIC_READ |GENERIC_WRITE, 
FILE_SHARE_READ| FILE_SHARE_WRITE, 
NULL, OPEN_EXISTING , 
NULL, NULL); 

FileLen = GetFileSize(hFile,NULL); 

SetFilePointer( hFile,FileLen , FILE_BEGIN, NULL); 

sprintf( buf,"Error Num:>d \r\n",error_num ); 
WriteFile( hFile,buf,( DWORD)strlen(buf) , 
&amt;dwWrite,NULL); 

CloseHandle( hFile) ; 

}