9

Is there any way to create .pfx files in order to sign documents, I've found a program called x509 Certificate Generate,but I want to know if it can be generated in code using c#.

PedroC88
  • 3,708
  • 7
  • 43
  • 77
user773456
  • 611
  • 2
  • 9
  • 14

6 Answers6

6

There is a Microsoft command-line tool makecert that can be used to generate certificates. It's part of the Windows SDK. On my machine there are half a dozen versions e.g. in C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\Bin\x64. Then in your code you can start a process to run the executable with the appropriate parameters.

David Clarke
  • 12,888
  • 9
  • 86
  • 116
3

You could check out the Bouncy Castle API, it can be used to generate certificates using C#.

Rohan West
  • 9,262
  • 3
  • 37
  • 64
1

First of all, signing documents with self-signed certificates makes no sense unless you have custom PKI hierarchy in your organization (and in the latter case you need to know well what you are doing, which seems to be not the case).

PFX is a container for one or more certificates with associated private keys. So you don't generate "PFX file". You generate a keypair and create a certificate, which can then be exported to PFX file or to other format.

As mentioned above, BouncyCastle can generate certificates, and our SecureBlackbox library also can generate certificates and save and load them to/from many different formats.

Eugene Mayevski 'Callback
  • 45,135
  • 8
  • 71
  • 121
  • It has a great sense if you are a developer and want to create and test some code that will work with .pfx file. – Gangnus Aug 12 '20 at 19:38
  • @Gangnus before commenting, please read the topic. The OP didn't want to test anything. He wants to sign documents for users (read the OP's comments to the question). Please, do read the answers in context of the question and not as some abstraction. – Eugene Mayevski 'Callback Aug 13 '20 at 13:21
0

You can make digital signature by using adobe reader

if you are using adobe x -then go to 3rd option from left -here you can see signing setting -open this and go to add id -just enter your details and your are done .pfx file is ready where ever you browsed it.... -it is valid for 6 years

abhijay
  • 9
  • 1
0

You can use OpenSSL.NET library for this.

Here is the code example how to do it:

    public X509Certificate2 GeneratePfxCertificate(string certificatePath, string privateKeyPath,
        string certificatePfxPath, string rootCertificatePath, string pkcs12Password)
    {
        string keyFileContent = File.ReadAllText(privateKeyPath);
        string certFileContent = File.ReadAllText(certificatePath);
        string rootCertFileContent = File.ReadAllText(rootCertificatePath);

        var certBio = new BIO(certFileContent);
        var rootCertBio = new BIO(rootCertFileContent);

        CryptoKey cryptoKey = CryptoKey.FromPrivateKey(keyFileContent, string.Empty);
        var certificate = new OpenSSL.X509.X509Certificate(certBio);
        var rootCertificate = new OpenSSL.X509.X509Certificate(rootCertBio);

        using (var certChain = new Stack<OpenSSL.X509.X509Certificate> { rootCertificate })
        using (var p12 = new PKCS12(pkcs12Password, cryptoKey, certificate, certChain))
        using (var pfxBio = BIO.MemoryBuffer())
        {
            p12.Write(pfxBio);
            var pfxFileByteArrayContent =
                pfxBio.ReadBytes((int)pfxBio.BytesPending).Array;

            File.WriteAllBytes(certificatePfxPath, pfxFileByteArrayContent);
        }

        return new X509Certificate2(certificatePfxPath, pkcs12Password);
    }
SvjMan
  • 589
  • 9
  • 18
0

If you read about makecert like @David Clarke's answer refers to, you will see to fulfill your requirement, you just need a managed makecert written in .NET.

Luckily the Mono guys have implemented this a long time ago,

https://github.com/mono/mono/blob/master/mcs/tools/security/makecert.cs

Lex Li
  • 60,503
  • 9
  • 116
  • 147