Sie befinden sich hier: start » en » Internal Documentation » WvdS Crypto Library » 5. API Reference » X509Certificates Namespace » CertificateRevocationListExtensions Class

Inhaltsverzeichnis

CertificateRevocationListExtensions Class

Extension methods for CertificateRevocationListBuilder with post-quantum support.

Definition

namespace WvdS.System.Security.Cryptography.X509Certificates;
 
public static class CertificateRevocationListExtensions

Methods

Method Description
Build Creates a signed CRL with PQ support
VerifySignature Verifies the CRL signature

Create CRL

Hybrid mode (recommended): 

// Load CA certificate
var caCert = new X509Certificate2("ca.pfx", "password");
 
// Create CRL
var builder = new CertificateRevocationListBuilder();
builder.AddEntry(revokedCertificate.SerialNumberBytes.ToArray());
 
// Build CRL with hybrid signature
byte[] crlData = builder.Build(
    caCert,
    crlNumber: BigInteger.One,
    nextUpdate: DateTimeOffset.UtcNow.AddDays(7),
    HashAlgorithmName.SHA256,
    CryptoMode.Hybrid);

Verify CRL Signature

byte[] crlData = File.ReadAllBytes("ca.crl");
var caCert = new X509Certificate2("ca.cer");
 
bool isValid = CertificateRevocationListExtensions.VerifySignature(
    crlData,
    caCert,
    CryptoMode.Hybrid);

Revocation Reasons

CrlReason Value Description
Unspecified 0 No specific reason
KeyCompromise 1 Private key compromised
CaCompromise 2 CA key compromised
Superseded 4 Replaced by new certificate
CessationOfOperation 5 Operations ceased

Compliance

  • RFC 52801) - X.509 PKI CRL Profile
  • NIST FIPS 2042) - ML-DSA

See Also

Wolfgang van der Stille @ EMSR DATA d.o.o. - Post-Quantum Cryptography Professional

, ,
1)
IETF RFC 5280: https://www.rfc-editor.org/rfc/rfc5280
2)
NIST FIPS 204: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.204.pdf
Zuletzt geändert: on 2026/01/29 at 11:19 PM

Seiten-Werkzeuge