Sie befinden sich hier: start » hr » Interna dokumentacija » WvdS Kripto-biblioteka » 5. API-Referenca » X509Certificates prostor imena » CertificateRevocationListExtensions klasa

Inhaltsverzeichnis

CertificateRevocationListExtensions klasa

Extension metode za CertificateRevocationListBuilder s post-kvantnom podrškom.

Definicija

namespace WvdS.System.Security.Cryptography.X509Certificates;
 
public static class CertificateRevocationListExtensions

Metode

Metoda Opis
Build Kreira potpisanu CRL s PQ podrškom
VerifySignature Verificira CRL potpis

Kreiranje CRL-a

Hibridni način rada (preporučeno): 

// Učitavanje CA certifikata
var caCert = new X509Certificate2("ca.pfx", "password");
 
// Kreiranje CRL-a
var builder = new CertificateRevocationListBuilder();
builder.AddEntry(revokedCertificate.SerialNumberBytes.ToArray());
 
// Izgradnja CRL-a s hibridnim potpisom
byte[] crlData = builder.Build(
    caCert,
    crlNumber: BigInteger.One,
    nextUpdate: DateTimeOffset.UtcNow.AddDays(7),
    HashAlgorithmName.SHA256,
    CryptoMode.Hybrid);

Verifikacija CRL potpisa

byte[] crlData = File.ReadAllBytes("ca.crl");
var caCert = new X509Certificate2("ca.cer");
 
bool isValid = CertificateRevocationListExtensions.VerifySignature(
    crlData,
    caCert,
    CryptoMode.Hybrid);

Razlozi opoziva

CrlReason Vrijednost Opis
Unspecified 0 Bez specifičnog razloga
KeyCompromise 1 Privatni ključ kompromitiran
CaCompromise 2 CA ključ kompromitiran
Superseded 4 Zamijenjeno novim certifikatom
CessationOfOperation 5 Prestanak rada

Usklađenost

  • RFC 52801) - X.509 PKI CRL profil
  • NIST FIPS 2042) - ML-DSA

Vidi također

Wolfgang van der Stille @ EMSR DATA d.o.o. - Post-Quantum Cryptography Professional

, , ,
1)
IETF RFC 5280: https://www.rfc-editor.org/rfc/rfc5280
2)
NIST FIPS 204: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.204.pdf
Zuletzt geändert: 29.01.2026. u 23:21

Seiten-Werkzeuge