本文整理自网络,侵删。
1,需要访问的东西是USBKey,里面有2张证书,分别是签名和加密证书。2,通过https方式上传xml,上传之前必须先给xml签名,xml的签名必须通过数字证书的私钥签名。3,私钥的访问通过capicom.dll。这是微软提供的一个com组件。4,js、delph、c#都可以访问私钥。1,因为是com组件,需要先在本机注册,有32和64区别,32和64必须放在各自系统目录对应的地方。2,注册Regsvr32 capicom.dll3,学习的重点,搞懂com提供的对象,并搞懂有哪些方法。JavaScript方式
1,创建对象。var MyStore = new ActiveXObject("CAPICOM.Store");2,调用Open方法参数1参数2 storeName = "My"参数3MyStore.Open(CAPICOM_CURRENT_USER_STORE, storeName, CAPICOM_STORE_OPEN_READ_WRITE);3,遍历MyStore.Certificatesfor ( i = 1; i <= MyStore.Certificates.count; i++) { var str = "cert: " + MyStore.Certificates(i).subjectName + " SHA: " + MyStore.Certificates(i).thumbprint; 。。。。。}4,open完毕,如果有多个证书,可以下面调用,select会返回选中的证书,想拿到证书,必须下面2行代码一起写。var xx = MyStore.Certificates.select();Certificate = xx(1);
加密1,创建CAPICOM.EnvelopedData对象var EnvelopedData = new ActiveXObject("CAPICOM.EnvelopedData");2,指定算法,CALG_3DES,CALG_DES,CALG_RC4EnvelopedData.Algorithm.Name = xx;3,指定加密内容EnvelopedData.Content = frm.srcText.value;4,指定加密证书EnvelopedData.Recipients.Add(Certificate);5,调用方法加密frm.desEnvText.value = EnvelopedData.Encrypt(CAPICOM_ENCODE_BASE64);
解密1,解密和加密一致,采用统一对象var DevelopedData = new ActiveXObject("CAPICOM.EnvelopedData");2,添加解密证书,加密和解密证书必须是同一个DevelopedData.Recipients.Add(Certificate);3,调用解密方法,参数是需要解密的文本。DevelopedData.Decrypt(frm.desEnvText.value);4,解密成功之后的内容,在Content返回frm.unEnvText.value = DevelopedData.Content;Delphi方式获取证书
1,先了解delphi是如何调用Com组件。然后手工生成CAPICOM_TLB单元,操作USBKey就是调用单元提供的类和接口。2,delphi提供的类和js提供的类一致,方法名也一致, 参数也一致。也就是JS能访问的方法delphi都能访问。证书遍历
var dllHandle: THandle; EnData: TStore; i: integer; KeyUsage: IKeyUsage; cert: ICertificate; cert2: ICertificate2;begin dllHandle:= LoadLibrary(LPCTSTR('capicom.dll')); try EnData := TStore.Create(nil); EnData.Open(CAPICOM_CURRENT_USER_STORE,'My',CAPICOM_STORE_OPEN_READ_ONLY); for i:=1 to EnData.Certificates.Count-1 do begin cert := IInterface(EnData.Certificates.item[i]) as ICertificate; ShowMessage(cert.SubjectName ); cert2 := IInterface(EnData.Certificates.item[i]) as ICertificate2; ShowMessage(cert2.PrivateKey.ContainerName);// ShowMessage(EnData.Certificates.Item[i].subjectname+#13// + EnData.Certificates.Item[i].SerialNumber + #13// +VarToStr(EnData.Certificates.Item[i].Version)+#13// +EnData.Certificates.Item[i].IssuerName+#13// + DateTimeToStr(EnData.Certificates.Item[i].ValidFromDate) + #13// + DateTimeToStr(EnData.Certificates.Item[i].ValidToDate) + #13// );// EnData.Certificates.Item[i].display;// EnData.Certificates.Item[i].KeyUsage.IsCritical;
if EnData.Certificates.Item[i].HasPrivateKey then begin// ShowMessage('有私钥'); end; end; finally EnData.Free; FreeLibrary(dllHandle); end; if CoInitialize(nil)=S_FALSE then CoUnInitialize;end;加密
var dllHandle: THandle; EnData: TEncryptedData; i: integer; KeyUsage: IKeyUsage;begin dllHandle:= LoadLibrary(LPCTSTR('capicom.dll')); try Memo1.Lines.Clear; EnData := TEncryptedData.Create(nil); EnData.Algorithm.Name:= CAPICOM_ENCRYPTION_ALGORITHM_3DES; EnData.Algorithm.KeyLength:= CAPICOM_ENCRYPTION_KEY_LENGTH_MAXIMUM; EnData.SetSecret('Something Secret',CAPICOM_SECRET_PASSWORD); EnData.Content:= Edit1.Text; Memo1.Lines.Add(EnData.Encrypt(CAPICOM_ENCODE_BASE64)); finally EnData.Free; FreeLibrary(dllHandle); end; if CoInitialize(nil)=S_FALSE then CoUnInitialize;end;判断签名证书、加密证书
var vStore: TStore; iCnt: Integer; IBaseIntf: IInterface; ICert2Dsp: ICertificate2Disp;begin if ICert2 = nil then begin vStore := TStore.Create(nil); vStore.Open(CAPICOM_CURRENT_USER_STORE, 'My', CAPICOM_STORE_OPEN_READ_ONLY); for iCnt := 1 to vStore.Certificates.Count do begin IBaseIntf := vStore.Certificates.Item[iCnt]; try if IBaseIntf.QueryInterface(ICertificate2Disp, ICert2Dsp) = 0 then begin //确认硬件是否连接 if ICert2Dsp.HasPrivateKey then begin //确认是否为指定CSP提供商 if (ICert2Dsp.PrivateKey.KeySpec = CAPICOM_KEY_SPEC_SIGNATURE ) then begin ShowMessage('one'); IBaseIntf.QueryInterface(IID_ICertificate2, ICert2);// IBaseIntf.QueryInterface(IID_ICertificate, ICert); FPublicKey := ICert2Dsp.publickey.EncodedKey.Format(True); FPKLength := ICert2Dsp.publickey.Length; FAlgType := ICert2Dsp.publickey.Algorithm.FriendlyName; end; end; end; except //某些不支持CAPICOM的,会出现异常 ICert2 := nil; end; end; end;end;因为delphi7没提供直接签名xml的工具类,需要手工拼接xml,xml的签名可以选择c#,c#访问USBKey的方式和delphi一样。
相关阅读 >>
Delphi获取其他进程中listbox和combobox的内容
Delphi通过spcomm com口发短信包括pud编码解码
更多相关阅读请进入《Delphi》频道 >>