如何编码在密钥容器中存储加密密钥？ [英] How do you code storing a encryption key in a key container?

问题描述

我无法找到如何使用C＃在密钥容器中存储加密密钥的明确示例。我可以生成自己的密钥并使用它们来加密和解密数据。现在我想知道两件事：



1.将Microsoft密钥容器视为保护加密密钥的合理安全方法是否现实？



2.任何人都可以提供一个简单的C＃代码示例来说明如何执行此操作吗？我目前正在使用带有对称AES加密方法的RijndaelManaged加密器。

I have not been able to find a clear example of how to store an encryption key in a key container using C#. I can generate my own keys and use them to encrypt and decrypt data. Now I am wondering two things:

1. Is it realistic to consider the Microsoft key containers as a reasonably secure method of protecting encryption keys?

2. Can anyone provide a simple C# code sample showing how to do this? I am currently using the RijndaelManaged encryptor with a symmetric AES encryption method.

推荐答案

我仍然认为你在考虑实施过多，而不是考虑到你的确切安全性需要，但也许我错了，所以我会尝试为你正在寻找的解决方案提供一些建议:)：



我的理解是你不能将关键容器中的对称密钥存储起来，虽然我对此并不是100％肯定。



查看 AesCryptoServiceProvider [ ^ ]，构造函数不接受 RSACryptoServiceProvider [ ^ ]提供允许它使用密钥容器。我很乐意听到。



因此，如果您真的想要使用密钥容器，可能是最好的方法，就是生成pub / priv密钥对并将其存储在用户密钥库中使用各种 CspParameters [ ^ ]。然后，您的应用可以生成或接受用户输入AES密钥。然后，您可以使用AES密钥加密需要加密的数据，并使用存储密钥对中的pub密钥加密AES密钥。当您需要解密时，您解密AES密钥，然后解密您的数据。或者，如果您有少量数据，则可以完全跳过AES加密并使用RSA加密。



尝试这个 [ ^ ]对于初学者

I still think you are thinking too much about the implementation rather than thinking about exactly what security you need, but maybe I'm wrong, so I'll try and provide some suggestions for the solution you are looking for :) :

My understanding is that you cannot store symmetric keys in key containers, although I am not 100% sure of this.

Looking at AesCryptoServiceProvider[^], the constructor doesn't take the parameters that RSACryptoServiceProvider[^] provides, to allow it to use key containers. I would love to hear otherwise.

So if you really want to use key containers, probably the best way to do it, is to generate a pub/priv key pair and store it in a user keystore using various CspParameters[^]. Your app can then generate, or accept a user input AES key. Your data that needs encrypting can then be encrypted with the AES key and the AES key encrypted with the pub key from your stored key pair. When you need to decrypt, you decrypt your AES key, then decrypt your data. Alternatively, if you have a small amount of data, you could skip the AES encryption entirely and use RSA encryption.

Try this[^] for starters

我有一些客户端需要将密钥保存在密钥容器中，我已经生成了密钥，我想将它存储在密钥容器中。是否可以这样做？



我使用AES算法加密和解密数据。请按照以下代码。

I have some client requirement to save the key in key container, I have already generated key and I want to store it in the key container. Is it possible to do it?

I am using AES algorithm to encrypt and decrypt data.Please follow the below code.

public string Encrypt_AES(string clearText)
        {
            string text = System.IO.File.ReadAllText("D:\\ITC\\Symmetric Key\\Key.txt");
            string EncryptionKey = text;
            byte[] clearBytes = Encoding.Unicode.GetBytes(clearText);
            using (Aes encryptor = Aes.Create())
            {
                Rfc2898DeriveBytes pdb = new Rfc2898DeriveBytes(EncryptionKey, new byte[] { 0x49, 0x76, 0x61, 0x6e, 0x20, 0x4d, 0x65, 0x64, 0x76, 0x65, 0x64, 0x65, 0x76 });
                encryptor.Key = pdb.GetBytes(32);
                encryptor.IV = pdb.GetBytes(16);
                using (MemoryStream ms = new MemoryStream())
                {
                    using (CryptoStream cs = new CryptoStream(ms, encryptor.CreateEncryptor(), CryptoStreamMode.Write))
                    {
                        cs.Write(clearBytes, 0, clearBytes.Length);
                        cs.Close();
                    }
                    clearText = Convert.ToBase64String(ms.ToArray());
                }
            }
            return clearText;
        }
        public string Decrypt_AES(string cipherText)
        {
            string text = System.IO.File.ReadAllText("D:\\ITC\\Symmetric Key\\Key.txt");
            string EncryptionKey = text;
            byte[] cipherBytes = Convert.FromBase64String(cipherText);
            using (Aes encryptor = Aes.Create())
            {
                Rfc2898DeriveBytes pdb = new Rfc2898DeriveBytes(EncryptionKey, new byte[] { 0x49, 0x76, 0x61, 0x6e, 0x20, 0x4d, 0x65, 0x64, 0x76, 0x65, 0x64, 0x65, 0x76 });
                encryptor.Key = pdb.GetBytes(32);
                encryptor.IV = pdb.GetBytes(16);
                using (MemoryStream ms = new MemoryStream())
                {
                    using (CryptoStream cs = new CryptoStream(ms, encryptor.CreateDecryptor(), CryptoStreamMode.Write))
                    {
                        cs.Write(cipherBytes, 0, cipherBytes.Length);
                        cs.Close();
                    }
                    cipherText = Encoding.Unicode.GetString(ms.ToArray());
                }
            }
            return cipherText;
        }
        #endregion

谢谢Bhanu Raja。这几乎与我现在实施的相同，但我感谢您尝试回答这个问题。

Thanks Bhanu Raja. That is almost identical to what I have implemented now, but I appreciate your attempt to answer the question.

这篇关于如何编码在密钥容器中存储加密密钥？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！