RSACryptoServiceProvider已经存在对象 [英] Object already exists with RSACryptoServiceProvider

问题描述

在头上撞墙半天后，我终于弄清楚了为什么我得到一个例外对象已经存在".尝试实例化RSACryptoServiceProvider时.

After beating my head against the wall for half a day I finally figured out why I am getting an exception "Object already exists." when trying to instantiated an RSACryptoServiceProvider.

这是我来自.NET 1.1的C#代码，在我的ASPNET Windows用户帐户下可以正常工作:

Here was my C# code from .NET 1.1 which worked fine under my ASPNET windows user account:

CspParameters csp = 新 CspParameters ();

CspParameters csp = new CspParameters();

csp.KeyContainerName = " MySecretKeyContainer" ;

csp.KeyContainerName = "MySecretKeyContainer";

svrRSA = 新 RSACryptoServiceProvider (csp);

svrRSA = new RSACryptoServiceProvider(csp);

当我也在ASPNet Windows用户帐户下在.NET 2.0中运行相同的代码时.

When I ran this same code in .NET 2.0 also under my ASPNet windows user account.

我得到了以下异常和堆栈跟踪:

I got the following exception and stack trace:

对象已存在.

堆栈跟踪:
在System.Security.Cryptography.CryptographicException.ThrowCryptogaphicException(Int32 hr)
在System.Security.Cryptography.Utils._CreateCSP(CspParameters param，Boolean randomKeyContainer，SafeProvHandle& hProv)在System.Security.Cryptography.Utils.CreateProvHandle(CspParameters参数，布尔randomKeyContainer)处
在System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType，CspParameters参数，布尔randomKeyContainer，Int32 dwKeyHandle在System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair()中的
RSACryptoServiceProvider..ctor(CspParameters参数)

Stack Trace:
   at System.Security.Cryptography.CryptographicException.ThrowCryptogaphicException(Int32 hr)
   at System.Security.Cryptography.Utils._CreateCSP(CspParameters param, Boolean randomKeyContainer, SafeProvHandle& hProv)
   at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer)
   at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle)
   at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair()
   at System.Security.Cryptography.RSACryptoServiceProvider..ctor(Int32 dwKeySize, CspParameters parameters, Boolean useDefaultKeySize)
   at System.Security.Cryptography.RSACryptoServiceProvider..ctor(CspParameters parameters)

事实证明，我通过将代码更改为以下内容来解决了该问题:

It turns out that I fixed the problem by changing the code to read as follows:

CspParameters csp = 新 CspParameters ();

CspParameters csp = new CspParameters();

csp.Flags = CspProviderFlags .UseMachineKeyStore;

csp.Flags = CspProviderFlags.UseMachineKeyStore;

csp.KeyContainerName = " ActivSvrV1" ;

csp.KeyContainerName = "ActivSvrV1";

svrRSA = 新 RSACryptoServiceProvider (csp);

svrRSA = new RSACryptoServiceProvider(csp);

是说我加了一行:

csp.Flags = CspProviderFlags.UseMachineKeyStore;

csp.Flags = CspProviderFlags.UseMachineKeyStore;

我假设在.NET 1.1和.NET 2.0之间，Microsoft将CspParameters的默认构造函数从默认的计算机密钥存储更改为不使用计算机密钥存储.

I would assume that between .NET 1.1 and .NET 2.0 Microsoft changed the default constructor for CspParameters from defaulting to the machine key store to not using the machine key store.

我的猜测是这样做是为了提高安全性.毕竟，我们不希望有人使用默认构造函数，前提是他们是唯一有权访问密钥存储区的用户，而实际上他们可能不是.

My guess is that this was done to improve security.  After all we wouldn't want someone to use the default constructor assuming they are the only user with access to the key store when in fact they may not be.

令人困惑的是，当我在具有管理员权限的Windows用户下运行相同的代码时，我得到一个例外:键集不存在

The confusing thing is that when I run the same code under a windows user with Administrator rights I get an exception:  Keyset does not exist

所以也许设置为机器密钥存储并不会真正造成安全问题.

So perhaps setting to machine key store doesn't really create a security issue.

我认为密钥库所存储的文件或reg位置可能不是按用户逐个密码保护的，而是可能受到NT权限的保护.

I'm thinking that perhaps the file or reg location that the key container is stored in isn't cryptographically protected on a user by user basis but may be protected with NT permissions.

Microsoft的任何人都可以提供答案吗，或者为什么CspParameters构造函数的默认行为已更改?

Could anyone from Microsoft provide an answer to this, or perhaps why the default behavior of the CspParameters contructor has changed?

推荐答案

我遇到了类似的问题，我在开发服务器中测试了一些文件，然后将文件移至iis目录，试图运行并得到对象已经存在的错误.处理密码的文件完全相同，我所做的只是更改目录，所以我认为问题不在于标志.尝试使用1.1中的Flags东西，然后尝试使用2.0中的相同代码，我认为它会再次失败.

您更改的另一件事，就是它使KeyContainerName起作用了，实际上，您创建了另一个对象.

I had a similar problem, I tested a few files in the development server thing, then moved the files to the iis directory, tried to run and got the object already exists error. The file that handled the cryptography was exactly the same, all I had done was change directory so I don't think the problem is the flags. Try it with the Flags thing in 1.1, then try the same code in 2.0 and I think it will fail again.

The other thing you changed, and I believe it's that that made it work, is the KeyContainerName, in effect you made another object.

这篇关于RSACryptoServiceProvider已经存在对象的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！