使用RSACng和RsaParameter导入之前无法导出私钥 [英] Cannot Export PrivateKey Before Import Using RSACng and RsaParameter

问题描述

下一个单元测试导出一个私钥，并使用rsa实例将其保存在字节数组中，然后对 hi消息进行加密，在这里一切都很好，但是当它成为rsa2实例并在RSAParameter中导入先前的私钥时，就会出现问题，则可以在导入私钥后对消息进行解密，但是当您尝试导出rsa2的私钥时会引发异常。

the next unit test export a privatekey and save it in bytes arrays using the rsa instance then encrypt the "hi" message, all is fine here, but the problem occur when It make rsa2 instance and import the previous privatekey in RSAParameter, then message can be decrypt after import privatekey, but It throw exception when you try to export privatekey of rsa2.

请告诉我为什么它不能提取导入的私钥键

Please could you tell me why It can't extract Imported Private key

    [TestMethod]
    public void TestRsa()
    {
        var rsa = new RSACng(2048);
        ///Export private key to arrays
        var rsaParam = rsa.ExportParameters(true);
        byte[] yQ = new byte[rsaParam.Q.Length];
        byte[] yP = new byte[rsaParam.P.Length];

        byte[] yInverseQ = new byte[rsaParam.InverseQ.Length];
        byte[] yDP = new byte[rsaParam.DP.Length];
        byte[] yDQ = new byte[rsaParam.DQ.Length];

        //Public Part Key
        byte[] yPm = new byte[rsaParam.Modulus.Length];
        byte[] yPe = new byte[rsaParam.Exponent.Length];
        byte[] yD = new byte[rsaParam.D.Length];

        rsaParam.Q.CopyTo(yQ, 0);
        rsaParam.P.CopyTo(yP, 0);
        rsaParam.InverseQ.CopyTo(yInverseQ, 0);
        rsaParam.DP.CopyTo(yDP, 0);
        rsaParam.DQ.CopyTo(yDQ, 0);
        rsaParam.Modulus.CopyTo(yPm, 0);
        rsaParam.Exponent.CopyTo(yPe, 0);
        rsaParam.D.CopyTo(yD, 0);

        var encrypt = rsa.Encrypt(Encoding.UTF8.GetBytes("hi"), RSAEncryptionPadding.Pkcs1);

        ///Importing private key in another instance of RSACng
        var rsa2 = new RSACng(2048);
        RSAParameters rsaParameters = new RSAParameters()
        {
            Q = yQ,
            P = yP,
            InverseQ = yInverseQ,
            DP = yDP,
            D = yD,
            DQ = yDQ,
            Exponent = yPe,
            Modulus = yPm
        };
        rsa2.ImportParameters(rsaParameters);
        var decryptData = rsa2.Decrypt(encrypt, RSAEncryptionPadding.Pkcs1);
        Assert.AreEqual(Encoding.UTF8.GetString(decryptData), "hi");

        rsa2.ExportParameters(true);///How can I prevent exception here
  }

谢谢！

推荐答案

在.NET Core中，当以下情况时，RSACng对象应处于可导出状态：您可以使用ImportParameters，在.NET Framework 4.7.2中也应如此。

In .NET Core the RSACng object should be in an exportable state when you use ImportParameters, and it should be the case in .NET Framework 4.7.2 as well.

只要更改导出策略，就可以进入可导出状态在使用密钥之前（尝试调用导出或执行签名/解密/加密/验证操作）。例如，此方法有效：

You can put into an exportable state as long as you change the export policy before using the key (by trying to call Export or doing a sign/decrypt/encrypt/verify operation). For example, this works:

using (RSA rsa1 = new RSACng(2048))
using (RSACng rsa2 = new RSACng())
{
    rsa2.ImportParameters(rsa1.ExportParameters(true));

    rsa2.Key.SetProperty(
        new CngProperty(
            "Export Policy",
            BitConverter.GetBytes((int)CngExportPolicies.AllowPlaintextExport),
            CngPropertyOptions.Persist));

    RSAParameters params2 = rsa2.ExportParameters(true);
    Console.WriteLine(params2.D.Length);
}

使用 NCRYPT_EXPORT_POLICY_PROPERTY 在 https：// msdn .microsoft.com / en-us / library / windows / desktop / aa376242（v = vs.85）.aspx 。

这篇关于使用RSACng和RsaParameter导入之前无法导出私钥的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！