将PKCS#8加密密钥导入到RSACng? [英] Importing PKCS#8 encrypted key to RSACng?
问题描述
如果我已在PKCS#8中加密了RSA密钥,我可以以某种方式将其作为 CngKeyBlobFormat.Pkcs8PrivateBlob
RSACng >?还是此 CngKeyBlobFormat.Pkcs8PrivateBlob
仅显示 CngKey
,在导入期间必须从DER解码密钥才能获取密钥参数然后将它们导入到 RSACng
中,因此答案是否定的?
If I have encrypted RSA key in PKCS#8, can I somehow import it to RSACng
as CngKeyBlobFormat.Pkcs8PrivateBlob
? Or does this CngKeyBlobFormat.Pkcs8PrivateBlob
just shows the CngKey
that during import the key must be decoded from DER to get key parameters and then they are imported into RSACng
, thus the answer is no?
推荐答案
CNG知道如何解密加密的PKCS#8,但是您需要输入密码。由于.NET不会要求您输入密码(而且密码是通过属性以外的其他方式传递的),因此没有一个好的方法。
CNG understands how to decrypt encrypted PKCS#8, but you need to give it a password. Since .NET doesn't ask you for the password (and it gets passed via a manner other than the properties) there isn't a good way to do it.
您有很多选择:
- P /调用,因此您可以指定NCRYPTBUFFER_PKCS_SECRET值。
- 更改您的过程,以使您拥有未加密的PKCS#8。
- 等待将来版本的.NET Core,它将能够直接将PKCS#8,加密的PKCS#8和某些其他格式加载到RSA / DSA / ECDsa / ECDiffieHellman对象(该功能当前位于master分支中)。
- 找到可以为您解密的库。弹力城堡可能可以做到。
- P/Invoke so you can specify the NCRYPTBUFFER_PKCS_SECRET value.
- Change your process so that you have an unencrypted PKCS#8.
- Change your process so that you have a PFX/PKCS#12 instead of an encrypted PKCS#8 (and then change to reading it via X509Certificate2).
- Wait for a future version of .NET Core, which will have the ability to load a PKCS#8, encrypted PKCS#8, and some other formats, directly into the RSA/DSA/ECDsa/ECDiffieHellman objects (feature is currently in the master branch).
- Find a library which can decrypt it for you. Bouncy Castle can probably do it.
另请参见:在不使用BouncyCastle的情况下使用c#进行数字签名
这篇关于将PKCS#8加密密钥导入到RSACng?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!