使用Azure Key Vault RSA密钥加密和解密字符串 [英] Using Azure Key Vault RSA Key to encrypt and decrypt strings

问题描述

我已设置Azure密钥保管库以检索RSA密钥以进行加密.Azure向我发送了一个KeyBundle类型的对象.此对象包含类型为 RSA大小为的RSA JsonWebKey.看我的RSA密钥，它有2种方法，分别称为 Encrypt(byte []数据，RSAEncryptionPadding填充)和 Decrypt(byte []数据，RSAEncryptionPadding填充).现在，我试图像这样加密和解密一个简单的字符串:

I have setup Azure Key Vault to retrieve RSA Keys for encryption. Azure send me an object of type KeyBundle. This object contains a JsonWebKey of type RSA of size 2048. Looking at my RSA Key, it has 2 methods called Encrypt(byte[] data, RSAEncryptionPadding padding) and Decrypt(byte[] data, RSAEncryptionPadding padding). Now I am trying to encrypt and decrypt a simple string like this:

public EncryptionManager(KeyBundle encryptionKey)
{
    string test = "Hello World!";
    var key = encryptionKey.Key.ToRSA();
    var encryptedString = key.Encrypt(Encoding.UTF8.GetBytes(test), RSAEncryptionPadding.OaepSHA256);
    var decryptedString = key.Decrypt(encryptedString, RSAEncryptionPadding.OaepSHA256);
}

加密有效，但是解密会引发异常消息:

Encryption works, but decryption throws an exception with message:

键不存在.

这是StackTrace

Here is the StackTrace

在System.Security.Cryptography.RSAImplementation.RSACng.EncryptOrDecrypt(SafeNCryptKeyHandle键，ReadOnlySpan`1输入，AsymmetricPaddingMode paddingMode，Void *paddingInfo，布尔加密)System.Security.Cryptography.RSAImplementation.RSACng.EncryptOrDecrypt(Byte []数据，RSAEncryptionPadding填充，布尔加密)System.Security.Cryptography.RSAImplementation.RSACng.Decrypt(Byte []数据，RSAEncryptionPadding填充)位于NxtUtils.Security.EncryptionManager..ctor(KeyBundle encryptionKey)在C:\ Repos \ Enigma \ EnigmaPrototype \ SharedLibaries \ NxtUtils \ Security \ EncryptionManager.cs:line26

at System.Security.Cryptography.RSAImplementation.RSACng.EncryptOrDecrypt(SafeNCryptKeyHandle key, ReadOnlySpan`1 input, AsymmetricPaddingMode paddingMode, Void* paddingInfo, Boolean encrypt) at System.Security.Cryptography.RSAImplementation.RSACng.EncryptOrDecrypt(Byte[] data, RSAEncryptionPadding padding, Boolean encrypt) at System.Security.Cryptography.RSAImplementation.RSACng.Decrypt(Byte[] data, RSAEncryptionPadding padding) at NxtUtils.Security.EncryptionManager..ctor(KeyBundle encryptionKey) in C:\Repos\Enigma\EnigmaPrototype\SharedLibaries\NxtUtils\Security\EncryptionManager.cs:line 26

我真的不熟悉加密算法.我的问题是:如何使用Azure提供的RSA密钥对简单的strig进行加密和解密?

I am really not familiar with cryptographic algorithms. My question is: How can I encrypt and decrypt a simple strig using this RSA Key provided by Azure?

谢谢！

推荐答案

我遇到了同样的问题，尽管我从互联网上搜索并从Microsoft文档中得到了此信息

I got the same issue, what I did is here although I searched from internet and got this from the Microsoft docs

这是我下面的工作代码

public static class KeyVaultEncryptorDecryptor
{
    public static string KeyDecryptText(this string textToDecrypt , KeyVaultClient keyVaultClient, string keyidentifier)
    {
        var kv = keyVaultClient;
        try
        {
            var key = kv.GetKeyAsync(keyidentifier).Result;
            var publicKey = Convert.ToBase64String(key.Key.N);
            using var rsa = new RSACryptoServiceProvider();
            var p = new RSAParameters() {
                Modulus = key.Key.N, Exponent = key.Key.E
            };
            rsa.ImportParameters(p);
            var encryptedTextNew = Convert.FromBase64String(textToDecrypt);
            var decryptedData = kv.DecryptAsync(key.KeyIdentifier.Identifier.ToString(), JsonWebKeyEncryptionAlgorithm.RSAOAEP, encryptedTextNew).GetAwaiter().GetResult();
            var decryptedText = Encoding.Unicode.GetString(decryptedData.Result);
            return decryptedText;
        }
        catch (Exception ex)
        {
            Console.WriteLine(ex);
            return default;
        }
    }

    public static string KeyEncryptText(this string textToEncrypt , KeyVaultClient keyVaultClient, string keyidentifier)
    {
        var kv = keyVaultClient;
        try
        {
            var key = kv.GetKeyAsync(keyidentifier).GetAwaiter().GetResult();
            var publicKey = Convert.ToBase64String(key.Key.N);
            using var rsa = new RSACryptoServiceProvider();
            var p = new RSAParameters() {
                Modulus = key.Key.N, Exponent = key.Key.E
            };
            rsa.ImportParameters(p);
            var byteData = Encoding.Unicode.GetBytes(textToEncrypt);
            var encryptedText = rsa.Encrypt(byteData, true);
            string encText = Convert.ToBase64String(encryptedText);
            return encText;
        }
        catch (Exception ex)
        {
            Console.WriteLine(ex);
            return default;
        }
    }

}

这篇关于使用Azure Key Vault RSA密钥加密和解密字符串的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！