CryptographicException:密钥在指定状态下无效 [英] CryptographicException: Key not valid for use in specified state

问题描述

我是 C# 的新手.我不明白为什么它会产生问题.

I am new to C#. I couldn't understand why it's creating issue.

            CspParameters cspParams = new CspParameters(24);
            cspParams.KeyContainerName = "XML_DISG_RSA_KEY";
            RSACryptoServiceProvider key = new RSACryptoServiceProvider(cspParams);

以下代码在我的本地设置中运行良好.但它不适用于客户端.

Below code is working fine in my local setup. But its not working in client.

他们得到了以下例外.

[CryptographicException:密钥在指定状态下无效.]

[CryptographicException: Key not valid for use in specified state. ]

   System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer) +4644432
   System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle) +69
   System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair() +92
   System.Security.Cryptography.RSACryptoServiceProvider..ctor(Int32 dwKeySize, CspParameters parameters, Boolean useDefaultKeySize) +173
   System.Security.Cryptography.RSACryptoServiceProvider..ctor(CspParameters parameters) +14

你能帮我吗.

推荐答案

我们遇到了相同的错误消息，其中包含与我们的一位客户类似的代码(无论是否指定 UseExistingKey 标志).他们经历了所有用户从旧域转移到新域的过程，并且似乎在大约之后遇到了这个错误.我们无法确定具体的原因，但我们怀疑更改密钥容器文件的所有权(或者它从仍在机器上的旧域中找到旧用户身份的匹配密钥容器文件)可能违反了安全性在 RSACryptoServiceProvider(或在加密 API 或底层非托管实现中).

We ran into this same error message with similar code (with or without specifying the UseExistingKey flag) with one of our customers. They had gone through a move of all of their users from an old domain to a new one, and seemed to run into this error approximately after that. We weren't able to identify a specific cause, but we suspect that changing the ownership of the key container file (or it finding the matching key container file for the older user identity from the old domain still on the machine) might have violated security in the RSACryptoServiceProvider (or in the crypto API or underlying non-managed implementation).

我们最终通过在另一台计算机上使用测试代码手动识别密钥容器文件名 (CspKeyContainerInfo.UniqueKeyContainerName)，然后删除导致错误的错误容器文件来解决该问题.您在 CspParameters 中指定的 KeyContainerName 每次都映射到相同的 32 位十六进制数字文件名前缀，文件名的其余部分(显然)特定于用户谁创造了它.容器文件存储在机器密钥存储中(如果指定了 UseMachineKeyStore 标志)或用户的漫游应用程序数据中的密钥存储中(通常为 C:\Users\userName\AppData\Roaming\Microsoft\加密\ ...).

We ultimately solved it by manually identifying the key container file name (CspKeyContainerInfo.UniqueKeyContainerName) using test code on another computer, and then deleting the bad container file that was causing the error. The KeyContainerName you specify in the CspParameters maps to the same 32-hexadecimal-digit filename prefix each time, with the rest of the file name (apparently) being specific to the user who created it. The container files are stored in either the machine key store (if UseMachineKeyStore flag is specified) or in the user's key store in their roaming application data (typically C:\Users\userName\AppData\Roaming\Microsoft\Crypto\ ...).

注意不要破坏其他关键容器文件，否则可能会破坏机器上的其他应用程序或服务.

Be careful not to break other key container files or you could break other apps or services on the machine.

您可能还会看到在创建新密钥时在构造函数调用中指定密钥大小是否有帮助.试试 1024，或者现在可能是 2048.

You might also see if specifying a key size in the constructor call helps when you're creating a new key. Try 1024, or these days maybe 2048.

这篇关于CryptographicException:密钥在指定状态下无效的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！