如何设置使用aspnet_regiis的创建RSA密钥密钥大小? [英] How to set key size of RSA key created using aspnet_regiis?
问题描述
我创建了一个客户的RSA密钥容器(用于加密连接字符串在web.config中)使用以下命令:
I have created a customer RSA key container (for encrypting connection string in web.config) using the following command:
为aspnet_regiis -pcTestKeys型2048 -exp
aspnet_regiis -pc "TestKeys" -size 2048 -exp
我然后出口的关键是一个XML文件,并用它来初始化的RSACryptoServiceProvider的一个实例,这样我就可以检查按键的大小肯定是2048年。但是,使用code以下,密钥大小显示为1024
I then exported the key to an xml file and used it to initialise an instance of RSACryptoServiceProvider so that I could check the key size was definitely 2048. However, using the code below, the key size is displayed as 1024.
using (RSACryptoServiceProvider rsa = new RSACryptoServiceProvider())
{
using (FileStream fs = new FileStream(@"C:\TestKeys.xml", FileMode.Open))
{
using (StreamReader sr = new StreamReader(fs))
{
rsa.FromXmlString(sr.ReadToEnd());
}
}
Console.WriteLine(rsa.KeySize.ToString());
}
这似乎为aspnet_regiis被忽略-size参数。我失去了一些东西?
It seems that aspnet_regiis is ignoring the -size argument. Am I missing something?
此外,有没有推荐的密钥大小加密使用RSA .NET配置部分?
Also, is there a recommended key size for encrypting .Net config sections using RSA?
推荐答案
我结束了使用的RSACryptoServiceProvider类创建密钥容器,因为它创建了大小键指定的。
I ended up using the RSACryptoServiceProvider class to create the key container as it creates the keys with the size specified.
CspParameters cp = new CspParameters();
cp.KeyContainerName = keyContainerName;
cp.Flags = CspProviderFlags.UseMachineKeyStore;
cp.KeyNumber = 1;
using (RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(keySize, cp))
{
using (FileStream fs = new FileStream(fileName, FileMode.Create))
{
using (StreamWriter sw = new StreamWriter(fs))
{
sw.WriteLine(rsa.ToXmlString(true));
}
}
}
NIST receommend的3072位的密钥大小,需要2030年后的安全性。
NIST receommend a key size of 3072 bits for security required beyond 2030.
这篇关于如何设置使用aspnet_regiis的创建RSA密钥密钥大小?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
