我很难从使用CNG的Microsoft软件密钥存储提供程序导入私有RSA密钥 [英] I Am Having Difficulty Importing a Private RSA Key from the Microsoft Software Key Storage Provider Using CNG

问题描述

我使用以下代码在KSP中存储RSA密钥对，并从KSP中检索私钥。 当我尝试解密密文时，收到无效的参数错误。 我正在使用的私钥似乎是正确的
长度，但包含错误的字节。 请帮忙！

I use the following code to store a RSA key pair in the KSP and to retrieve the private key from the KSP.  When I try and decrypt my cipher text, I receive an invalid parameter error.  It appears that the private key that I'm using is of the correct length but contains the wrong bytes.  Please help!

        internal static byte [] GenerateStoredKey（int keyByteLength，string keyName，CngExportPolicies exportPolicies，CngKeyCreationOptions cngKeyCreationOptions，CngKeyUsages cngKeyUsages，CngUeyrotectionLevels cngUIProtectionLevels）

        {

  &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; if（keyByteLength< MIN_KEY_BYTE_LENGTH）

  &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP;抛出新的ArgumentException（String.Format（"密钥长度必须至少为{0}字节！"，MIN_KEY_BYTE_LENGTH），"length"）;



  ; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; CngKeyCreationParameters creationParameters = new CngKeyCreationParameters（）

  &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; {

  &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; ExportPolicy =  exportPolicies，

  &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; KeyCreationOptions = cngKeyCreationOptions，

  &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; KeyUsage = cngKeyUsages，

  &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; Provider = CngProvider.MicrosoftSoftwareKeyStorageProvider，

  &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; UIPolicy =新的CngUIPolicy（cngUIProtectionLevels）

  &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; }; b

  &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; using（CngKey key = CngKey.Create（CngAlgorithm.Rsa，keyName，creationParameters））

  &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; {

  &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP;使用（RSACng rsa =新RSACng（密钥）

         {

     ;       KeySize = keyByteLength * 8

        }）

  &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; {

  &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; return rsa.Key.Export（CngKeyBlobFormat.GenericPublicBlob）;  //返回公钥。

  &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; }¥b $ b  &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; }¥b $ b  &NBSP; &NBSP; &NBSP; }

        internal static byte[] GenerateStoredKey(int keyByteLength, string keyName, CngExportPolicies exportPolicies, CngKeyCreationOptions cngKeyCreationOptions, CngKeyUsages cngKeyUsages, CngUIProtectionLevels cngUIProtectionLevels)
        {
            if (keyByteLength < MIN_KEY_BYTE_LENGTH)
                throw new ArgumentException(String.Format("Key length must be at least {0} bytes!", MIN_KEY_BYTE_LENGTH), "length");

            CngKeyCreationParameters creationParameters = new CngKeyCreationParameters()
            {
                ExportPolicy =  exportPolicies,
                KeyCreationOptions = cngKeyCreationOptions,
                KeyUsage = cngKeyUsages,
                Provider = CngProvider.MicrosoftSoftwareKeyStorageProvider,
                UIPolicy = new CngUIPolicy(cngUIProtectionLevels)
            };

            using (CngKey key = CngKey.Create(CngAlgorithm.Rsa, keyName, creationParameters))
            {
                using (RSACng rsa = new RSACng(key)
                {
                    KeySize = keyByteLength * 8
                })
                {
                    return rsa.Key.Export(CngKeyBlobFormat.GenericPublicBlob);  // Return public key.
                }
            }
        }

推荐答案

我能够解决自己的问题。 问题是我没有手动设置过程'GenerateStoredKey'中密钥的长度。 这可以通过将CngProperty添加到CngKeyCreationParameters集合来完成。 见下文：

I was able to solve my own problem.  The issue was I was not manually setting the length of the key within the procedure 'GenerateStoredKey'.  This can be done by adding a CngProperty to the CngKeyCreationParameters collection.  See below:

        internal static byte[] GenerateStoredKey(int keyByteLength, string keyName, CngExportPolicies exportPolicies, CngKeyCreationOptions cngKeyCreationOptions, CngKeyUsages cngKeyUsages, CngUIProtectionLevels cngUIProtectionLevels)
        {
            if (keyByteLength < MIN_KEY_BYTE_LENGTH)
                throw new ArgumentException(String.Format("Key length must be at least {0} bytes!", MIN_KEY_BYTE_LENGTH), "length");
            if (keyName == null)
                throw new ArgumentNullException("Key name required!", "message");

            // Generate CngKeyCreationParameters
            CngKeyCreationParameters creationParameters = new CngKeyCreationParameters()
            {
                ExportPolicy = exportPolicies,
                KeyCreationOptions = cngKeyCreationOptions,
                KeyUsage = cngKeyUsages,
                Provider = CngProvider.MicrosoftSoftwareKeyStorageProvider,
                UIPolicy = new CngUIPolicy(cngUIProtectionLevels),
            };

            // Must add length to creationParameters separately
            CngProperty keySizeProperty = new CngProperty("Length", BitConverter.GetBytes(keyByteLength * 8), CngPropertyOptions.None);
            creationParameters.Parameters.Add(keySizeProperty);

            using (CngKey key = CngKey.Create(CngAlgorithm.Rsa, keyName, creationParameters))
            {
                using (RSACng rsa = new RSACng(key)
                {
                    KeySize = keyByteLength * 8
                })
                {
                    return rsa.Key.Export(CngKeyBlobFormat.GenericPublicBlob);  // Return public key.
                }
            }
        }

这篇关于我很难从使用CNG的Microsoft软件密钥存储提供程序导入私有RSA密钥的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！