我很难从使用CNG的Microsoft软件密钥存储提供程序导入私有RSA密钥 [英] I Am Having Difficulty Importing a Private RSA Key from the Microsoft Software Key Storage Provider Using CNG
问题描述
我使用以下代码在KSP中存储RSA密钥对,并从KSP中检索私钥。 当我尝试解密密文时,收到无效的参数错误。 我正在使用的私钥似乎是正确的
长度,但包含错误的字节。 请帮忙!
I use the following code to store a RSA key pair in the KSP and to retrieve the private key from the KSP. When I try and decrypt my cipher text, I receive an invalid parameter error. It appears that the private key that I'm using is of the correct length but contains the wrong bytes. Please help!
      internal static byte [] GenerateStoredKey(int keyByteLength,string keyName,CngExportPolicies exportPolicies,CngKeyCreationOptions cngKeyCreationOptions,CngKeyUsages cngKeyUsages,CngUeyrotectionLevels cngUIProtectionLevels)
      {
&NBSP; &NBSP; &NBSP; &NBSP; &NBSP; if(keyByteLength< MIN_KEY_BYTE_LENGTH)
&NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP;抛出新的ArgumentException(String.Format("密钥长度必须至少为{0}字节!",MIN_KEY_BYTE_LENGTH),"length");
  ; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; CngKeyCreationParameters creationParameters = new CngKeyCreationParameters()
&NBSP; &NBSP; &NBSP; &NBSP; &NBSP; {
&NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; ExportPolicy = exportPolicies,
&NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; KeyCreationOptions = cngKeyCreationOptions,
&NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; KeyUsage = cngKeyUsages,
&NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; Provider = CngProvider.MicrosoftSoftwareKeyStorageProvider,
&NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; UIPolicy =新的CngUIPolicy(cngUIProtectionLevels)
&NBSP; &NBSP; &NBSP; &NBSP; &NBSP; }; b
&NBSP; &NBSP; &NBSP; &NBSP; &NBSP; using(CngKey key = CngKey.Create(CngAlgorithm.Rsa,keyName,creationParameters))
&NBSP; &NBSP; &NBSP; &NBSP; &NBSP; {
&NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP;使用(RSACng rsa =新RSACng(密钥)
{
; KeySize = keyByteLength * 8
})
&NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; {
&NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; return rsa.Key.Export(CngKeyBlobFormat.GenericPublicBlob); //返回公钥。
&NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; }¥b $ b &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; }¥b $ b &NBSP; &NBSP; &NBSP; }
internal static byte[] GenerateStoredKey(int keyByteLength, string keyName, CngExportPolicies exportPolicies, CngKeyCreationOptions cngKeyCreationOptions, CngKeyUsages cngKeyUsages, CngUIProtectionLevels cngUIProtectionLevels)
{
if (keyByteLength < MIN_KEY_BYTE_LENGTH)
throw new ArgumentException(String.Format("Key length must be at least {0} bytes!", MIN_KEY_BYTE_LENGTH), "length");
CngKeyCreationParameters creationParameters = new CngKeyCreationParameters()
{
ExportPolicy = exportPolicies,
KeyCreationOptions = cngKeyCreationOptions,
KeyUsage = cngKeyUsages,
Provider = CngProvider.MicrosoftSoftwareKeyStorageProvider,
UIPolicy = new CngUIPolicy(cngUIProtectionLevels)
};
using (CngKey key = CngKey.Create(CngAlgorithm.Rsa, keyName, creationParameters))
{
using (RSACng rsa = new RSACng(key)
{
KeySize = keyByteLength * 8
})
{
return rsa.Key.Export(CngKeyBlobFormat.GenericPublicBlob); // Return public key.
}
}
}
推荐答案
我能够解决自己的问题。 问题是我没有手动设置过程'GenerateStoredKey'中密钥的长度。 这可以通过将CngProperty添加到CngKeyCreationParameters集合来完成。 见下文:
I was able to solve my own problem. The issue was I was not manually setting the length of the key within the procedure 'GenerateStoredKey'. This can be done by adding a CngProperty to the CngKeyCreationParameters collection. See below:
internal static byte[] GenerateStoredKey(int keyByteLength, string keyName, CngExportPolicies exportPolicies, CngKeyCreationOptions cngKeyCreationOptions, CngKeyUsages cngKeyUsages, CngUIProtectionLevels cngUIProtectionLevels)
{
if (keyByteLength < MIN_KEY_BYTE_LENGTH)
throw new ArgumentException(String.Format("Key length must be at least {0} bytes!", MIN_KEY_BYTE_LENGTH), "length");
if (keyName == null)
throw new ArgumentNullException("Key name required!", "message");
// Generate CngKeyCreationParameters
CngKeyCreationParameters creationParameters = new CngKeyCreationParameters()
{
ExportPolicy = exportPolicies,
KeyCreationOptions = cngKeyCreationOptions,
KeyUsage = cngKeyUsages,
Provider = CngProvider.MicrosoftSoftwareKeyStorageProvider,
UIPolicy = new CngUIPolicy(cngUIProtectionLevels),
};
// Must add length to creationParameters separately
CngProperty keySizeProperty = new CngProperty("Length", BitConverter.GetBytes(keyByteLength * 8), CngPropertyOptions.None);
creationParameters.Parameters.Add(keySizeProperty);
using (CngKey key = CngKey.Create(CngAlgorithm.Rsa, keyName, creationParameters))
{
using (RSACng rsa = new RSACng(key)
{
KeySize = keyByteLength * 8
})
{
return rsa.Key.Export(CngKeyBlobFormat.GenericPublicBlob); // Return public key.
}
}
}
这篇关于我很难从使用CNG的Microsoft软件密钥存储提供程序导入私有RSA密钥的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!