解密与PrivateKey X.509证书 [英] Decrypt with PrivateKey X.509 Certificate

问题描述

我有一个问题要解密消息usgin X.509证书。

I have a problem to decrypt a message usgin X.509 Certificate.

我产生我与makecert证书此选项：

I generate my certificate with makecert with this options:

makecert -r -pe -n "CN=MyCertificate" -ss CA -sr CurrentUser -a sha1 -sky signature -cy authority -sv CA.pvk CA.cer

而PrivateKey是输入mypassword。

And the PrivateKey was "mypassword".

我的问题是，当我想用​​previous证书信息加密解密C＃。

My problem is when I want to decrypt a message encrypt with previous certificate in c#.

我发现这个类 HTTP：//blog.shutupand$c$c.net / P = 660 ，但在 X509Decrypt 的方法，百达的PrivateKey为空。

I found this class http://blog.shutupandcode.net/?p=660, but in the X509Decrypt method allways the PrivateKey is null.

public static byte[] X509Decrypt(byte[] data, string certificateFile, string password)
{
    // load the certificate and decrypt the specified data
    using (var ss = new System.Security.SecureString())
    {
        foreach (var keyChar in password.ToCharArray())
            ss.AppendChar(keyChar);

        // load the password protected certificate file
        X509Certificate2 cert = new X509Certificate2(certificateFile, ss);

        using (RSACryptoServiceProvider rsa = (RSACryptoServiceProvider)cert.PrivateKey)
        {
            return rsa.Decrypt(data, true);
        }    
    }
}

我试图传递证书文件（.CER）

I tried passing the certificate file (.cer)

X509DecryptString(token, @"c:\CA.cer", "mypassword");

和传递PVK文件（.pvk）

And passing the pvk file (.pvk)

X509DecryptString(token, @"c:\CA.pvk", "mypassword");

不过，永诺拥有该PrivateKey属性为null。

But allways have that the PrivateKey property is null.

任何人都可以指导我使用PVK文件的消息解密？

Can anyone guide me to decrypt the message using the pvk file?

谢谢

何塞

推荐答案

证书本身仅包含公钥（+某些数据），而不是私钥。 （这是非常不可能的RSA私钥是保护你的私钥可能是输入mypassword输入mypassword的密码，但私钥本身（更具体地说是专用指数，在RSA）将是一个相当长的数字。）

The certificate itself only contains the public key (+ some data), but not the private key. (It's very unlikely that the RSA private key is "mypassword". The password that protects your private key may be "mypassword", but the private key itself (more specifically the private exponent, in RSA) will be a rather long number.)

结果（因为 CA.cer 只包含证书）， X509DecryptString（令牌，@C：\ CA.cer 输入mypassword）将几乎肯定无法正常工作。

As a result (because CA.cer only contains the certificate), X509DecryptString(token, @"c:\CA.cer", "mypassword") will almost certainly not work.

X509DecryptString（令牌，@C：\ CA.pvk，输入mypassword）; 可以工作的原则，但要创建一个 X509Certificate2 从它的对象，它仍然需要证书和私钥。你应该能够加载从PKCS＃12容器（或.p12 / .PFX）。

X509DecryptString(token, @"c:\CA.pvk", "mypassword"); could work in principle, but you're creating a X509Certificate2 object from it, and it still needs the certificate and the private key. You should be able to load that from a PKCS#12 container (.p12/.pfx).

要创建这个容器，你可以使用 pvk2pfx ：

To create this container, you can use pvk2pfx:

pvk2pfx -spc CA.cer -pvk CA.pvk -pfx CA.pfx

（如果没有指定 -pfx CA.pfx ，将推出的人机交互界面，在这种情况下，你需要勾选框，导出私钥。）

(If you don't specify -pfx CA.pfx, it will launch the interactive interface, in which case you need to tick the box to export the private key.)

然后，尝试使用PFX / P12文件，而不是来解密。

Then, try to decrypt using that pfx/p12 file instead.

这篇关于解密与PrivateKey X.509证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！