CngKeyBlobFormat支持哪些实际格式？ [英] What are the actual formats supported by CngKeyBlobFormat?

问题描述

Microsoft页面提供有关 CngKey.Import 。哪些实际格式实际上由以下 CngKeyBlobFormat 属性？

The Microsoft pages provide "minimal" information about the formats that can be used by CngKey.Import. Which actual formats are actually represented by the following CngKeyBlobFormat properties?

• EccPrivateBlob


• EccPublicBlob


• GenericPrivateBlob


• GenericPublicBlob


• OpaqueTransportBlob


• Pkcs8PrivateBlob

• EccPrivateBlob
• EccPublicBlob
• GenericPrivateBlob
• GenericPublicBlob
• OpaqueTransportBlob
• Pkcs8PrivateBlob

仅PKCS＃8私钥格式略微暗示了密钥的格式，但未指定私钥是否需要包装或仅内部密钥接受PKCS＃8结构。

Only the PKCS#8 private key format hints slightly about the format of the key, but it doesn't specify if the private key needs to be wrapped or if just the inner PKCS#8 structure is accepted.

有关这些格式的信息越多越好。

The more information about these formats the better of course.

推荐答案

在所有这些过程中要记住的一点是，CNG可通过CNG提供程序进行扩展，这可能是默认的M icrosoft软件之一，智能卡或第三方提供商（例如HSM）。任何提供程序都可以选择忽略或不支持任何这些格式。最终可以归结为 NCryptImportKey 被调用。 CNG支持的许多格式未在此处列出。那里的备注部分有很多有关数据结构的类型和链接的信息。

A thing to keep in mind throughout all of this is that CNG is extendable through CNG Providers, which may be the default Microsoft Software one, a Smart Card, or a 3rd party provider like an HSM. Any provider may choose to ignore or not support any of these formats. This eventually boils down to NCryptImportKey being called. There are a number of formats that are supported by CNG that are not listed here. The remarks section there has quite a bit of information about the types and links for data structures.

如您在 NCryptImportKey 文档，密钥格式是字符串。 CngKeyBlobFormat 只是这些字符串的包装。您可以在参考源中查找查看这些属性如何映射到Win32字符串。例如， EccPrivateBlob 属性是 ECCPRIVATEBLOB 字符串。

As you see in the NCryptImportKey documentation, the key format is a string. The CngKeyBlobFormat is just a wrapper around those strings. You can look in the reference source to see how these properties map to the Win32 strings. For example, the EccPrivateBlob property is the "ECCPRIVATEBLOB" string.

Pkcs8PrivateBlob

Pkcs8PrivateBlob

此格式由 PKCS＃8 标准指定。

OpaqueTransportBlob

OpaqueTransportBlob

这个微软可以并不是真正的文档，因为它是不透明的斑点，并且在提供者之间不可移植。从本质上讲，这应该是提供者选择的一种表示形式。

This one Microsoft can't really document because it is an opaque blob, and is not portable between providers. Essentially, this is meant to be a representation the provider chooses.

GenericPublicBlob

GenericPublicBlob

这将是 BCRYPT_KEY_BLOB 结构。结构中的第一个字段确定具有魔术值的结构。例如，使用RSA公钥，它将是 BCRYPT_RSAKEY_BLOB 。

GenericPrivateBlob

GenericPrivateBlob

除了填充私有参数外，其余与上面相同。

This is the same as above except the private parameters are filled in.

EccPublicBlob

EccPublicBlob

这将是 BCRYPT_ECCKEY_BLOB 结构。与上面的类似之处在于，魔术值将确定blob的实际内容。

This will be a BCRYPT_ECCKEY_BLOB structure. It is similar as above in that a magic value will determine the actual contents of the blob.

EccPrivateBlob

EccPrivateBlob

除了填写私有参数外，其余与上面相同。

This will be the same as above except the private parameters are filled in.

对于 BCRYPT_KEY_BLOB 和 BCRYPT_ECCKEY_BLOB 结构，这些结构充当密钥的标题。实际的密钥材料将在struct之后位于相同的内存块中。密钥材料的数量将根据魔术值以及标题中的其他值来知道。

In the cases for BCRYPT_KEY_BLOB and BCRYPT_ECCKEY_BLOB structures, the structures act as a "header" for the key. The actual key material will be in the same blob of memory, after the struct. The "amount" of key material will be known based on the magic value, and the other values in the header.

这篇关于CngKeyBlobFormat支持哪些实际格式？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！