如何为AES生成持久密钥 [英] How to generate persisted key for AES

问题描述

在.NET Framework 4.6.2中，Microsoft 添加了使用CNG密钥存储提供程序和AesCng算法的持久密钥对称加密支持.使用现有密钥实例化AesCng类的文档非常清楚-只需将密钥名称传递给构造函数即可.

In the .NET Framework 4.6.2 Microsoft added support for persisted-key symmetric encryption using a CNG key storage provider and the AesCng algorithm. The documentation for instantiating the AesCng class using an existing key is pretty clear - just pass the key name into the constructor.

但是如何生成新的持久密钥以用于AES加密?我在发行说明或文档中找不到说明.甚至可以从C#中实现吗?

But how do I generate a new persisted key to use for AES encryption? I can't find the instructions in the release notes or the documentation. Is this even possible from C#?

推荐答案

虽然没有得到很好的记录，但事实证明这很容易做到.您只需使用CngKey.Create方法.困难在于，没有用于AES加密的CngAlgorithm属性.这似乎是Microsoft .NET Framework团队的疏忽.但是，您可以按名称构造自己的CngAlgorithm:

While not documented well, this turns out to be very easy to do. You just use the CngKey.Create method. The difficulty is that there is no CngAlgorithm property for AES encryption. This looks like an oversight from the .NET Framework team at Microsoft. However, you can construct your own CngAlgorithm by name:

    public static string CreateKey(string name)
    {
        CngKey.Create(new CngAlgorithm("AES"), name);
    }

另请参阅: c#中的不对称加密示例

这篇关于如何为AES生成持久密钥的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！