从RSACryptoServiceProvider转换为RSACng [英] Convert from RSACryptoServiceProvider to RSACng
问题描述
我当前正在使用RSACryptoServiceProvider,并且想要更改为RSACng.我正在用它来签名数据.进行更改的原因是我正在使用Pkcs1填充,并且我知道Pss填充是首选.我们正在接受安全审核.
I am currently using RSACryptoServiceProvider and I want to change to RSACng. I am using it to sign data. The reason for the change is that I am using Pkcs1 padding and I understand that Pss padding is preferred. We are undergoing security audits.
我的问题是如何实例化RSACng,以便每次使用相同的私钥/公钥?
My question is how do I instantiate RSACng so that it uses the same private / public key each time?
我正在使用RSACryptoServiceProvider:
With RSACryptoServiceProvider I am doing:
CspParameters cp = new CspParameters();
cp.KeyContainerName = "ContainerName";
RSACryptoServiceProvider RSA = new RSACryptoServiceProvider(cp);
传递容器名称意味着它使用了在机器上的容器存储中保留的密钥.
passing in the container name means it uses the key that persists in the in the container store on the machine.
我使用RSACng进行了尝试,但出现了异常:不支持所请求的操作"
With RSACng, I tried this, but I get an exception: "The requested operation is not supported"
RSACng RSA = new RSACng(CngKey.Create(CngAlgorithm.Sha256, ContainerName));
我只需要能够传递商店密钥名称,以便它每次都使用相同的密钥而不是生成新密钥.
I just need to be able to pass the store key name so it uses the same key each time instead of generating a new key.
推荐答案
如果要使用CNG创建命名/持久的RSA密钥:
If you want to create a named/persisted RSA key with CNG:
private static RSA CreatePersistedRSAKey(string name, int keySizeInBits)
{
CngKeyCreationParameters creationParameters = new CngKeyCreationParameters
{
// This is what an ephemeral key would have had
// (allows ExportParameters(true) to succeed). Adjust as desired.
//
// The default is not exportable (only applies to the private key)
ExportPolicy =
CngExportPolicies.AllowExport | CngExportPolicies.AllowPlaintextExport,
};
creationParameters.Parameters.Add(
new CngProperty(
"Length",
BitConverter.GetBytes(keySizeInBits),
CngPropertyOptions.Persist));
// RSACng will extract the data it needs from this key object,
// but doesn't take ownership
using (CngKey key = CngKey.Create(CngAlgorithm.Rsa, name, creationParameters))
{
return new RSACng(key);
}
}
这跳过了您将在尝试对CngKey.Open进行调用/捕获,或者可能想要删除密钥(使用CngKey.Open打开它,并在CngKey实例上调用Delete)的部分.
This skips the parts where you would do a try/catch around a call to CngKey.Open, or might want to delete the key (open it with CngKey.Open, and call Delete on the CngKey instance).
( CngAlgorithm.Rsa
.如果您使用的是旧版本,则等效项为 new CngAlgorithm("RSA")
)
(CngAlgorithm.Rsa
was added in net46. If you're on an older version then an equivalent would be new CngAlgorithm("RSA")
)
这篇关于从RSACryptoServiceProvider转换为RSACng的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!