如何正确加密/解密带有X.509证书的XMl证书? [英] How to encrypt/decrypt XMl wiith X.509 certificate correctly?

问题描述

我想使用X.509证书对XML文件进行加密，并且也将其解密.据我所知，我需要使用公钥(在证书内)对XML进行加密，并使用私钥对XML进行解密.因此，只有具有私钥的人才能读取解密的数据.Microsoft在此处提供了一些用于加密/解密的代码:

I want to encrypt a XML file by using a X.509 certificate and also decrypt it, too. As far as I know I need to use the public key (inside the certificate) to encrypt the XML and the private key to decrypt the XML. Thus only the guy with private key is able to read the decrypted data. Microsoft provides some code for encryption/decryption here:

加密: https://msdn.microsoft.com/en-us/library/ms229744(v=vs.110).aspx

解密: https://msdn.microsoft.com/en-us/library/ms229943(v=vs.110).aspx

从第一个示例可以看到，将加载X.509证书来加密文件.但是第二个示例没有(！)加载证书来解密该示例.似乎已加密的文件包含所有需要解密的数据?这是否意味着任何人都可以解密该文件?我想我在这方面有一个理解上的滞后-为什么没有必要使用证书来解密数据?

As you can see from the first example a X.509 certificate will be loaded to encrypt the file. But the second example does not(!) load a certificate to decrypt the example. It seems that the encrypted file holds all the necessary data to be decrypted? Does this mean that the file can be decrypted by anybody? I think I have a lag of understanding here - why is it not necessary to use a certificate to decrypt the data?

关于，迈克尔

推荐答案

解密时，将从计算机证书存储中加载证书.在第二个链接中:

On decryption, the certificate is loaded from the computers certificate store. From your second link:

此过程中的代码示例使用X.509证书从当前用户帐户的本地证书存储中解密XML元素.

在该示例中，用于加密XML的公共密钥存储在加密的数据中，并用于从存储中查找适当的证书.

In that example, the public key used to encrypt the XML is stored in the encrypted data and is used to look up the proper certificate from the store.

因此，您的问题(为什么不需要使用证书来解密数据")的答案是:这是必要的.证书已自动加载.

So the answer to your question -- "why is not necessary to use a certificate to decrypt the data" -- is: it is necessary. The certificate was loaded automatically.

这篇关于如何正确加密/解密带有X.509证书的XMl证书?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！