使用X509证书进行解密 [英] Using a X509 certificate for decryption

问题描述

我有一些X509v3证书的数据，该证书在中央许可站使用.我的问题是以下信息足以让我使用C#代码解密数据吗?另外，证书属性如何导入到项目中?我必须创建证书文件才能继续吗?

I have some data of an X509v3 certificate that is used at a central licensing station. My question is is the following amount of information enough for me to decrypt data using C# code? And additionally, how are the certificate properties imported into a project? Do I have to create a certificate file in order to go on?

我所知道的是:

• 主题
• 序列号
• 发行人
• "root-ca"
• 公钥算法:"rsaEncryption"
• RSA模数，128字节
• RSA公钥指数
• X509v3扩展密钥用法:严重"
• 签名算法:"md5WithRSAEncryption"，后跟256个无标题字节
• SHA1指纹

我没有任何证书文件.对不起，如果已经回答了类似的问题，很遗憾，我找不到像我这样的人.

I do not have any certificate file. Excuse me if a similar question has already been answered, unfortunately I wasn't able to find one like mine.

推荐答案

否，您的数据不足.首先，这是所有 public 数据.它不包含私钥.私钥用于解密或签名生成.公钥用于加密和签名验证.

No, your data is not enough. First of all, this is all public data. It doesn't contain a private key. A private key is used for decryption or signature generation. A public key is used for encryption and signature verification.

.NET API的独特之处在于，您似乎可以使用证书进行解密.事实并非如此；证书和私钥对被视为一个；仅如果包含私钥，然后即可真正解密.我个人认为这是一个较小的设计错误.

The .NET API is peculiar in that you can seemingly use a certificate to decrypt. This is not really the case; the certificate and private key pair are seen as one; only if the private key is included then you can actually decrypt. Personally I see this as a minor design mistake.

原则上，您可以根据信息创建证书.基本上，您将必须生成具有相同信息的证书，然后替换颁发者和签名字段.

In principle you could create a certificate given the information. Basically you would have to generate a certificate with the same information and then replace the issuer and signature fields.

但这不是为了弱者.我建议您有几年的经验，然后再尝试.如果上面的列表中缺少任何信息，您将不会获得有效的证书/签名，，也不会收到任何警告，指出错误之处，仅是一次失败.但是，您有一个优势.如果签名验证或指纹与您所获得的相同，则您知道成功.

This is however not for the weak of heart; I recommend a few years of experience before you even try. If any information is missing from the list above you won't get a valid certificate / signature, and you won't get any warning what is wrong, just a failure. You've got one advantage though; if the signature verifies or fingerprint is identical to the one you've got then you know that you've succeeded.

您当然无法解密；私钥仍然会丢失.

You would not be able to decrypt of course; the private key would still be missing.

请注意，签名是 256个无标题字节.

这篇关于使用X509证书进行解密的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！