使用X509证书进行解密 [英] Using a X509 certificate for decryption
问题描述
我有一些X509v3证书的数据,该证书在中央许可站使用.我的问题是以下信息足以让我使用C#代码解密数据吗?另外,证书属性如何导入到项目中?我必须创建证书文件才能继续吗?
I have some data of an X509v3 certificate that is used at a central licensing station. My question is is the following amount of information enough for me to decrypt data using C# code? And additionally, how are the certificate properties imported into a project? Do I have to create a certificate file in order to go on?
我所知道的是:
- 主题
- 序列号
- 发行人
- "root-ca"
- 公钥算法:"rsaEncryption"
- RSA模数,128字节
- RSA公钥指数
- X509v3扩展密钥用法:严重"
- 签名算法:"md5WithRSAEncryption",后跟256个无标题字节
- SHA1指纹
我没有任何证书文件.对不起,如果已经回答了类似的问题,很遗憾,我找不到像我这样的人.
I do not have any certificate file. Excuse me if a similar question has already been answered, unfortunately I wasn't able to find one like mine.
推荐答案
否,您的数据不足.首先,这是所有 public 数据.它不包含私钥.私钥用于解密或签名生成.公钥用于加密和签名验证.
No, your data is not enough. First of all, this is all public data. It doesn't contain a private key. A private key is used for decryption or signature generation. A public key is used for encryption and signature verification.
.NET API的独特之处在于,您似乎可以使用证书进行解密.事实并非如此;证书和私钥对被视为一个;仅如果包含私钥,然后即可真正解密.我个人认为这是一个较小的设计错误.
The .NET API is peculiar in that you can seemingly use a certificate to decrypt. This is not really the case; the certificate and private key pair are seen as one; only if the private key is included then you can actually decrypt. Personally I see this as a minor design mistake.
原则上,您可以根据信息创建证书.基本上,您将必须生成具有相同信息的证书,然后替换颁发者和签名字段.
In principle you could create a certificate given the information. Basically you would have to generate a certificate with the same information and then replace the issuer and signature fields.
但这不是为了弱者.我建议您有几年的经验,然后再尝试.如果上面的列表中缺少任何信息,您将不会获得有效的证书/签名,,也不会收到任何警告,指出错误之处,仅是一次失败.但是,您有一个优势.如果签名验证或指纹与您所获得的相同,则您知道成功.
This is however not for the weak of heart; I recommend a few years of experience before you even try. If any information is missing from the list above you won't get a valid certificate / signature, and you won't get any warning what is wrong, just a failure. You've got one advantage though; if the signature verifies or fingerprint is identical to the one you've got then you know that you've succeeded.
您当然无法解密;私钥仍然会丢失.
You would not be able to decrypt of course; the private key would still be missing.
请注意,签名是 256个无标题字节
.
这篇关于使用X509证书进行解密的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!