在 .NET 核心中实现 RSA [英] implement RSA in .NET core

问题描述

我正在尝试使用 RSA 加密和解密一些数据.我查过 RSA 类，但我只看到抽象类 https://msdn.microsoft.com/en-us/library/system.security.cryptography.rsa(v=vs.110).aspx

I'm trying to encrypt and decrypt some data with RSA. I've looked up teh RSA class but I'm only seeing the abstract class https://msdn.microsoft.com/en-us/library/system.security.cryptography.rsa(v=vs.110).aspx

我读到 DNX5 中的 RSA 类与 .net 4.6.1 中的不同，这与我所看到的不同吗?如果是这样，我在哪里可以找到使用该文档的文档?看起来 RSACryptoServiceProvider 也不能在 .net 核心中工作，我只能访问 RSA 抽象类.

I've read that the RSA class in DNX5 is different from the one in .net 4.6.1 Is that a different one than what I'm seeing? If so where can I find the documentation to use that one? It also appears that RSACryptoServiceProvider is not working in .net core and I only have access to the RSA abstract class.

推荐答案

如果可以，您应该避免使用 RSACryptoServiceProvider.它只适用于 Windows(它是 Windows 上不太好的 RSA 实现).坚持 RSA 基类，并通过 RSA.Create()

You should avoid using RSACryptoServiceProvider if you can. It only works on Windows (and it's the less good RSA implementation on Windows). Stick to the RSA base class, and create new instances via RSA.Create()

using (RSA rsa = RSA.Create())
{
    rsa.KeySize = desiredKeySizeInBits;

    // when the key next gets used it will be created at that keysize.
    DoStuffWithThePrivateKey(rsa);
}

.NET 框架

不幸的是，.NET Framework 上 RSA.Create() 的默认值是 RSACryptoServiceProvider，它不考虑 set_KeySize.因此，如果您需要临时密钥，则需要在 .NET Framework 和 .NET Core 上使用不同的代码:

.NET Framework

Unfortunately, the default for RSA.Create() on .NET Framework is RSACryptoServiceProvider, which doesn't respect set_KeySize. So if you need ephemeral keys you'll need to use different code on .NET Framework vs .NET Core:

using (RSA rsa = new RSACng())
{
    rsa.KeySize = desiredKeySizeInBits;

    DoStuffWithThePrivateKey(rsa);
}

或者，如果您需要支持 4.6(其中不存在 RSACng)/4.6.2(其中大部分 .NET Framework 与 RSACng 对象而不是 RSACryptoServiceProvider 对象一起愉快地工作)的版本，您可以继续使用较旧的实现:

Or, if you need to support versions earlier than 4.6 (where RSACng didn't exist) / 4.6.2 (where most of the .NET Framework worked happily with RSACng objects instead of RSACryptoServiceProvider objects) you can continue to use the older implementation:

using (RSA rsa = new RSACryptoServiceProvider(desiredKeySizeInBits))
{
    // Since before net46 the Encrypt/Decrypt, SignData/VerifyData, SignHash/VerifyHash
    // methods were not defined at the RSA base class, you might need to keep this strongly
    // typed as RSACryptoServiceProvider.
    DoStuffWithThePrivateKey(rsa);
}

临时密钥(导入)

尽管 RSACng 通常比 RSACryptoServiceProvider 更容易使用，但 RSACryptoServiceProvider 在这种情况下应该可以正常工作，因此 RSA.Create() 在所有平台上都很好:

Ephemeral Keys (Import)

Even though RSACng, in general, is easier to work with than RSACryptoServiceProvider, RSACryptoServiceProvider should work fine in this context, so RSA.Create() is good on all platforms:

using (RSA rsa = RSA.Create())
{
    rsa.ImportParameters(rsaParameters);

    DoStuffWithWhateverKindOfKeyYouImported(rsa);
}

来自证书:

.NET Core 1.0+，.NET Framework 4.6+

using (RSA rsa = cert.GetRSAPublicKey())
{
    DoStuffWithThePublicKey(rsa);
}

或

using (RSA rsa = cert.GetRSAPrivateKey())
{
    DoStuffWithThePrivateKey(rsa);
}

.NET 框架4.6

// Do NOT put this in a using block, since the object is shared by all callers:
RSA rsaPrivate = (RSA)cert.PrivateKey;
DoStuffWithThePrivateKey(rsaPrivate);

// Do NOT put this in a using block, since the object is shared by all callers:
RSA rsaPublicOnly = (RSA)cert.PublicKey.Key;
DoStuffWithThePublicKey(rsaPublic);

使用命名/持久键(仅限 Windows)

我打算包含一些关于 RSACryptoServiceProvider (WinXP+/CAPI) 和 RSACng (Win7+/CNG) 创建/打开命名密钥的示例，但这在 .NET 中并不是很常见的场景；它当然不可移植(可移植到其他操作系统是 .NET Core 更引人注目的论据之一).

Using Named/Persisted Keys (Windows-only)

I was going to include some samples about RSACryptoServiceProvider (WinXP+/CAPI) and RSACng (Win7+/CNG) creating/opening named keys, but that's not a very common scenario in .NET; and it certainly isn't portable (portability to other OSes being one of the more compelling arguments for .NET Core).

对于 .NET Core 1.0 和 1.1，您可以从 System.Security.Cryptography.Algorithms 包中访问 RSA 基类.在 .NET Core 2.0 中，它将包含在 netstandard 包参考中.

For .NET Core 1.0 and 1.1, you get access to the RSA base class from the System.Security.Cryptography.Algorithms package. In .NET Core 2.0 it will be included in the netstandard package reference.

如果您需要与操作系统进行复杂的互操作，您可以参考System.Security.Cryptography.Cng (Windows CNG)、System.Security.Cryptography.Csp(Windows CAPI/CryptoServiceProvider)或 System.Security.Cryptography.OpenSsl(Linux OpenSSL、macOS OpenSSL)并获得对启用互操作的类(RSACng、RSACryptoServiceProvider、RSAOpenSsl)的访问).但是，真的，你不应该那样做.

If you need to do complex interop with the OS you can reference System.Security.Cryptography.Cng (Windows CNG), System.Security.Cryptography.Csp (Windows CAPI/CryptoServiceProvider), or System.Security.Cryptography.OpenSsl (Linux OpenSSL, macOS OpenSSL) and get access to the interop-enabled classes (RSACng, RSACryptoServiceProvider, RSAOpenSsl). But, really, you shouldn't do that.

• .NET Framework:RSACryptoServiceProvider，除非被 CryptoConfig 更改.
• .NET Core (Windows):通过 CNG 实现 RSA 的私有类，您不能将其转换为任何更具体的类型.
• .NET Core (Linux):通过 OpenSSL 实现 RSA 的私有类，您不能将其转换为任何更具体的类型.
• .NET Core (macOS):通过 OpenSSL 实现 RSA 的私有类，您不能将其转换为任何更具体的类型.(这应该通过 .NET Core 下一版本中的 SecureTransforms 实现)

这篇关于在 .NET 核心中实现 RSA的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！