X509Certificate - 密钥集不存在 [英] X509Certificate - Keyset does not exist

问题描述

我有一个 WinForms 应用程序，它使用 WCF，并将证书作为参数传递给函数:

mySvcClient.SendDocument(cert.Export(X509ContentType.SerializedCert, "password"));...

在 WCF 服务中，我从字节数组中重新创建了证书:

public void SendDocument (byte[] binaryCert){X509Certificate2 cert = new X509Certificate2(binaryCert, "password");...

但是在使用证书对 xml 进行签名时，出现错误密钥集不存在":

if (cert.HasPrivateKey)//有效！！！{signedXml.SigningKey = cert.PrivateKey;//抛出密钥集不存在"异常...

在我的电脑上，该应用程序 100% 运行！但是在 WebServer 中，我收到了这个错误！

问题是:即使是从字节数组重新创建的 X509Certificate2，我也需要一些特殊的权限才能访问私钥?

谢谢！

解决方案

如果你使用的是windows server 2008或windows 7，那么你需要有读取私钥的权限.

1. 使用 FindPrivateKey 工具查找路径.例如:

<块引用>

FindPrivateKey My LocalMachine -n​​ "CN=MyCert" –a

它返回路径:C:ProgramDataMicrosoftCryptoRSAMachineKeys[File Name]

2. 转到该路径并打开文件属性

3. 转到安全标签

4. 点击编辑"，然后点击添加"

5. 在打开的对话框中写入:IIS AppPool[您的应用程序池名称]，然后单击确定

现在您的应用程序池有权读取此私钥.

I have a WinForms application that consumes a WCF, and pass as a parameter to a function a certificate:

mySvcClient.SendDocument(cert.Export(X509ContentType.SerializedCert, "password"));
...

In WCF service, I recreated the certificate from the array of bytes:

public void SendDocument (byte[] binaryCert)
{   
     X509Certificate2 cert = new X509Certificate2(binaryCert, "password");
...

But when using the certificate to sign a xml, I got the error "Keyset does not exist":

if (cert.HasPrivateKey) // WORKS!!!
{   
    signedXml.SigningKey = cert.PrivateKey; // THROW "keyset does not exist" EXCEPTION
...

In my computer, the application works 100%! But in the WebServer, I got this error!

The question is: even X509Certificate2 recreated from an array of bytes, I need some special permission to access private key?

Thank you!

解决方案

If you are using windows server 2008 or windows 7, then you need the permission to read private key.

1. use FindPrivateKey tool to find path. For example:

FindPrivateKey My LocalMachine -n "CN=MyCert" –a

it returns the path: C:ProgramDataMicrosoftCryptoRSAMachineKeys[File Name]

2. Go to that path and open file properties

3. Go to security tab

4. Click on "Edit" then "Add"

5. In opened dialog write: IIS AppPool[your application pool name] and click OK

Now your application pool has permission to read this private key.

这篇关于X509Certificate - 密钥集不存在的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！