如何将公钥存储在机器级 RSA 密钥容器中 [英] How to store a public key in a machine-level RSA key container

问题描述

在仅存储公钥/私钥对的公钥时，我在使用机器级 RSA 密钥容器时遇到了问题.

I'm having a problem using a machine level RSA key container when storing only the public key of a public/private key pair.

以下代码创建一个公/私对并从该对中提取公钥.该对和公钥存储在单独的密钥容器中.然后从这些密钥容器中获取密钥，此时它们应该与进入容器的密钥相同.

The following code creates a public/private pair and extracts the public key from that pair. The pair and the public key are stored in separate key containers. The keys are then obtained from those key containers at which point they should be the same as the keys going into the containers.

当为 CspParameters.Flags 指定 CspProviderFlags.UseDefaultKeyContainer(即从 PublicKey 容器中读出的键是相同)，但是当为 CspParameters.Flags 指定 CspProviderFlags.UseMachineKeyStore 时，从 PublicKey 读回的密钥是不同的.

The code works when CspProviderFlags.UseDefaultKeyContainer is specified for CspParameters.Flags (i.e. the key read back out from the PublicKey container is the same), but when CspProviderFlags.UseMachineKeyStore is specified for CspParameters.Flags the key read back from PublicKey is different.

为什么行为不同，我需要做些什么不同的事情来从机器级 RSA 密钥容器中检索公钥?

Why is the behaviour different, and what do I need to do differently to retrieve the public key from a machine-level RSA key container?

var publicPrivateRsa = new RSACryptoServiceProvider(new CspParameters()
{
    KeyContainerName = "PublicPrivateKey",
    Flags = CspProviderFlags.UseMachineKeyStore
    //Flags = CspProviderFlags.UseDefaultKeyContainer
}
    )
{
    PersistKeyInCsp = true,

};

var publicRsa = new RSACryptoServiceProvider(new CspParameters()
{
    KeyContainerName = "PublicKey",
    Flags = CspProviderFlags.UseMachineKeyStore
    //Flags = CspProviderFlags.UseDefaultKeyContainer
}
    )
{
    PersistKeyInCsp = true
};


//Export the key.
publicRsa.ImportParameters(publicPrivateRsa.ExportParameters(false));


Console.WriteLine(publicRsa.ToXmlString(false));
Console.WriteLine(publicPrivateRsa.ToXmlString(false));

//Dispose those two CSPs.
using (publicRsa)
{
    publicRsa.Clear();
}
using (publicPrivateRsa)
{
    publicRsa.Clear();
}

publicPrivateRsa = new RSACryptoServiceProvider(new CspParameters()
{
    KeyContainerName = "PublicPrivateKey",
    Flags = CspProviderFlags.UseMachineKeyStore
    //Flags = CspProviderFlags.UseDefaultKeyContainer
}
    );


publicRsa = new RSACryptoServiceProvider(new CspParameters()
{
    KeyContainerName = "PublicKey",
    Flags = CspProviderFlags.UseMachineKeyStore
    //Flags = CspProviderFlags.UseDefaultKeyContainer
}
    );

Console.WriteLine(publicRsa.ToXmlString(false));
Console.WriteLine(publicPrivateRsa.ToXmlString(false));


using (publicRsa)
{
    publicRsa.Clear();
}
using (publicPrivateRsa)
{
    publicRsa.Clear();
}

推荐答案

似乎密钥容器并非用于此目的(这在 .NET Framework 中的如何:在密钥容器中存储非对称密钥"中暗示了这一点开发人员指南，并由 a 确认MSDN 上的讨论).

It seems that key containers are not intended for this purpose (this is implied by "How to: Store Asymmetric Keys in a Key Container" from the .NET Framework Developer's Guide, and confirmed by a disccusion on MSDN).

需要使用其他机制，例如将密钥存储在 XML 文件中来实现此目标.

Other mechanisms, such as storing the key in an XML file, need to be used to achieve this goal.

这篇关于如何将公钥存储在机器级 RSA 密钥容器中的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！