使用 PrivateKey X.509 证书解密 [英] Decrypt with PrivateKey X.509 Certificate
问题描述
我在使用 X.509 证书解密消息时遇到问题.
我用 makecert 这个选项生成我的证书:
makecert -r -pe -n "CN=MyCertificate" -ss CA -sr CurrentUser -a sha1 -sky signature -cy authority -sv CA.pvk CA.cer而 PrivateKey 是我的密码".
我的问题是当我想用 c# 中的以前的证书解密消息时.
我找到了这个类http://blog.shutupandcode.net/?p=660,但在 X509Decrypt 方法中,PrivateKey 始终为空.
<上一页>public static byte[] X509Decrypt(byte[] data, string certificateFile, string password){//加载证书并解密指定数据使用 (var ss = new System.Security.SecureString()){foreach (var keyChar in password.ToCharArray())ss.AppendChar(keyChar);//加载受密码保护的证书文件X509Certificate2 证书 = 新 X509Certificate2(certificateFile, ss);使用 (RSACryptoServiceProvider rsa = (RSACryptoServiceProvider)cert.PrivateKey){返回 rsa.Decrypt(数据,真);}}}我尝试传递证书文件 (.cer)
<上一页>X509DecryptString(token, @"c:CA.cer", "mypassword");并传递pvk文件(.pvk)
<上一页>X509DecryptString(token, @"c:CA.pvk", "mypassword");但始终认为 PrivateKey 属性为空.
谁能指导我使用 pvk 文件解密消息?
谢谢,
何塞
证书本身只包含公钥(+一些数据),不包含私钥.(RSA 私钥不太可能是mypassword".保护您的私钥的密码可能是mypassword",但私钥本身(更具体地说是 RSA 中的私钥)将是一个相当长的数字.)
因此(因为 CA.cer 只包含证书),X509DecryptString(token, @"c:CA.cer", "mypassword") 将几乎肯定不行.
X509DecryptString(token, @"c:CA.pvk", "mypassword"); 原则上可以工作,但您正在创建一个 X509Certificate2 对象它,它仍然需要证书和私钥.您应该能够从 PKCS#12 容器 (.p12/.pfx) 加载它.
要创建这个容器,你可以使用pvk2pfx:
pvk2pfx -spc CA.cer -pvk CA.pvk -pfx CA.pfx(如果不指定-pfx CA.pfx,会启动交互界面,此时需要勾选导出私钥.)
然后,尝试使用该 pfx/p12 文件进行解密.
I have a problem to decrypt a message usgin X.509 Certificate.
I generate my certificate with makecert with this options:
makecert -r -pe -n "CN=MyCertificate" -ss CA -sr CurrentUser -a sha1 -sky signature -cy authority -sv CA.pvk CA.cer
And the PrivateKey was "mypassword".
My problem is when I want to decrypt a message encrypt with previous certificate in c#.
I found this class http://blog.shutupandcode.net/?p=660, but in the X509Decrypt method allways the PrivateKey is null.
public static byte[] X509Decrypt(byte[] data, string certificateFile, string password)
{
// load the certificate and decrypt the specified data
using (var ss = new System.Security.SecureString())
{
foreach (var keyChar in password.ToCharArray())
ss.AppendChar(keyChar);
// load the password protected certificate file
X509Certificate2 cert = new X509Certificate2(certificateFile, ss);
using (RSACryptoServiceProvider rsa = (RSACryptoServiceProvider)cert.PrivateKey)
{
return rsa.Decrypt(data, true);
}
}
}
I tried passing the certificate file (.cer)
X509DecryptString(token, @"c:CA.cer", "mypassword");
And passing the pvk file (.pvk)
X509DecryptString(token, @"c:CA.pvk", "mypassword");
But allways have that the PrivateKey property is null.
Can anyone guide me to decrypt the message using the pvk file?
Thanks,
Jose
The certificate itself only contains the public key (+ some data), but not the private key. (It's very unlikely that the RSA private key is "mypassword". The password that protects your private key may be "mypassword", but the private key itself (more specifically the private exponent, in RSA) will be a rather long number.)
As a result (because CA.cer only contains the certificate), X509DecryptString(token, @"c:CA.cer", "mypassword") will almost certainly not work.
X509DecryptString(token, @"c:CA.pvk", "mypassword"); could work in principle, but you're creating a X509Certificate2 object from it, and it still needs the certificate and the private key. You should be able to load that from a PKCS#12 container (.p12/.pfx).
To create this container, you can use pvk2pfx:
pvk2pfx -spc CA.cer -pvk CA.pvk -pfx CA.pfx
(If you don't specify -pfx CA.pfx, it will launch the interactive interface, in which case you need to tick the box to export the private key.)
Then, try to decrypt using that pfx/p12 file instead.
这篇关于使用 PrivateKey X.509 证书解密的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
