如何导入RSA私钥到RSACryptoServiceProvider? [英] How can I import an RSA private key into an RSACryptoServiceProvider?
问题描述
我试图导入与Win32加密API到.NET应用程序生成的RSA公钥/私钥对。在code,创建和导出密钥对看起来是这样的:
I'm trying to import an RSA public/private key pair generated with the Win32 Crypto API into a .NET application. The code that creates and exports the key pair looks something like this:
// Abbreviated for clarity.
CryptAcquireContext(..., MS_ENHANCED_PROV, ...);
// Generate public/private key pair
CryptCreateHash(..., CALG_SHA1, ...);
CryptHashData(hash, password, ...);
CryptDeriveKey(..., CALG_3DES, hash, CRYPT_EXPORTABLE, ...);
CyrptExportKey(..., derivedKey, PRIVATEKEYBLOB, ...);
基本上,这code是出口的公钥/私钥对作为一个加密的BLOB。它使用了3DES算法与来自SHA-1哈希派生的密钥加密
Basically, this code is exporting the public/private key pair as an encrypted blob. It uses the 3DES algorithm for the encryption with a key derived from a SHA-1 hash.
现在,当我尝试导入此密钥到.NET,我得到的问题。我试过的方法:
Now, when I try to import this key into .NET, I get problems. I've tried to approaches:
(1)我创建一个RSACyrptoServiceProvider对象并调用ImportCspBlob()。这将引发异常并显示消息坏数据。这并不奇怪,因为供应商对象没有办法知道BLOB的加密方式。据我所知,有没有办法都没有告诉它使用这个什么算法和密钥。
(1) I create an RSACyrptoServiceProvider object and call ImportCspBlob(). This throws an exception with the message "bad data." That's not surprising since the provider object has no way to know how the blob was encrypted. As far as I can tell, there's no way at all to tell it what algorithm and key to use for this.
(2)我自己手动解密一滴,使用PasswordDeriveBytes类,然后将解密的blob传递给ImportCsbBlob()。再一次,我得到一个异常。这一次的消息是坏的版本提供的。我试图手动供应商名称创建提供商对象时(Microsoft增强加密提供程序),但它没有什么区别。
(2) I manually decrypt the blob myself, using the PasswordDeriveBytes class, and then pass the decrypted blob to ImportCsbBlob(). Once again, I get an exception. This time the message is "bad version of provider." I tried manually supplying the provider name ("Microsoft Enhanced Cryptographic Provider v1.0") when creating the provider object, but it makes no difference.
这是我得到这个工作是很关键的。任何想法?
It's critical that I get this working. Any ideas?
解决方案:
生成使用C ++和.NET未加密的公钥/私钥对之后,我发现了Microsoft增强加密提供程序实际上并不进行加密前8个字节的密钥对的。 (这必须是被扔在.NET包装循环的版本信息。)修改我的.NET解密code独自离开的前8个字节后,一切工作正常。
After generating the unencrypted public/private key pairs in both C++ and .NET, I discovered that the Microsoft Enhanced Cryptographic Provider does not actually encrypt the first 8-bytes of the key pair. (This must be the versioning information that was throwing the .NET wrapper for a loop.) After modifying my .NET decryption code to leave the first 8 bytes alone, everything works fine.
这个解决方案不是很好,因为它取决于加密系统提供商的内部实现detials。不幸的是,我不认为有因为微软忽视提供,可以让你指定解密算法和密钥的版本ImportCspBlob的任何其他方式。
This solution isn't very good since it depends on internal implementation detials of the cryptographic provider. Unfortunately, I don't think there's any other way since Microsoft neglected to provide a version of ImportCspBlob that lets you specify an algorithm and key for decryption.
推荐答案
在方法2),确认解密的密钥是相同的加密之前。
In approach 2), verify the decrypted key is the same as before encryption.
我不认为从SHA-1散列派生的密钥将匹配一个来自PasswordDeriveBytes
I don't think "a key derived from a SHA-1 hash" will match one from PasswordDeriveBytes
这篇关于如何导入RSA私钥到RSACryptoServiceProvider?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
