插入证书(含PrivateKey)对其根,在.NET 4 LOCALMACHINE证书存储失败 [英] Inserting Certificate (with privatekey) in Root, LocalMachine certificate store fails in .NET 4
问题描述
我在插入与privatekey在LOCALMACHINE的根证书存储一个新的CA证书的问题。
这是发生了什么:
//这并没有帮助。
新StorePermission(PermissionState.Unrestricted){标志= StorePermissionFlags.AddToStore} .Assert();
VAR店=新的X509Store(StoreName.Root,StoreLocation.LocalMachine);
privkey.PersistKeyInCsp = TRUE;
//这不应该是必要的不有所作为什么那么。
RSACryptoServiceProvider.UseMachineKeyStore = TRUE;
cert.PrivateKey =的privKey;
store.Open(OpenFlags.MaxAllowed);
store.Add(证书);
store.Close();
该证书被插入,这一切看起来花花公子:(!见)
请注意:是说,它有当作PrivateKey
所以,你会说,人们将能够找到它与 FindPrivateKey
C:\用户\管理\桌面> FindPrivateKey.exe根LOCALMACHINE -t54 11 B1 F4 31 99 19 D3 5A F0 5F 01 95 FC AA 6F 71 12 13 EB
FindPrivateKey失败,原因如下:
无法获得私钥文件名
使用 /?选项帮助
这是可爱....但是这是错的! (2蠢狗参考)
和证书导出对话框给了我这个非常精细的消息:
我已经添加了code用于生成和插入的根证书进店这里。
您还需要这个DLL:这里(这是BouncyCastle的)
这也产生一个.pfx文件,如果进口不工作。
我只是很想知道为什么?
(在Windows Server测试2008 R2和放大器; Windows 7中)
我会诅咒!
它的工作原理,当我编译它V3.5 !!!!
怎么办?
解决方案我有完全一样的问题和解决方案被证明是非常简单的
X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet
要X509Certificate2的构造函数。 而不是现在使用的是DotNetUtilities转换的BouncyCastle的证书到.NET之一,但helper方法创建.NET证书与DefaultKeySet(MachineKeySet + PersistKeySet )。
和安排这样的私钥:
VAR cspParams =新CspParameters
{
KeyContainerName = Guid.NewGuid()。toString()方法,
KeyNumber =(INT)KeyNumber.Exchange,
标志= CspProviderFlags.UseMachineKeyStore
};
VAR rsaProvider =新的RSACryptoServiceProvider(cspParams);
我希望这有助于。
I'm having problems inserting a new CA certificate with privatekey in the Root certificate store of the localmachine.
This is what happens:
//This doesn't help either.
new StorePermission (PermissionState.Unrestricted) { Flags = StorePermissionFlags.AddToStore }.Assert();
var store = new X509Store(StoreName.Root, StoreLocation.LocalMachine);
privkey.PersistKeyInCsp = true;
//This shouldn't be necessary doesn't make a difference what so ever.
RSACryptoServiceProvider.UseMachineKeyStore = true;
cert.PrivateKey = privkey;
store.Open (OpenFlags.MaxAllowed);
store.Add (cert);
store.Close ();
The certificate gets inserted and it all looks dandy: (see!)
Note: is says it has a privatekey.
So you'd say one would be able to find it with FindPrivateKey
C:\Users\Administrator\Desktop>FindPrivateKey.exe Root LocalMachine -t "54 11 b1 f4 31 99 19 d3 5a f0 5f 01 95 fc aa 6f 71 12 13 eb"
FindPrivateKey failed for the following reason:
Unable to obtain private key file name
Use /? option for help
It's cute .... BUT IT'S WRONG!! (2 stupid dogs reference)
And the Certificate export dialog gives me this very fine message:
This code is run while impersonating an administrator using this snippet: click here
I've added the code for generating and inserting a root cert into the store here.
You'll also need this dll: here (It's BouncyCastle)
It also generates a .pfx file that if imported does work.
I'd just love to know WHY?
(tested on Windows Server 2008 R2 & Windows 7)
I'll be damned!
It works when I compile it to v3.5!!!!
What to do?
I had exactly the same problem and the solution turned out to be really simple. All I had to do is to pass
X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet
to X509Certificate2's ctor. Now you are using the DotNetUtilities to convert the bouncycastle certificate to the .net one, but the helper method creates the .net cert with the DefaultKeySet (instead of MachineKeySet + PersistKeySet ).
And arrange the private key like this:
var cspParams = new CspParameters
{
KeyContainerName = Guid.NewGuid().ToString(),
KeyNumber = (int)KeyNumber.Exchange,
Flags = CspProviderFlags.UseMachineKeyStore
};
var rsaProvider = new RSACryptoServiceProvider(cspParams);
I hope this helps.
这篇关于插入证书(含PrivateKey)对其根,在.NET 4 LOCALMACHINE证书存储失败的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
