异常时,试图读取从Windows的CertStore当作PrivateKey [英] Exception when trying to read a PrivateKey from Windows certstore
问题描述
我创建使用OpenSSL私有和公共密钥对,然后我产生.p12文件将其导入到我的Windows的CertStore。密钥对或.p12文件是在Windows XP中创建的,我试图使用它在Windows 7
我试图从IIS Web服务(.SVC)中访问的关键。
。如果我尝试读取从一个独立的应用程序的私有密钥,我可以做到这一点没有任何问题,但是当我试图从我的web应用程序读它,我总是得到以下异常:
I created a private and public key pair using OpenSSL and then I generated a .p12 file to import it into my Windows certstore. The key pair and .p12 files were created in Windows XP and I am trying to use it in Windows 7. I am trying to access the key from within a Web Service (.svc) in IIS. If I try to read the private key from a standalone app, I can do it without any problems, but when I try to read it from my web app, I always get the following exception:
'cert.PrivateKey' threw an exception of type 'System.Security.Cryptography.CryptographicException'
这是整个堆栈跟踪:
en System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer)
en System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle)
en System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair()
en System.Security.Cryptography.RSACryptoServiceProvider..ctor(Int32 dwKeySize, CspParameters parameters, Boolean useDefaultKeySize)
en System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey()
en ValidKeyDll.ValidKey.getLlaveDeAlmacen(String almacen, Boolean esLlavePrivada) en C:\Users\desarrollo\Documents\ValidKeyDll\ValidKeyDll\ValidKey.cs:línea 58
en ValidKeyDll.ValidKey.firmaCadena(String almacen, String cadenaFirmar) en C:\Users\desarrollo\Documents\ValidKeyDll\ValidKeyDll\ValidKey.cs:línea 117
这是我的代码的一部分,它读取键:
And this is my part of the code that reads the key:
X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadOnly);
RSACryptoServiceProvider csp = null;
foreach (X509Certificate2 cert in store.Certificates)
{
if (cert.Subject.Contains(almacen))
{
if (cert.NotAfter.CompareTo(System.DateTime.Now) <= 0)
throw new CertificadoVencidoException();
if (isPrivateKey)
csp = (RSACryptoServiceProvider)cert.PrivateKey;
else
csp = (RSACryptoServiceProvider)cert.PublicKey.Key;
break;
}
}
我想这有某种权限做的问题,但我caanot找出它是什么...请如果任何人有这将不胜感激任何建议。
I suppose it has to do with some kind of permission issue, but I caanot find out what it is... Please if anyone has any suggestions it will be greatly appreciated.
考虑事项:
- 私钥可以导出。
- IIS_IUSRS有证书的权限的用户。
推荐答案
我终于破获这个问题,但无法发布答案到现在为止(因为我是一个beginer):
I finally cracked down the problem, but couldn't post the answer until now (because I'm a beginer):
的事情是,我是导入的.p12走错了路。我双击它,然后按照步骤。这是什么做的是将证书在当前用户 - 个人证书存储,所以我想,通过刚才从商店移动证书到本地计算机存储已经足够......但惊喜哦!不是。
多改版后,我发现IIS有从其内部导入证书的能力,而这直接使该证书在本地计算机证书存储。
如果任何人有一些问题,或者只是想看看如何做到这一点,这些步骤如下:
The thing is that I was importing the .p12 the wrong way. I was double clicking it and following the steps. What this did was to put the certificate in the Current User - Personal certificate store, so I thought that by just moving the cert from that store to the Local Machine store was enough... but oh surprise! it was not. After much revision, I found that the IIS has the capability of importing certificates from within itself, and that this puts the certificate directly in the Local Machine cert store. If anyone has the some problem or just wants to see how to do this, these are the steps:
- 打开IIS
- 转至服务器证书(抱歉,如果你没有找到确切的话,我的Windows是西班牙语)
- 选择导入
- 选择您的文件。如果你的文件是像我这样的.p12,然后选择要查看*。*
- 键入密码
- 接受......瞧
- Open the IIS.
- Go to the Server Certificates (sorry if you don't find the exact words, my Windows is in Spanish)
- Select Import
- Select your file. If your file is a .p12 like mine, then select to view *.*
- Type in the password
- Accept... and voilá
这篇关于异常时,试图读取从Windows的CertStore当作PrivateKey的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
