"坏键"例外与导出的私钥证书 [英] "Bad key" exception for certificates with exportable private key
问题描述
我试图来加密,然后使用非对称加密解密文件。我创建使用makecert测试证书,并安装到我的个人LOCALMACHINE店。今后我将不得不安装多个服务器上该证书,这就是为什么我用-pe标志创造了它,那就是与导出的私钥。该证书已成功创建并安装了,我看到了您有一个与该证书对应的私钥音符MMC。
I am trying to encrypt and then decrypt files using asymmetric encryption. I've created a test certificate using makecert and installed it into my personal localmachine store. In future I'll have to install this certificate on several servers, that's why I've created it with "-pe" flag, that is, with exportable private key. The certificates has been successfully created and installed, I see the "You have a private key that corresponds to this certificate" note in mmc.
现在我想对数据进行加密在.NET 3.5的RSACryptoServiceProvider。并且取得了成功。但是,当我试图解密,我得到坏键异常。
Now I am trying to encrypt data with RSACryptoServiceProvider in .NET 3.5. And it succeeds. But when I am trying to decrypt it, I get "Bad key" exception.
如果我没有创建-pe选项证书,同样的代码可以很好地用于解密。
下面是代码:
If I create the certificate without "-pe" option, the same code works well for decryption. Here is the code:
RSA rsaKey = (RSA)myCertificate.PrivateKey;
RSACryptoServiceProvider rsaCsp = (RSACryptoServiceProvider)rsaKey;
byte[] plainText = rsaCsp.Decrypt(encryptedText, true);
另外,我已经试过另一种方法,使用System.Security.Cryptography.Pkcs命名空间:
Also I've tried another method, using System.Security.Cryptography.Pkcs namespace:
EnvelopedCms envelope = new EnvelopedCms();
envelope.Decode(encryptedText);
envelope.Decrypt();
byte[] plainText = envelope.ContentInfo.Content;
的结果是一样的...
谁能帮助?
The result was the same... Can anyone help?
推荐答案
确保您使用的键与-sky交易所创建如果使用makecert.exe。如果没有这个,你只能用于签名和认证,不加密/解密这是你在这里实现用例的关键。
Ensure that the key you're using was created with "-sky Exchange" if using makecert.exe. Without this, you can only use the key for signing and authentication, not encryption/decryption which is the use case you're implementing here.
这篇关于"坏键"例外与导出的私钥证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
