在.NET内核中实现RSA [英] implement RSA in .NET core
问题描述
RSA 类,但我只看到抽象类 我读过DNX5中的RSA类与.net 4.6.1中的不同一个比我看到的如果是,我可以在哪里找到使用该文件的文档?也似乎 RSACryptoServiceProvider 在.net核心不工作,我只能访问 RSA 抽象类。
如果可以,您应该避免使用 RSACryptoServiceProvider 它只适用于Windows(而Windows上的RSA实现不太好)。坚持使用 RSA 基类,并通过 RSA.Create()
短暂的钥匙(创作)
.NET Core
code> using(RSA rsa = RSA.Create())
{
rsa.KeySize = desiredKeySizeInBits;
//当下一个键被使用时,它将被创建在那个keysize。
DoStuffWithThePrivateKey(rsa);
}
.NET Framework
不幸的是,.NET Framework上的RSA.Create()的默认值是RSACryptoServiceProvider,它不尊重set_KeySize。所以如果你需要短暂的密钥,你需要在.NET Framework和.NET Core上使用不同的代码:
using(RSA rsa = new RSACng())
{
rsa.KeySize = desiredKeySizeInBits;
DoStuffWithThePrivateKey(rsa);
}
或者,如果您需要支持4.6之前的版本(其中RSACng不是存在)/ 4.6.2(大多数.NET Framework使用RSACng对象而不是RSACryptoServiceProvider对象快乐地工作),您可以继续使用旧的实现:
<$ p $使用(RSA rsa = new RSACryptoServiceProvider(desiredKeySizeInBits))
{
//自从之前net46加密/解密,SignData / VerifyData,SignHash / VerifyHash
/ /方法没有在RSA基类中定义,您可能需要将此强大的
//键入为RSACryptoServiceProvider。
DoStuffWithThePrivateKey(rsa);
}
短暂键(导入)
尽管RSACng通常比RSACryptoServiceProvider更容易使用,但RSACryptoServiceProvider应该在这个上下文中工作正常,所以RSA.Create()在所有平台上都很好:
($)
DoStuffWithWhateverKindOfKeyYouImported(rsa);
}
从证书:
.NET Core 1.0+,.NET Framework 4.6 +
using(RSA rsa = cert.GetRSAPublicKey())
{
DoStuffWithThePublicKey(rsa);
}
或
using(RSA rsa = cert.GetRSAPrivateKey())
{
DoStuffWithThePrivateKey(rsa);
}
.NET Framework< 4.6
//不要把它放在一个使用块中,因为所有的调用者共享对象:
RSA rsaPrivate =(RSA)cert.PrivateKey;
DoStuffWithThePrivateKey(rsaPrivate);
//不要把它放在一个使用块中,因为对象被所有的调用者共享:
RSA rsaPublicOnly =(RSA)cert.PublicKey.Key;
DoStuffWithThePublicKey(rsaPublic);
使用命名/持久键(仅限Windows)
$ b $我将要包含一些关于RSACryptoServiceProvider(WinXP + / CAPI)和RSACng(Win7 + / CNG)创建/打开命名键的示例,但这在.NET中不是一个常见的情况;它肯定不是便携式(对其他操作系统的便携性是.NET Core的更引人注目的参数之一)。
引用东西。
对于.NET Core 1.0和1.1,您可以从 System.Security.Cryptography.Algorithms 包中访问RSA基类。在.NET Core 2.0中,它将被包含在 netstandard 包参考中。
如果您需要与操作系统进行复杂的互操作,您可以参考 System.Security.Cryptography.Cng (Windows CNG), System.Security.Cryptography。 (Windows OpenSSL,MacOS OpenSSL),并且可以访问互操作性(C / C ++)(Windows CAPI / CryptoServiceProvider)或 System.Security.Cryptography.OpenSsl 启用类(RSACng,RSACryptoServiceProvider,RSAOpenSsl)。但是,真的,你不应该这样做。
RSA.Create()返回什么?
- .NET Framework:RSACryptoServiceProvider,除非由CryptoConfig更改。
- .NET Core(Windows):通过CNG实现RSA的私有类,您无法投射
- .NET Core(Linux):通过OpenSSL实现RSA的私有类,您不能将其转换为任何更具体的类型。
- .NET Core(macOS):通过OpenSSL实现RSA的私有类,您不能将其转换为任何更具体的类型。 (这应该是通过SecureTransforms在下一个版本的.NET Core)
I'm trying to encrypt and decrypt some data with RSA. I've looked up teh RSA class but I'm only seeing the abstract class https://msdn.microsoft.com/en-us/library/system.security.cryptography.rsa(v=vs.110).aspx
I've read that the RSA class in DNX5 is different from the one in .net 4.6.1 Is that a different one than what I'm seeing? If so where can I find the documentation to use that one? It also appears that RSACryptoServiceProvider is not working in .net core and I only have access to the RSA abstract class.
You should avoid using RSACryptoServiceProvider if you can. It only works on Windows (and it's the less good RSA implementation on Windows). Stick to the RSA base class, and create new instances via RSA.Create()
Ephemeral Keys (Creation)
.NET Core
using (RSA rsa = RSA.Create())
{
rsa.KeySize = desiredKeySizeInBits;
// when the key next gets used it will be created at that keysize.
DoStuffWithThePrivateKey(rsa);
}
.NET Framework
Unfortunately, the default for RSA.Create() on .NET Framework is RSACryptoServiceProvider, which doesn't respect set_KeySize. So if you need ephemeral keys you'll need to use different code on .NET Framework vs .NET Core:
using (RSA rsa = new RSACng())
{
rsa.KeySize = desiredKeySizeInBits;
DoStuffWithThePrivateKey(rsa);
}
Or, if you need to support versions earlier than 4.6 (where RSACng didn't exist) / 4.6.2 (where most of the .NET Framework worked happily with RSACng objects instead of RSACryptoServiceProvider objects) you can continue to use the older implementation:
using (RSA rsa = new RSACryptoServiceProvider(desiredKeySizeInBits))
{
// Since before net46 the Encrypt/Decrypt, SignData/VerifyData, SignHash/VerifyHash
// methods were not defined at the RSA base class, you might need to keep this strongly
// typed as RSACryptoServiceProvider.
DoStuffWithThePrivateKey(rsa);
}
Ephemeral Keys (Import)
Even though RSACng, in general, is easier to work with than RSACryptoServiceProvider, RSACryptoServiceProvider should work fine in this context, so RSA.Create() is good on all platforms:
using (RSA rsa = RSA.Create())
{
rsa.ImportParameters(rsaParameters);
DoStuffWithWhateverKindOfKeyYouImported(rsa);
}
From a certificate:
.NET Core 1.0+, .NET Framework 4.6+
using (RSA rsa = cert.GetRSAPublicKey())
{
DoStuffWithThePublicKey(rsa);
}
or
using (RSA rsa = cert.GetRSAPrivateKey())
{
DoStuffWithThePrivateKey(rsa);
}
.NET Framework < 4.6
// Do NOT put this in a using block, since the object is shared by all callers:
RSA rsaPrivate = (RSA)cert.PrivateKey;
DoStuffWithThePrivateKey(rsaPrivate);
// Do NOT put this in a using block, since the object is shared by all callers:
RSA rsaPublicOnly = (RSA)cert.PublicKey.Key;
DoStuffWithThePublicKey(rsaPublic);
Using Named/Persisted Keys (Windows-only)
I was going to include some samples about RSACryptoServiceProvider (WinXP+/CAPI) and RSACng (Win7+/CNG) creating/opening named keys, but that's not a very common scenario in .NET; and it certainly isn't portable (portability to other OSes being one of the more compelling arguments for .NET Core).
Referencing things.
For .NET Core 1.0 and 1.1, you get access to the RSA base class from the System.Security.Cryptography.Algorithms package. In .NET Core 2.0 it will be included in the netstandard package reference.
If you need to do complex interop with the OS you can reference System.Security.Cryptography.Cng (Windows CNG), System.Security.Cryptography.Csp (Windows CAPI/CryptoServiceProvider), or System.Security.Cryptography.OpenSsl (Linux OpenSSL, macOS OpenSSL) and get access to the interop-enabled classes (RSACng, RSACryptoServiceProvider, RSAOpenSsl). But, really, you shouldn't do that.
What does RSA.Create() return?
- .NET Framework: RSACryptoServiceProvider, unless changed by CryptoConfig.
- .NET Core (Windows): A private class which implements RSA via CNG, you can't cast it to any more specific type.
- .NET Core (Linux): A private class which implements RSA via OpenSSL, you can't cast it to any more specific type.
- .NET Core (macOS): A private class which implements RSA via OpenSSL, you can't cast it to any more specific type. (This should be via SecureTransforms in the next release of .NET Core)
这篇关于在.NET内核中实现RSA的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
