仅在 Windows 2003 Server 上指定的算法无效
我正在使用以下方法解码文件:
string outFileName = zfoFileName.Replace(".zfo", "_tmp.zfo");
FileStream inFile = null;
FileStream outFile = null;
inFile = File.Open(zfoFileName, FileMode.Open);
outFile = File.Create(outFileName);
LargeCMS.CMS cms = new LargeCMS.CMS();
cms.Decode(inFile, outFile);
这在我的 Win 7 开发计算机上工作正常,但在 Windows 2003 服务器生产计算机上它失败并出现以下异常:
Exception: System.Exception: CryptMsgUpdate error #-2146893816 --- > System.ComponentModel.Win32Exception:指定的算法无效 --- 内部异常堆栈跟踪结束 --- at LargeCMS.CMS.Decode(FileStream inFile, FileStream outFile)
以下是我调用的类,如果需要的话,我会调用它们来进行解码可以上传一个示例文件进行解码,奇怪的是它在 Win 7 上工作,而不在 Win2k3 服务器上工作:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.IO;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using System.Runtime.InteropServices;
using System.ComponentModel;
namespace LargeCMS
{
class CMS
{
// File stream to use in callback function
private FileStream m_callbackFile;
// Streaming callback function for encoding
private Boolean StreamOutputCallback(IntPtr pvArg, IntPtr pbData, int cbData, Boolean fFinal)
{
// Write all bytes to encoded file
Byte[] bytes = new Byte[cbData];
Marshal.Copy(pbData, bytes, 0, cbData);
m_callbackFile.Write(bytes, 0, cbData);
if (fFinal)
{
// This is the last piece. Close the file
m_callbackFile.Flush();
m_callbackFile.Close();
m_callbackFile = null;
}
return true;
}
// Decode CMS with streaming to support large data
public void Decode(FileStream inFile, FileStream outFile)
{
// Variables
Win32.CMSG_STREAM_INFO StreamInfo;
Win32.CERT_CONTEXT SignerCertContext;
BinaryReader stream = null;
GCHandle gchandle = new GCHandle();
IntPtr hMsg = IntPtr.Zero;
IntPtr pSignerCertInfo = IntPtr.Zero;
IntPtr pSignerCertContext = IntPtr.Zero;
IntPtr pbPtr = IntPtr.Zero;
IntPtr hStore = IntPtr.Zero;
Byte[] pbData;
Boolean bResult = false;
int dwFileSize;
int dwRemaining;
int dwSize;
int cbSignerCertInfo;
try
{
// Get data to decode
dwFileSize = (int)inFile.Length;
stream = new BinaryReader(inFile);
pbData = stream.ReadBytes(dwFileSize);
// Prepare stream for decoded info
m_callbackFile = outFile;
// Populate Stream Info struct
StreamInfo = new Win32.CMSG_STREAM_INFO();
StreamInfo.cbContent = dwFileSize;
StreamInfo.pfnStreamOutput = new Win32.StreamOutputCallbackDelegate(StreamOutputCallback);
// Open message to decode
hMsg = Win32.CryptMsgOpenToDecode(
Win32.X509_ASN_ENCODING | Win32.PKCS_7_ASN_ENCODING,
0,
0,
IntPtr.Zero,
IntPtr.Zero,
ref StreamInfo
);
if (hMsg.Equals(IntPtr.Zero))
{
throw new Exception("CryptMsgOpenToDecode error #" + Marshal.GetLastWin32Error().ToString(), new Win32Exception(Marshal.GetLastWin32Error()));
}
// Process the whole message
gchandle = GCHandle.Alloc(pbData, GCHandleType.Pinned);
pbPtr = gchandle.AddrOfPinnedObject();
dwRemaining = dwFileSize;
dwSize = (dwFileSize < 1024 * 1000 * 100) ? dwFileSize : 1024 * 1000 * 100;
while (dwRemaining > 0)
{
// Update message piece by piece
bResult = Win32.CryptMsgUpdate(
hMsg,
pbPtr,
dwSize,
(dwRemaining <= dwSize) ? true : false
);
if (!bResult)
{
throw new Exception("CryptMsgUpdate error #" + Marshal.GetLastWin32Error().ToString(), new Win32Exception(Marshal.GetLastWin32Error()));
}
// Move to the next piece
pbPtr = new IntPtr(pbPtr.ToInt64() + dwSize);
dwRemaining -= dwSize;
if (dwRemaining < dwSize)
{
dwSize = dwRemaining;
}
}
// Get signer certificate info
cbSignerCertInfo = 0;
bResult = Win32.CryptMsgGetParam(
hMsg,
Win32.CMSG_SIGNER_CERT_INFO_PARAM,
0,
IntPtr.Zero,
ref cbSignerCertInfo
);
if (!bResult)
{
throw new Exception("CryptMsgGetParam error #" + Marshal.GetLastWin32Error().ToString(), new Win32Exception(Marshal.GetLastWin32Error()));
}
pSignerCertInfo = Marshal.AllocHGlobal(cbSignerCertInfo);
bResult = Win32.CryptMsgGetParam(
hMsg,
Win32.CMSG_SIGNER_CERT_INFO_PARAM,
0,
pSignerCertInfo,
ref cbSignerCertInfo
);
if (!bResult)
{
throw new Exception("CryptMsgGetParam error #" + Marshal.GetLastWin32Error().ToString(), new Win32Exception(Marshal.GetLastWin32Error()));
}
// Open a cert store in memory with the certs from the message
hStore = Win32.CertOpenStore(
Win32.CERT_STORE_PROV_MSG,
Win32.X509_ASN_ENCODING | Win32.PKCS_7_ASN_ENCODING,
IntPtr.Zero,
0,
hMsg
);
if (hStore.Equals(IntPtr.Zero))
{
throw new Exception("CertOpenStore error #" + Marshal.GetLastWin32Error().ToString(), new Win32Exception(Marshal.GetLastWin32Error()));
}
// Find the signer's cert in the store
pSignerCertContext = Win32.CertGetSubjectCertificateFromStore(
hStore,
Win32.X509_ASN_ENCODING | Win32.PKCS_7_ASN_ENCODING,
pSignerCertInfo
);
if (pSignerCertContext.Equals(IntPtr.Zero))
{
throw new Exception("CertGetSubjectCertificateFromStore error #" + Marshal.GetLastWin32Error().ToString(), new Win32Exception(Marshal.GetLastWin32Error()));
}
// Set message for verifying
SignerCertContext = (Win32.CERT_CONTEXT)Marshal.PtrToStructure(pSignerCertContext, typeof(Win32.CERT_CONTEXT));
bResult = Win32.CryptMsgControl(
hMsg,
0,
Win32.CMSG_CTRL_VERIFY_SIGNATURE,
SignerCertContext.pCertInfo
);
if (!bResult)
{
throw new Exception("CryptMsgControl error #" + Marshal.GetLastWin32Error().ToString(), new Win32Exception(Marshal.GetLastWin32Error()));
}
}
finally
{
// Clean up
if (gchandle.IsAllocated)
{
gchandle.Free();
}
if (!pSignerCertContext.Equals(IntPtr.Zero))
{
Win32.CertFreeCertificateContext(pSignerCertContext);
}
if (!pSignerCertInfo.Equals(IntPtr.Zero))
{
Marshal.FreeHGlobal(pSignerCertInfo);
}
if (!hStore.Equals(IntPtr.Zero))
{
Win32.CertCloseStore(hStore, Win32.CERT_CLOSE_STORE_FORCE_FLAG);
}
if (stream != null)
{
stream.Close();
}
if (m_callbackFile != null)
{
m_callbackFile.Close();
}
if (!hMsg.Equals(IntPtr.Zero))
{
Win32.CryptMsgClose(hMsg);
}
}
}
}
}
并且
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Runtime.InteropServices;
using System.Security.Cryptography.X509Certificates;
using System.ComponentModel;
using System.Security.Cryptography;
namespace LargeCMS
{
class Win32
{
#region "CONSTS"
public const int X509_ASN_ENCODING = 0x00000001;
public const int PKCS_7_ASN_ENCODING = 0x00010000;
public const int CMSG_SIGNED = 2;
public const int CMSG_DETACHED_FLAG = 0x00000004;
public const int AT_KEYEXCHANGE = 1;
public const int AT_SIGNATURE = 2;
public const String szOID_OIWSEC_sha1 = "1.3.14.3.2.26";
public const int CMSG_CTRL_VERIFY_SIGNATURE = 1;
public const int CMSG_CERT_PARAM = 12;
public const int CMSG_SIGNER_CERT_INFO_PARAM = 7;
public const int CERT_STORE_PROV_MSG = 1;
public const int CERT_CLOSE_STORE_FORCE_FLAG = 1;
#endregion
#region "STRUCTS"
[StructLayout(LayoutKind.Sequential)]
public struct CRYPT_ALGORITHM_IDENTIFIER
{
public String pszObjId;
BLOB Parameters;
}
[StructLayout(LayoutKind.Sequential)]
public struct CERT_ID
{
public int dwIdChoice;
public BLOB IssuerSerialNumberOrKeyIdOrHashId;
}
[StructLayout(LayoutKind.Sequential)]
public struct CMSG_SIGNER_ENCODE_INFO
{
public int cbSize;
public IntPtr pCertInfo;
public IntPtr hCryptProvOrhNCryptKey;
public int dwKeySpec;
public CRYPT_ALGORITHM_IDENTIFIER HashAlgorithm;
public IntPtr pvHashAuxInfo;
public int cAuthAttr;
public IntPtr rgAuthAttr;
public int cUnauthAttr;
public IntPtr rgUnauthAttr;
public CERT_ID SignerId;
public CRYPT_ALGORITHM_IDENTIFIER HashEncryptionAlgorithm;
public IntPtr pvHashEncryptionAuxInfo;
}
[StructLayout(LayoutKind.Sequential)]
public struct CERT_CONTEXT
{
public int dwCertEncodingType;
public IntPtr pbCertEncoded;
public int cbCertEncoded;
public IntPtr pCertInfo;
public IntPtr hCertStore;
}
[StructLayout(LayoutKind.Sequential)]
public struct BLOB
{
public int cbData;
public IntPtr pbData;
}
[StructLayout(LayoutKind.Sequential)]
public struct CMSG_SIGNED_ENCODE_INFO
{
public int cbSize;
public int cSigners;
public IntPtr rgSigners;
public int cCertEncoded;
public IntPtr rgCertEncoded;
public int cCrlEncoded;
public IntPtr rgCrlEncoded;
public int cAttrCertEncoded;
public IntPtr rgAttrCertEncoded;
}
[StructLayout(LayoutKind.Sequential)]
public struct CMSG_STREAM_INFO
{
public int cbContent;
public StreamOutputCallbackDelegate pfnStreamOutput;
public IntPtr pvArg;
}
#endregion
#region "DELEGATES"
public delegate Boolean StreamOutputCallbackDelegate(IntPtr pvArg, IntPtr pbData, int cbData, Boolean fFinal);
#endregion
#region "API"
[DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
public static extern Boolean CryptAcquireContext(
ref IntPtr hProv,
String pszContainer,
String pszProvider,
int dwProvType,
int dwFlags
);
[DllImport("Crypt32.dll", SetLastError = true)]
public static extern IntPtr CryptMsgOpenToEncode(
int dwMsgEncodingType,
int dwFlags,
int dwMsgType,
ref CMSG_SIGNED_ENCODE_INFO pvMsgEncodeInfo,
String pszInnerContentObjID,
ref CMSG_STREAM_INFO pStreamInfo
);
[DllImport("Crypt32.dll", SetLastError = true)]
public static extern IntPtr CryptMsgOpenToDecode(
int dwMsgEncodingType,
int dwFlags,
int dwMsgType,
IntPtr hCryptProv,
IntPtr pRecipientInfo,
ref CMSG_STREAM_INFO pStreamInfo
);
[DllImport("Crypt32.dll", SetLastError = true)]
public static extern Boolean CryptMsgClose(
IntPtr hCryptMsg
);
[DllImport("Crypt32.dll", SetLastError = true)]
public static extern Boolean CryptMsgUpdate(
IntPtr hCryptMsg,
Byte[] pbData,
int cbData,
Boolean fFinal
);
[DllImport("Crypt32.dll", SetLastError = true)]
public static extern Boolean CryptMsgUpdate(
IntPtr hCryptMsg,
IntPtr pbData,
int cbData,
Boolean fFinal
);
[DllImport("Crypt32.dll", SetLastError = true)]
public static extern Boolean CryptMsgGetParam(
IntPtr hCryptMsg,
int dwParamType,
int dwIndex,
IntPtr pvData,
ref int pcbData
);
[DllImport("Crypt32.dll", SetLastError = true)]
public static extern Boolean CryptMsgControl(
IntPtr hCryptMsg,
int dwFlags,
int dwCtrlType,
IntPtr pvCtrlPara
);
[DllImport("advapi32.dll", SetLastError = true)]
public static extern Boolean CryptReleaseContext(
IntPtr hProv,
int dwFlags
);
[DllImport("Crypt32.dll", SetLastError = true)]
public static extern IntPtr CertCreateCertificateContext(
int dwCertEncodingType,
IntPtr pbCertEncoded,
int cbCertEncoded
);
[DllImport("Crypt32.dll", SetLastError = true)]
public static extern Boolean CertFreeCertificateContext(
IntPtr pCertContext
);
[DllImport("Crypt32.dll", SetLastError = true)]
public static extern IntPtr CertOpenStore(
int lpszStoreProvider,
int dwMsgAndCertEncodingType,
IntPtr hCryptProv,
int dwFlags,
IntPtr pvPara
);
[DllImport("Crypt32.dll", SetLastError = true)]
public static extern IntPtr CertGetSubjectCertificateFromStore(
IntPtr hCertStore,
int dwCertEncodingType,
IntPtr pCertId
);
[DllImport("Crypt32.dll", SetLastError = true)]
public static extern IntPtr CertCloseStore(
IntPtr hCertStore,
int dwFlags
);
#endregion
}
}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
您能否提供有关您的环境的更多信息。首先:Windows 2003 Server 是哪个Service Pack 的。例如,存在一个错误“Web 注册页面上的默认 Diffie-Hellman SChannel 证书选择导致错误:0x80090008 - NTE_BAD_ALGID”,该错误已在 SP3 中修复 http://support.microsoft.com/kb/324953/en。如果这不是您的问题,您应该将证书和带有测试消息的二进制文件放在网络上的某个位置,并在此处发布 URL。然后就能够重现并测试该问题。
我想,要解决您的问题(如果最后一个 Service Pack 安装在 Windows Server 2003 上),必须更改用于签署消息的证书的某些属性。
顺便说一句,我认为您的证书不使用 SHA-2 算法(SHA-256、SHA-384 和 SHA-512)。如果您确实使用此服务并安装了最后一个 Service Pack,则可能需要明确使用“Microsoft 增强型 RSA 和 AES 加密提供程序”(或“Microsoft 增强型 RSA 和 AES 加密提供程序(原型)”,因为它在 Windows 上称为“Microsoft 增强型 RSA 和 AES 加密提供程序”) XP SP3) 或 PROV_RSA_AES 或 MS_ENH_RSA_AES_PROV 而不是默认的 PROV_RSA_FULL 提供程序。 (例如,请参阅 http://blogs.msdn.com/alejacma/archive/2009/01/23/sha-2-support-on-windows-xp.aspx)
更新 1:
收到您的测试文件后,问题就更清楚了。首先是一个好消息。 您的程序工作正常!它在我的测试 Windows 2003 服务器 SP2 上运行没有任何问题。 所以我们遇到的是管理问题,而不是软件开发问题。我建议您在另一台 Windows 2003 Server 上测试该程序。在此服务器上,您可以重新安装 SP2,然后转到 Microsoft 更新并安装所有更新。
顺便说一句,您对 SHA256 或其他 SHA-2 算法没有任何问题。您在示例中使用标准 1.2.840.113549.1.1.5 sha1RSA 算法。
现在谈谈你的计划。我详细阅读了您的代码并准确理解您的工作。您会收到一条 PKCS#7 签名的消息,其中包含一个文本图块(XML 文件)。我如何理解您的示例来自http://blogs.msdn.com/alejacma/archive/2010/04/09/how-to-call-cryptmsg-api-in-streaming-mode-c.aspx 描述了解密大于 100MB 的文件时出现的问题(另请参阅 http://blogs.msdn.com/alejacma/archive/2010/03/17/asn1-value-too-large-error-when-calling -signedcms-computesignature.aspx)。如果您没有这种情况,我建议您使用 System.Security.Cryptography.Pkcs 命名空间中的 .NET 加密函数。如果您确实有大量数据,那么您当前的代码就可以。唯一可疑的地方是读取输入文件。我不读取 stream.ReadBytes() 调用。我会使用更好的内存映射文件,而不是在内存中加载一个巨大的文件。要在本机代码中执行此操作,您可以使用如下代码,
编写相应的 .NET 代码不会有问题。使用内存映射文件仅创建到文件的虚拟地址映射,只有访问数据的相应部分才会读取数据。
再说一点。您验证消息的代码部分不完整。您所要做的就是验证消息签名所用的证书。如果您使用本机CryptoAPI,则可以使用
CertGetCertificateChain()来执行此操作。只有这样您才能确定证书及其所有父证书都是有效的。您还应该根据CertVerifyCertificateChainPolicy()验证证书链是否允许使用证书来签名消息。顺便说一句,当前代码可以正常工作,不会出现错误消息,但用于签名消息的证书的颁发者是“CN=PostSignum Qualified CA, O="Ceská pošta, sp [IC 47114983]”,C=CZ",并且在您的内部消息认证不存在。例如,您可以使用 certutil.exe -dump 31602.zfo 来查看详细信息:
您可能不希望将任何签名消息解释为有效。证书的验证是强制性的。此外,在很多情况下,最好定义发行者允许签名消息作为输入的来源范围。想想这个。
更新2:您在新的331879.zfo文件中确实使用sha256RSA(1.2.840.113549.1.1.11)进行签名。尝试安装http://support.microsoft.com/kb/968730/en我喜欢的
http://thehotfixshare.net/board/index.php?showtopic= 12629&hl=968730。
它是一个经过数字签名的文件。所以我一定是安全的。为了绝对确定您可以从 Microsoft 收到此修复程序。我希望此修复能够解决您的问题。
更新 3:我对您的代码示例进行了更多思考。在我看来,要获得最佳实现,您应该将消息解码的整个代码实现为非托管(本机)代码。因此,在解码大数据期间,您不会花费任何额外的时间在本机代码和托管代码之间进行封送。您应该将此本机代码放置在 DLL 中并导出一个可以在主托管代码中使用的函数。
关于使用内存映射字段的更多评论。内存映射文件的使用是访问 Windows 中任何文件的主要优化方式,以进行读取和写入。您必须了解的一件事是内存使用情况。如果您查看任务管理器的已用内存,您会发现使用内存映射文件技术的程序可以使用非常大的内存。这根本不是问题。 该内存不是物理内存,也不是分页文件中的分页内存。虚拟地址将直接映射到您在内存中映射的文件。因此,数据分页将根据文件数据本身来完成。不需要操作系统分页文件的附加部分。该文件的 I/O 针对相应的嵌入式处理器功能进行了极大的优化和实现。
最终解决方案:因为我无法停止思考这个问题,所以我必须解决它。这是完全基于我之前写过的内容的解决方案。
public void Decode(FileStream inFile, FileStream outFile)以在解码 CryptReleaseContext 函数的关闭句柄后现在,程序可以处理使用 SHA-2 算法签名的数据(例如使用 1.2.840.113549.1.1.11 sha256RSA 签名的 331879.zfo),
我建议您不要这样做不要忘记内存映射文件。如果您使用 .NET 4.0,则可以使用新的 .NET 框架类(请参阅 http://msdn.microsoft.com/en-us/library/dd997372%28v=VS.100%29.aspx)。
Can you give more information about your environment. First of all: which Service Pack has Windows 2003 Server. There is for example a bug "Default Diffie-Hellman SChannel Certificate Selection on Web Enrollment Page Causes Error: 0x80090008 - NTE_BAD_ALGID" which are fixed in SP3 http://support.microsoft.com/kb/324953/en. If it is not your problem, you should place the certificate and a binary file with the test message somewhere on web and post URL here. Then one will be able to reproduce and test the problem.
I suppose, to fix your problem (if the last Service Pack is installed on the Windows Server 2003) one will be have to change some properties of the certificate with which the message are signed.
I don't think, by the way that you certificate use SHA-2 algorithms (SHA-256, SHA-384 and SHA-512). If you do use this one and have the last Service pack installed, then it can be needed to use explicitly "Microsoft Enhanced RSA and AES Cryptographic Provider" (or "Microsoft Enhanced RSA and AES Cryptographic Provider (Prototype)" as it's called on Windows XP SP3) or PROV_RSA_AES or MS_ENH_RSA_AES_PROV instead of default PROV_RSA_FULL provider. (see, for example, http://blogs.msdn.com/alejacma/archive/2009/01/23/sha-2-support-on-windows-xp.aspx)
Updated 1:
After receiving your test file the problem is more clear. First of all a good news. Your program works correct! It works without any problem on my test Windows 2003 server with SP2. So we have administrative problem and not a software development. I recommend you to test the program on another Windows 2003 Server. On this server you can reinstall SP2 and then go to Microsoft Updates and install all updates.
By the way you have no problems with SHA256 or other SHA-2 algorithms. You use in your example a standard 1.2.840.113549.1.1.5 sha1RSA algorithm.
Now about your program. I read detailed your code and understand exactly what you do. You receive an PKCS#7 signed message which contain a text tile (an XML file) inside. How I understand your example come from http://blogs.msdn.com/alejacma/archive/2010/04/09/how-to-call-cryptmsg-api-in-streaming-mode-c.aspx which describes problem with decrypting of files larger as 100MB (see also http://blogs.msdn.com/alejacma/archive/2010/03/17/asn1-value-too-large-error-when-calling-signedcms-computesignature.aspx). If you not have this case, I recommend you to use .NET cryptographic functions from System.Security.Cryptography.Pkcs namespace. If you do have large data, you current code is OK. The only something suspected place is reading of input file. I don't read stream.ReadBytes() call. I would be use better memory mapped files instead of loading a huge file in memory. To do this in native code you can use code like following
Writing of the corresponding .NET code would be not a problem. Using Memory Mapped Files create only a virtual address mapping to the file, data will be read only if you access to the corresponding part of data.
One more remark. The part of you code, where you verify the message is not full. What you have to do is the verifying of the certificate with which the message signed. If you use native CryptoAPI, you can do this with respect of
CertGetCertificateChain(). Only then you will be sure, that the certificate and all it's parent are valid. You should also verify with respect ofCertVerifyCertificateChainPolicy()that the certificate chain allow usage of the certificate for signing of messages.Current code by the way works without error messages, but the Issuer of the certificate with which the message are signed is "CN=PostSignum Qualified CA, O="Ceská pošta, s.p. [IC 47114983]", C=CZ" and inside your message the certificated is not exist. You can use for example
certutil.exe -dump 31602.zfoto see details:Probably you don't want interpret any signed message as valid. Verification of the certificate is mandatory. Moreover in a lot of scenarios it would be good to define the range of origins from which Issuer you want to allow a signed messages as an input. Think about this.
Updated 2: You are right in new 331879.zfo file you really use sha256RSA (1.2.840.113549.1.1.11) for signature. Try to install http://support.microsoft.com/kb/968730/en which I fond on
http://thehotfixshare.net/board/index.php?showtopic=12629&hl=968730.
It is a digitally signed file. So I it must be safe. To be absolutely sure you can receive this fix from Microsoft. I hope this fix will solve you problem.
Updated 3: I thought a little more about your code example. It seems to me, that to receive the best implementation you should implement the whole code of the message decoding as unmanaged (native) code. So you will not spend any additional time for marshaling between native and managed code during decoding of large data. This native code you should place inside a DLL and export a function which you can use inside you main managed code.
One more remark about using memory mapped filed. Usage of memory mapped filed is mostly optimized way access any file in Windows for both reading and writing. One thing which you must to know is memory usage. If you look at Task Manager for used memory you can see that a program used memory mapped file technique can use very large memory. It is not a problem at all. This memory is not a physical memory and not a paged memory from the paging file. A virtual addressed will be mapped directly to the file which you mapped in memory. So paging of data will be done with respect of the file data itself. No additional parts of the paging file of operation system are needed. This I/O from the file is much optimized and implemented with respect of corresponding embedded processor features.
End solution: Because I could not stop thinking about this problem I had to solve it. Here is the solution which full based on what I already written before.
public void Decode(FileStream inFile, FileStream outFile)to use explicitly RSA and AES Cryptographic Provider on Windows Server 2003 or XPNow the program works with data signed with SHA-2 algorithms (like 331879.zfo signed with 1.2.840.113549.1.1.11 sha256RSA)
I recommend you don't forget about memory mapped files. If you use .NET 4.0 you can use new .NET framework classes (see http://msdn.microsoft.com/en-us/library/dd997372%28v=VS.100%29.aspx).
难道是你的Win2003上没有安装你使用的CSP?我记得读过SP3之前的XP在SHA-2或其他方面存在一些问题,我认为XP和Win2003或多或少是相同的基本操作系统。
我想您可以看到以下注册表项上安装的内容
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults
也许您可以在您的计算机之间进行比较。
Could it be that the CSP you use aren't installed on your Win2003? I remember reading that XP before SP3 had some problems with SHA-2 or something, and XP and Win2003 are more or less the same basic OS I think.
I think you can see what's installed on the following registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults
Maybe you can compare between your machines.
MD5 和其他遗留/损坏的加密算法可以通过组策略禁用(美国政府使用所需)。
MD5 and other legacy/broken cryptographic algorithms can be disabled by group policy (needed for US Government use).