使用 PrivateKey X.509 证书解密
我在使用 X.509 证书解密消息时遇到问题。
我使用 makecert 使用以下选项生成证书:
makecert -r -pe -n "CN=MyCertificate" -ss CA -sr CurrentUser -a sha1 -sky signature -cy authority -sv CA.pvk CA.cer
私钥是“mypassword”。
我的问题是当我想解密用 C# 中的先前证书加密的消息时。
我找到了这个类 http://blog.shutupandcode.net/?p=660,但是在 X509Decrypt 方法中,PrivateKey 始终为 null。
public static byte[] X509Decrypt(byte[] data, string certificateFile, string password)
{
// load the certificate and decrypt the specified data
using (var ss = new System.Security.SecureString())
{
foreach (var keyChar in password.ToCharArray())
ss.AppendChar(keyChar);
// load the password protected certificate file
X509Certificate2 cert = new X509Certificate2(certificateFile, ss);
using (RSACryptoServiceProvider rsa = (RSACryptoServiceProvider)cert.PrivateKey)
{
return rsa.Decrypt(data, true);
}
}
}
我尝试传递证书文件(.cer)
X509DecryptString(token, @"c:\CA.cer", "mypassword");
并传递 pvk 文件(.pvk),
X509DecryptString(token, @"c:\CA.pvk", "mypassword");
但 PrivateKey 属性始终为空。
谁能指导我使用 pvk 文件解密消息?
谢谢,
何塞
I have a problem to decrypt a message usgin X.509 Certificate.
I generate my certificate with makecert with this options:
makecert -r -pe -n "CN=MyCertificate" -ss CA -sr CurrentUser -a sha1 -sky signature -cy authority -sv CA.pvk CA.cer
And the PrivateKey was "mypassword".
My problem is when I want to decrypt a message encrypt with previous certificate in c#.
I found this class http://blog.shutupandcode.net/?p=660, but in the X509Decrypt method allways the PrivateKey is null.
public static byte[] X509Decrypt(byte[] data, string certificateFile, string password)
{
// load the certificate and decrypt the specified data
using (var ss = new System.Security.SecureString())
{
foreach (var keyChar in password.ToCharArray())
ss.AppendChar(keyChar);
// load the password protected certificate file
X509Certificate2 cert = new X509Certificate2(certificateFile, ss);
using (RSACryptoServiceProvider rsa = (RSACryptoServiceProvider)cert.PrivateKey)
{
return rsa.Decrypt(data, true);
}
}
}
I tried passing the certificate file (.cer)
X509DecryptString(token, @"c:\CA.cer", "mypassword");
And passing the pvk file (.pvk)
X509DecryptString(token, @"c:\CA.pvk", "mypassword");
But allways have that the PrivateKey property is null.
Can anyone guide me to decrypt the message using the pvk file?
Thanks,
Jose
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
证书本身只包含公钥(+一些数据),但不包含私钥。 (RSA 私钥不太可能是“mypassword”。保护私钥的密码可能是“mypassword”,但私钥本身(更具体地说是 RSA 中的私有指数)将是一个相当长的数字。)
因此(因为
CA.cer仅包含证书),X509DecryptString(token, @"c:\CA.cer", "mypassword")几乎肯定不会工作。X509DecryptString(token, @"c:\CA.pvk", "mypassword");原则上可以工作,但您要从中创建一个X509Certificate2对象,并且它仍然需要证书和私钥。您应该能够从 PKCS#12 容器 (.p12/.pfx) 加载它。要创建这个容器,您可以使用
pvk2pfx:(如果您不指定
-pfx CA.pfx,它将启动交互界面,在这种情况下您需要勾选该框以导出私钥。)然后,尝试使用该 pfx/p12 文件进行解密。
The certificate itself only contains the public key (+ some data), but not the private key. (It's very unlikely that the RSA private key is "mypassword". The password that protects your private key may be "mypassword", but the private key itself (more specifically the private exponent, in RSA) will be a rather long number.)
As a result (because
CA.ceronly contains the certificate),X509DecryptString(token, @"c:\CA.cer", "mypassword")will almost certainly not work.X509DecryptString(token, @"c:\CA.pvk", "mypassword");could work in principle, but you're creating aX509Certificate2object from it, and it still needs the certificate and the private key. You should be able to load that from a PKCS#12 container (.p12/.pfx).To create this container, you can use
pvk2pfx:(If you don't specify
-pfx CA.pfx, it will launch the interactive interface, in which case you need to tick the box to export the private key.)Then, try to decrypt using that pfx/p12 file instead.
我认为你应该使用“-sky Exchange”来生成公钥/私钥对。
I think you should be using "-sky exchange" to generate a public/private key pair.