C# 上的证书加密/解密错误
以下命令用于创建名为 myalias.p12 的密钥库并导出名为 myalias2.cer 的证书。
Java Keytool 是一个密钥和证书管理实用程序。它允许用户管理自己的公钥/私钥对和证书。
E:\>keytool -genkeypair -keyalg RSA -keysize 2048 -sigalg SHA1withRSA -validity 36000 -alias myalias2 -keystore myalias.p12 -storetype pkcs12 -dname "cn=www.myalias.com, ou=myalias2, o=myalias2, l=tp, st=tp, c=tw" -storepass 123456 -keypass 123456
E:\>keytool -export -alias myalias2 -keystore myalias.p12 -storetype pkcs12 -rfc -file myalias2.cer -storepass 123456
加密:
string input="hello";
X509Certificate2 myCertificate = GetCertFromCerFile("e:\\myalias2.cer");
RSACryptoServiceProvider provider1 = (RSACryptoServiceProvider)myCertificate.PublicKey.Key;
byte[] buffer1 = Encoding.UTF8.GetBytes(input);
byte[] result = provider1.Encrypt(buffer1, false);
string data= Convert.ToBase64String(result);
解密:
44. RSACryptoServiceProvider provider2 = (RSACryptoServiceProvider)myCertificate.PrivateKey;
45. byte[] buffer2 = Convert.FromBase64String(data);
46. byte[] result2 = provider2.Decrypt(buffer2, false); // <-- error here
47. String decryptedMessage = Encoding.UTF8.GetString(result2);
可以正常进行加密操作。但是,我在第 46 行(执行解密)中发现了一些错误:
类型的第一次机会异常 '系统.NullReferenceException' 发生在 CertTest.exe 线程 '' (0xcc8) 已退出 代码为 0 (0x0)。在 CertTest.Program.Decrypt(字符串数据) 在 D:\ vsworkspace \ CertTest \ CertTest \ Program.cs:行 46 于 CertTest.Program.Main(String[] args) 在 D:\ vsworkspace \ CertTest \ CertTest \ Program.cs:行 29
有人有想法吗?因为我不知道如何解决这个问题。 非常感谢!
The following command is use to make a keystore called myalias.p12 and export a certificate called myalias2.cer.
Java Keytool is a key and certificate management utility. It allows users to manage their own public/private key pairs and certificates.
E:\>keytool -genkeypair -keyalg RSA -keysize 2048 -sigalg SHA1withRSA -validity 36000 -alias myalias2 -keystore myalias.p12 -storetype pkcs12 -dname "cn=www.myalias.com, ou=myalias2, o=myalias2, l=tp, st=tp, c=tw" -storepass 123456 -keypass 123456
E:\>keytool -export -alias myalias2 -keystore myalias.p12 -storetype pkcs12 -rfc -file myalias2.cer -storepass 123456
Encryption:
string input="hello";
X509Certificate2 myCertificate = GetCertFromCerFile("e:\\myalias2.cer");
RSACryptoServiceProvider provider1 = (RSACryptoServiceProvider)myCertificate.PublicKey.Key;
byte[] buffer1 = Encoding.UTF8.GetBytes(input);
byte[] result = provider1.Encrypt(buffer1, false);
string data= Convert.ToBase64String(result);
Decryption:
44. RSACryptoServiceProvider provider2 = (RSACryptoServiceProvider)myCertificate.PrivateKey;
45. byte[] buffer2 = Convert.FromBase64String(data);
46. byte[] result2 = provider2.Decrypt(buffer2, false); // <-- error here
47. String decryptedMessage = Encoding.UTF8.GetString(result2);
It can normally perform the encryption operations. But, I found some errors on Line 46, (performing the decryption):
A first chance exception of type
'System.NullReferenceException'
occurred in CertTest.exe The thread
'' (0xcc8) has exited
with code 0 (0x0). at
CertTest.Program.Decrypt(String data)
in
D:\vsworkspace\CertTest\CertTest\Program.cs:line
46 at
CertTest.Program.Main(String[] args)
in
D:\vsworkspace\CertTest\CertTest\Program.cs:line
29
Anyone have Idea? Because I don't know how to solve this problem.
Thanks very much!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您收到的 NullReferenceException 是因为 PrivateKey 为 null。这是因为 .cer 文件仅包含一个 .X509 证书,其中仅包含公钥。
在这种情况下,这意味着您只能使用证书加密数据。为了解密它,您需要私钥。
您可以使用 .p12(或 .pfx)文件访问私钥。此 PKCS#12 文件(通常)包括私钥(受密码保护)和证书。
有多个 X509Certificate[2] 构造函数将接受密码并自动解密私钥。从 .p12 文件加载后,您的代码将收到一个有效的(非空)RSACryptoServiceProvider 实例,您将能够解密数据。
顺便说一句,您不应该使用 RSA 以这种方式加密字符串(或数据):-)
有关更多详细信息,请阅读 http://pages.infinit.net/ctech/20031101-0151.html
The NullReferenceException you're getting is because PrivateKey is null. This is because .cer files only includes a single .X509 certificate, which only includes the public key.
In this case that means you can only encrypt data using the certificate. In order to decrypt it you'll need the private key.
You can get access to the private key using the .p12 (or .pfx) file. This PKCS#12 file includes (in general) both the private key (password protected) and the certificate(s).
There are several X509Certificate[2] constructor that will accept a password and automatically decrypt the private key. Once loaded from the .p12 file your code will receive a valid (non-null) RSACryptoServiceProvider instance and you'll be able to decrypt the data.
BTW you should not encrypt string (or data) this way using RSA :-)
For more details read http://pages.infinit.net/ctech/20031101-0151.html