Azure WorkerRole:证书密钥在指定状态下无效
System.Security.Cryptography.CryptographyException:密钥对无效 在指定状态下使用 在 系统。安全。加密。加密异常。ThrowCryptographicException(Int32 hr)在System.Security.Cryptography.Utils.\u导出密钥(SafeKeyHandle hKey,Int32 blobType,对象(对象)位于 System.Security.Cryptography.RSACryptoServiceProvider.ExportParameters(布尔值) 包括专用参数)在 System.Security.Cryptography.RSA.ToXmlString(布尔值) 包括专用参数) 现在,我相信会发生这种情况,因为当Azure将证书添加到我的WorkerRole部署时,它不会安装带有“将此密钥标记为可导出”选项的证书 我需要向我的workerrole中添加一个证书才能解密加密设置 任何人对我如何使Azure将证书私钥标记为可导出有任何想法。或者这可能是另一个问题 启动:Azure WorkerRole:证书密钥在指定状态下无效,azure,Azure,System.Security.Cryptography.CryptographyException:密钥对无效 在指定状态下使用 在 系统。安全。加密。加密异常。ThrowCryptographicException(Int32 hr)在System.Security.Cryptography.Utils.\u导出密钥(SafeKeyHandle hKey,Int32 blobType,对象(对象)位于 System.Security.Cryptography.RSACryptoService
try{
var conn = System.Text.UTF8Encoding.UTF8.GetString(Decrypt(Convert.FromBase64String(setting), true, cert));
}catch(Exception ex)
{
Trace.TraceError(ex.ToString());
}
方法:
public static X509Certificate2 LoadCertificate(StoreName storeName,
StoreLocation storeLocation, string tprint)
{
X509Store store = new X509Store(storeName, storeLocation);
try
{
store.Open(OpenFlags.ReadOnly);
X509Certificate2Collection certificateCollection =
store.Certificates.Find(X509FindType.FindByThumbprint,
tprint, false);
if (certificateCollection.Count > 0)
{
// We ignore if there is more than one matching cert,
// we just return the first one.
return certificateCollection[0];
}
else
{
throw new ArgumentException("Certificate not found");
}
}
finally
{
store.Close();
}
}
public static byte[] Decrypt(byte[] encryptedData, bool fOAEP,
X509Certificate2 certificate)
{
if (encryptedData == null)
{
throw new ArgumentNullException("encryptedData");
}
if (certificate == null)
{
throw new ArgumentNullException("certificate");
}
using (RSACryptoServiceProvider provider = new RSACryptoServiceProvider())
{
// Note that we use the private key to decrypt
provider.FromXmlString(GetXmlKeyPair(certificate));
return provider.Decrypt(encryptedData, fOAEP);
}
}
public static string GetXmlKeyPair(X509Certificate2 certificate)
{
if (certificate == null)
{
throw new ArgumentNullException("certificate");
}
if (!certificate.HasPrivateKey)
{
throw new ArgumentException("certificate does not have a private key");
}
else
{
return certificate.PrivateKey.ToXmlString(true);
}
}
我找到了解决办法
我的另一个问题在这里给出了答案: