Cryptography 未从容器返回RSA加密公钥?
我觉得我想做的很简单。但出于某种原因,它不想工作: 下面是一个完整的代码片段,用于测试我正在尝试执行的操作:Cryptography 未从容器返回RSA加密公钥?,cryptography,c#-2.0,rijndaelmanaged,public-key,rsacryptoserviceprovider,Cryptography,C# 2.0,Rijndaelmanaged,Public Key,Rsacryptoserviceprovider,我觉得我想做的很简单。但出于某种原因,它不想工作: 下面是一个完整的代码片段,用于测试我正在尝试执行的操作: using System; using System.Xml; using System.Security.Cryptography; using System.Security.Cryptography.Xml; namespace XmlCryptographySendingTest { class Program { static void Mai
using System;
using System.Xml;
using System.Security.Cryptography;
using System.Security.Cryptography.Xml;
namespace XmlCryptographySendingTest
{
class Program
{
static void Main(string[] args)
{
string fullKeyContainer = "fullKeyContainer";
string publicKeyContainer = "publicKeyContainer";
//create the two providers
RSACryptoServiceProvider serverRSA = GetKeyFromContainer(fullKeyContainer);
//save public and full key pairs
SaveKeyToContainer(fullKeyContainer, serverRSA.ExportParameters(true));
SaveKeyToContainer(publicKeyContainer, serverRSA.ExportParameters(false));
//get rid of them from memory
serverRSA.Clear();
serverRSA = null;
GC.Collect();
//retrieve a full server set and a private client set
serverRSA = GetKeyFromContainer(fullKeyContainer);
RSACryptoServiceProvider clientRSA = GetKeyFromContainer(publicKeyContainer);
//at this point the public key should be the same for both RSA providers
string clientPublicKey = clientRSA.ToXmlString(false);
string serverPublicKey = serverRSA.ToXmlString(false);
if (clientPublicKey.Equals(serverPublicKey))
{//they have the same public key.
// Create an XmlDocument object.
XmlDocument xmlDoc = new XmlDocument();
// Load an XML file into the XmlDocument object.
try
{
xmlDoc.PreserveWhitespace = true;
xmlDoc.Load("test.xml");
}
catch (Exception e)
{
Console.WriteLine(e.Message);
}
//we can encypt with the clientRSA using the public key
Encrypt(xmlDoc, "Fields", "DataFields", clientRSA, "test");
Console.WriteLine("Encrypted: \r\n" + xmlDoc.OuterXml);
//and should be able to decrypt with the serverRSA using the private key
Decrypt(xmlDoc, serverRSA, "test");
Console.WriteLine("Decrypted : \r\n" + xmlDoc.OuterXml);
}
else
{
Console.WriteLine("The two RSA have different public keys...");
}
Console.ReadLine();
}
private static CspParameters GetCspParameters(string containerName)
{
// Create the CspParameters object and set the key container
// name used to store the RSA key pair.
CspParameters tmpParameters = new CspParameters();
tmpParameters.Flags = CspProviderFlags.UseMachineKeyStore; //use the machine key store--this allows us to use the machine level container when applications run without a logged-in user
tmpParameters.ProviderType = 1;
tmpParameters.KeyNumber = (int)KeyNumber.Exchange;
tmpParameters.KeyContainerName = containerName;
return tmpParameters;
}
public static void SaveKeyToContainer(string containerName, RSAParameters rsaParameters)
{
CspParameters tmpParameters = GetCspParameters(containerName);
// Create a new instance of RSACryptoServiceProvider that accesses
// the key container
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(tmpParameters);
//set the key information from the text
rsa.ImportParameters(rsaParameters);
}
public static RSACryptoServiceProvider GetKeyFromContainer(string containerName)
{
// Create the CspParameters object and set the key container
// name used to store the RSA key pair.
CspParameters tmpParameters = GetCspParameters(containerName);
// Create a new instance of RSACryptoServiceProvider that accesses
// the key container.
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(tmpParameters);
return rsa;
}
public static void DeleteKeyFromContainer(string containerName)
{
// Create the CspParameters object and set the key container
// name used to store the RSA key pair.
CspParameters tmpParameters = GetCspParameters(containerName);
// Create a new instance of RSACryptoServiceProvider that accesses
// the key container.
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(tmpParameters);
// Delete the key entry in the container.
rsa.PersistKeyInCsp = false;
// Call Clear to release resources and delete the key from the container.
rsa.Clear();
}
public static void Encrypt(XmlDocument Doc, string ElementToEncrypt, string EncryptionElementID, RSA Alg, string KeyName)
{
// Check the arguments.
if (Doc == null)
throw new ArgumentNullException("Doc");
if (ElementToEncrypt == null)
throw new ArgumentNullException("ElementToEncrypt");
if (EncryptionElementID == null)
throw new ArgumentNullException("EncryptionElementID");
if (Alg == null)
throw new ArgumentNullException("Alg");
if (KeyName == null)
throw new ArgumentNullException("KeyName");
////////////////////////////////////////////////
// Find the specified element in the XmlDocument
// object and create a new XmlElemnt object.
////////////////////////////////////////////////
XmlElement elementToEncrypt = Doc.GetElementsByTagName(ElementToEncrypt)[0] as XmlElement;
// Throw an XmlException if the element was not found.
if (elementToEncrypt == null)
{
throw new XmlException("The specified element was not found");
}
RijndaelManaged sessionKey = null;
try
{
//////////////////////////////////////////////////
// Create a new instance of the EncryptedXml class
// and use it to encrypt the XmlElement with the
// a new random symmetric key.
//////////////////////////////////////////////////
// Create a 256 bit Rijndael key.
sessionKey = new RijndaelManaged();
sessionKey.KeySize = 256;
EncryptedXml eXml = new EncryptedXml();
byte[] encryptedElement = eXml.EncryptData(elementToEncrypt, sessionKey, false);
////////////////////////////////////////////////
// Construct an EncryptedData object and populate
// it with the desired encryption information.
////////////////////////////////////////////////
EncryptedData edElement = new EncryptedData();
edElement.Type = EncryptedXml.XmlEncElementUrl;
edElement.Id = EncryptionElementID;
// Create an EncryptionMethod element so that the
// receiver knows which algorithm to use for decryption.
edElement.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES256Url);
// Encrypt the session key and add it to an EncryptedKey element.
EncryptedKey ek = new EncryptedKey();
byte[] encryptedKey = EncryptedXml.EncryptKey(sessionKey.Key, Alg, false);
ek.CipherData = new CipherData(encryptedKey);
ek.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncRSA15Url);
// Create a new DataReference element
// for the KeyInfo element. This optional
// element specifies which EncryptedData
// uses this key. An XML document can have
// multiple EncryptedData elements that use
// different keys.
DataReference dRef = new DataReference();
// Specify the EncryptedData URI.
dRef.Uri = "#" + EncryptionElementID;
// Add the DataReference to the EncryptedKey.
ek.AddReference(dRef);
// Add the encrypted key to the
// EncryptedData object.
edElement.KeyInfo.AddClause(new KeyInfoEncryptedKey(ek));
// Set the KeyInfo element to specify the
// name of the RSA key.
// Create a new KeyInfoName element.
KeyInfoName kin = new KeyInfoName();
// Specify a name for the key.
kin.Value = KeyName;
// Add the KeyInfoName element to the
// EncryptedKey object.
ek.KeyInfo.AddClause(kin);
// Add the encrypted element data to the
// EncryptedData object.
edElement.CipherData.CipherValue = encryptedElement;
////////////////////////////////////////////////////
// Replace the element from the original XmlDocument
// object with the EncryptedData element.
////////////////////////////////////////////////////
EncryptedXml.ReplaceElement(elementToEncrypt, edElement, false);
}
catch (Exception e)
{
// re-throw the exception.
throw e;
}
finally
{
if (sessionKey != null)
{
sessionKey.Clear();
}
}
}
public static void Decrypt(XmlDocument Doc, RSA Alg, string KeyName)
{
// Check the arguments.
if (Doc == null)
throw new ArgumentNullException("Doc");
if (Alg == null)
throw new ArgumentNullException("Alg");
if (KeyName == null)
throw new ArgumentNullException("KeyName");
// Create a new EncryptedXml object.
EncryptedXml exml = new EncryptedXml(Doc);
// Add a key-name mapping.
// This method can only decrypt documents
// that present the specified key name.
exml.AddKeyNameMapping(KeyName, Alg);
// Decrypt the element.
exml.DecryptDocument();
}
}
}
只要我保存/获取一个同时具有私钥和公钥的RSACryptServiceProvider,这似乎工作正常。一旦我用一个公钥保存了一个rsacyptoserviceprovider,下一次尝试检索它时,我得到的只是一个新的和不同的rsacyptoserviceprovider
正如你所想象的,你不能用一组密钥加密某些东西,然后用一组全新的密钥解密
你知道为什么会这样吗?或者正确的存储方式是什么?我的理解是,您在SaveKeyToContainer中调用ImportParameters不会影响存储中的密钥。SaveKeyToContainer的实现是使用存储中的密钥初始化RSACryptoServiceProvider的实例(当容器不存在时生成新的密钥对),然后导入参数,这会影响实例而不是存储 稍后检索publicKeyContainer时,将为您提供在尝试保存它时生成的新密钥对,而不是导入的公共片段
抱歉,我无法帮助您了解有关使用加密API将密钥导入存储的任何详细信息。我相信商店只支持密钥对,也就是说,不希望只导入公钥。有关.NET加密类的文档非常差 我一直在为同一个问题绞尽脑汁,并得出了相同的结论,尽管文件中没有明确说明 当您创建RSA提供程序的实例时,您将获得一个新的密钥对。 如果提供参数对象并命名密钥容器,则新密钥对将存储在其中 如果导入公钥,它不会被持久化 丹我有 我现在几乎可以肯定密钥容器不能用于存储公钥。它们的主要用途似乎是存储密钥对。密钥容器只存储最初生成的密钥,导入
PublicOnly
密钥只会影响实例,而不会影响存储
《NET开发人员指南》的“如何:在密钥容器中存储非对称密钥”页面指出
如果需要存储私钥,则应使用密钥容器
。。。这是我通过MSDN所能找到的最清晰的声明
我使用的替代机制是将密钥存储在一个XML文件中(因为它是一个公钥,所以它是否容易被看到并不重要),使用文件系统访问规则设置权限以防止不必要的修改 是否正确:一旦我仅使用私钥保存RSACryptServiceProvider,您的意思是,一旦我仅使用公钥保存RSACryptServiceProvider,您可以设置一个属性来确定实例是否在存储中持续存在。我的印象是,如果将此设置为持续,那么您对RSA密钥所做的更改也会保留在密钥存储中?可以安全地假设我的答案不准确,并且在调用ImportParameters时,PersistKeyInCsp应该完全这样做。我想知道您是否尝试过使用Export/ImportCspBlob或to/FromXmlString方法。您知道公钥的模数和指数在哪里不再与serverKey和clientKey(RSA参数)匹配吗?有没有可能在mono上测试代码?