C# 是否从RSACryptServiceProvider创建RSA密钥?
我想使用通过CSP创建的密钥(我使用Utimaco接口“CSP工具”), 要生成CA证书,我使用以下代码(基于): 它在调用C# 是否从RSACryptServiceProvider创建RSA密钥?,c#,cryptography,certificate,rsa,cng,C#,Cryptography,Certificate,Rsa,Cng,我想使用通过CSP创建的密钥(我使用Utimaco接口“CSP工具”), 要生成CA证书,我使用以下代码(基于): 它在调用parentReq.CreateSelfSigned(..)时抛出:System.Security.Cryptography.cryptographyException:“密钥不存在”。 这是关键信息: 这使得parent只是公钥部分,这意味着它不能签署证书 假设您想让CA证书知道其私钥,只需使用rsaProvider,而不是将其导出/导入到父级。(要么RSA paren
parentReq.CreateSelfSigned(..)
时抛出:System.Security.Cryptography.cryptographyException:“密钥不存在”。
这是关键信息:
这使得parent
只是公钥部分,这意味着它不能签署证书
假设您想让CA证书知道其私钥,只需使用rsaProvider
,而不是将其导出/导入到父级
。(要么RSA parent=rsaProvider;
要么将parent
的所有用法替换为rsaProvider
)
var csp = new CspParameters()
{
ProviderName = "Utimaco CryptoServer CSP",
ProviderType = 1,
KeyContainerName = "Default Container"
};
RSACryptoServiceProvider rsaProvider = new RSACryptoServiceProvider(1024, csp);
RSAParameters myRSA = rsaProvider.ExportParameters(false);
using (RSA parent = RSA.Create(myRSA))
using (RSA rsa = RSA.Create(2048))
{
CertificateRequest parentReq = new CertificateRequest(
"CN=Experimental Issuing Authority",
parent,
HashAlgorithmName.SHA256,
RSASignaturePadding.Pkcs1);
parentReq.CertificateExtensions.Add(
new X509BasicConstraintsExtension(true, false, 0, true));
parentReq.CertificateExtensions.Add(
new X509SubjectKeyIdentifierExtension(parentReq.PublicKey, false));
using (X509Certificate2 parentCert = parentReq.CreateSelfSigned(
DateTimeOffset.UtcNow.AddDays(-45),
DateTimeOffset.UtcNow.AddDays(365)))
{
CertificateRequest req = new CertificateRequest(
"CN=Valid-Looking Timestamp Authority",
rsa,
HashAlgorithmName.SHA256,
RSASignaturePadding.Pkcs1);
req.CertificateExtensions.Add(
new X509BasicConstraintsExtension(false, false, 0, false));
req.CertificateExtensions.Add(
new X509KeyUsageExtension(
System.Security.Cryptography.X509Certificates.X509KeyUsageFlags.DigitalSignature |
System.Security.Cryptography.X509Certificates.X509KeyUsageFlags.NonRepudiation,
false));
req.CertificateExtensions.Add(
new X509EnhancedKeyUsageExtension(
new OidCollection
{
new Oid("1.3.6.1.5.5.7.3.8")
},
true));
req.CertificateExtensions.Add(
new X509SubjectKeyIdentifierExtension(req.PublicKey, false));
using (X509Certificate2 cert = req.Create(
parentCert,
DateTimeOffset.UtcNow.AddDays(-1),
DateTimeOffset.UtcNow.AddDays(90),
new byte[] { 1, 2, 3, 4 }))
{
// Do something with these certs, like export them to PFX,
// or add them to an X509Store, or whatever.
X509Store store = new X509Store(StoreName.Root, StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadWrite);
store.Add(cert);
store.Add(parentCert);
store.Close();
}
}
}
RSAParameters myRSA = rsaProvider.ExportParameters(false);
using (RSA parent = RSA.Create(myRSA))