C# 是否从RSACryptServiceProvider创建RSA密钥？_C#_Cryptography_Certificate_Rsa_Cng

C# 是否从RSACryptServiceProvider创建RSA密钥？

c# cryptography certificate

C# 是否从RSACryptServiceProvider创建RSA密钥？,c#,cryptography,certificate,rsa,cng,C#,Cryptography,Certificate,Rsa,Cng,我想使用通过CSP创建的密钥（我使用Utimaco接口“CSP工具”），要生成CA证书，我使用以下代码（基于）：它在调用parentReq.CreateSelfSigned（..）时抛出：System.Security.Cryptography.cryptographyException:“密钥不存在”。这是关键信息：这使得parent只是公钥部分，这意味着它不能签署证书假设您想让CA证书知道其私钥，只需使用rsaProvider，而不是将其导出/导入到父级。（要么RSA paren

我想使用通过CSP创建的密钥（我使用Utimaco接口“CSP工具”），要生成CA证书，我使用以下代码（基于）：

它在调用

parentReq.CreateSelfSigned（..）

时抛出：System.Security.Cryptography.cryptographyException:“密钥不存在”。

这是关键信息：

这使得

parent

只是公钥部分，这意味着它不能签署证书

假设您想让CA证书知道其私钥，只需使用

rsaProvider

，而不是将其导出/导入到

父级

。（要么

RSA parent=rsaProvider；

要么将

parent

的所有用法替换为

rsaProvider

）

var csp = new CspParameters()
{
    ProviderName = "Utimaco CryptoServer CSP",
    ProviderType = 1,
    KeyContainerName = "Default Container"
};

RSACryptoServiceProvider rsaProvider = new RSACryptoServiceProvider(1024, csp);
RSAParameters myRSA = rsaProvider.ExportParameters(false);
using (RSA parent = RSA.Create(myRSA))
using (RSA rsa = RSA.Create(2048))
{
    CertificateRequest parentReq = new CertificateRequest(
        "CN=Experimental Issuing Authority",
        parent,
        HashAlgorithmName.SHA256,
        RSASignaturePadding.Pkcs1);

    parentReq.CertificateExtensions.Add(
        new X509BasicConstraintsExtension(true, false, 0, true));

    parentReq.CertificateExtensions.Add(
        new X509SubjectKeyIdentifierExtension(parentReq.PublicKey, false));

    using (X509Certificate2 parentCert = parentReq.CreateSelfSigned(
        DateTimeOffset.UtcNow.AddDays(-45),
        DateTimeOffset.UtcNow.AddDays(365)))
    {
        CertificateRequest req = new CertificateRequest(
            "CN=Valid-Looking Timestamp Authority",
            rsa,
            HashAlgorithmName.SHA256,
            RSASignaturePadding.Pkcs1);

        req.CertificateExtensions.Add(
            new X509BasicConstraintsExtension(false, false, 0, false));

        req.CertificateExtensions.Add(
            new X509KeyUsageExtension(
                System.Security.Cryptography.X509Certificates.X509KeyUsageFlags.DigitalSignature |
                System.Security.Cryptography.X509Certificates.X509KeyUsageFlags.NonRepudiation,
                false));

        req.CertificateExtensions.Add(
            new X509EnhancedKeyUsageExtension(
                new OidCollection
                {
        new Oid("1.3.6.1.5.5.7.3.8")
                },
                true));

        req.CertificateExtensions.Add(
            new X509SubjectKeyIdentifierExtension(req.PublicKey, false));

        using (X509Certificate2 cert = req.Create(
            parentCert,
            DateTimeOffset.UtcNow.AddDays(-1),
            DateTimeOffset.UtcNow.AddDays(90),
            new byte[] { 1, 2, 3, 4 }))
        {
            // Do something with these certs, like export them to PFX,
            // or add them to an X509Store, or whatever.
            X509Store store = new X509Store(StoreName.Root, StoreLocation.LocalMachine);
            store.Open(OpenFlags.ReadWrite);
            store.Add(cert);
            store.Add(parentCert);
            store.Close();

        }
    }
}

 RSAParameters myRSA = rsaProvider.ExportParameters(false);
 using (RSA parent = RSA.Create(myRSA))