C# C WCF Soap符号Sha256“密钥集不存在”
我调用一个需要WSS的web服务。 时间戳和正文块应该由数字签名签名,我使用USB令牌 我使用AsymmetricSecurityBindingElement来完成这项工作 如果使用DefaultAlgorithmSuite,则签名请求消息可以完美地工作。 但当CustomDefaultAlgorithmSuite类将DefaultAsymmetricSignatureAlgorithm更改为RSASA256Signature时,它会抛出 加密异常:第行不存在密钥集:durum response=proxy.getBatchStatus1 堆栈跟踪: konum:System.Security.Cryptography.Utils.CreateProvHandleCspParameters参数,布尔随机密钥容器 konum:System.Security.Cryptography.Utils.GetKeyPairherPercsPalgorithType keyType、CspParameters参数、Boolean randomKeyContainer、Int32 dwKeySize、SafeProvHandle和SafeProvHandle、SafeKeyHandle和SafeKeyHandle konum:System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair konum:System.Security.Cryptography.RSACryptoServiceProvider..ctorInt32 dwKeySize,CspParameters参数,Boolean useDefaultKeySize konum:System.IdentityModel.Tokens.X509AsymmetricSecurityKey.GetSignatureFormatterString算法 konum:System.IdentityModel.SignedXml.ComputeSignaturesSecurity密钥签名密钥 konum:System.ServiceModel.Security.WSSecurityOneDotZeroSendSecurityHeader.CompletePrimarySignatureRecresendSecurityHeaderElement[]signatureConfirmations,SecurityToken[]SignedOnDorsingTokens,SecurityToken[]signedTokens,SendSecurityHeaderElement[]basicTokens,布尔isPrimarySignature konum:System.ServiceModel.Security.SendSecurityHeader.CompleteSignature konum:System.ServiceModel.Security.SendSecurityHeader.CompleteSecurityApplication konum:System.ServiceModel.Security.SecurityAppliedMessage.OnWriteMessageXmlDictionaryWriter编写器 konum:System.ServiceModel.Channel.BufferedMessageWriter.WriteMessageMessageMessage消息,BufferManager BufferManager,Int32 initialOffset,Int32 maxSizeQuota konum:System.ServiceModel.Channel.TextMessageEncoderFactory.TextMessageEncoder.WriteMessageMessageMessageMessage消息,Int32 maxMessageSize,BufferManager BufferManager,Int32 messageOffset konum:System.ServiceModel.Channels.HttpOutput.SerializedBufferedMessageMessage消息,布尔值应为RecycleBuffer konum:System.ServiceModel.Channel.HttpOutput.SendTimeSpan超时 konum:System.ServiceModel.Channel.HttpChannelFactory1.HttpRequestChannel.HttpChannelRequest.SendRequestMessage消息,TimeSpan超时 konum:System.ServiceModel.Channel.RequestChannel.RequestMessage消息,TimeSpan超时 konum:System.ServiceModel.Channels.SecurityChannelFactory1.SecurityRequestChannel.RequestMessage消息,TimeSpan超时 konum:System.ServiceModel.Dispatcher.RequestChannelBinder.RequestMessage消息,TimeSpan超时 konum:System.ServiceModel.Channel.ServiceChannel.CallString操作,布尔单向,ProxyOperationRuntime操作,对象[]输入,对象[]输出,时间跨度超时 konum:System.ServiceModel.Channel.ServiceChannelProxy.InvokeServiceMethodCallMessage方法调用,ProxyOperationRuntime操作 konum:System.ServiceModel.Channels.ServiceChannelProxy.InvokeMessage消息C# C WCF Soap符号Sha256“密钥集不存在”,c#,wcf,soap,sign,C#,Wcf,Soap,Sign,我调用一个需要WSS的web服务。 时间戳和正文块应该由数字签名签名,我使用USB令牌 我使用AsymmetricSecurityBindingElement来完成这项工作 如果使用DefaultAlgorithmSuite,则签名请求消息可以完美地工作。 但当CustomDefaultAlgorithmSuite类将DefaultAsymmetricSignatureAlgorithm更改为RSASA256Signature时,它会抛出 加密异常:第行不存在密钥集:durum response
您确定已在当前用户存储中找到SERIALNUMBER=26635982214的证书吗?你没有任何检查
另外,WCF客户端在哪个用户下运行?检查您要查找的证书是否在正确的存储中。我认为您的问题在于您的私钥存储在USB令牌/智能卡上,并且此私钥不可导出/提取,或者受PIN保护。因此WCF客户端无法使用此私钥对soap消息进行签名 若您的证书和私钥存储在pfx上,那个么您可以像上面提到的那个样调用这个WS,但在您的情况下,我认为使用wcf客户端对soap消息进行签名是不可能的
X509Certificate2 certificate = null;
X509Store store = new X509Store("MY", StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
X509Certificate2Collection collection = (X509Certificate2Collection)store.Certificates;
foreach (X509Certificate2 cert in collection)
{
if (cert.Subject.Contains("SERIALNUMBER=26635982214"))
{
if (cert.NotAfter > DateTime.Today)
{
certificate = cert;
}
}
}
CustomBinding binding = new CustomBinding();
AsymmetricSecurityBindingElement securityElement = (AsymmetricSecurityBindingElement)SecurityBindingElement.CreateMutualCertificateBindingElement(MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10);
securityElement.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10;
securityElement.IncludeTimestamp = true;
securityElement.EnableUnsecuredResponse = true;
securityElement.AllowInsecureTransport = true;
securityElement.SetKeyDerivation(false);
securityElement.KeyEntropyMode = SecurityKeyEntropyMode.CombinedEntropy;
securityElement.DefaultAlgorithmSuite = new CustomDefaultAlgorithmSuite();
securityElement.SecurityHeaderLayout = System.ServiceModel.Channels.SecurityHeaderLayout.Strict;
securityElement.RequireSignatureConfirmation = false;
X509SecurityTokenParameters x509ProtectionParameters = new X509SecurityTokenParameters(X509KeyIdentifierClauseType.IssuerSerial);
x509ProtectionParameters.InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient;
x509ProtectionParameters.X509ReferenceStyle = X509KeyIdentifierClauseType.RawDataKeyIdentifier;
x509ProtectionParameters.RequireDerivedKeys = false;
securityElement.InitiatorTokenParameters = x509ProtectionParameters;
binding.Elements.Add(securityElement);
binding.Elements.Add(new TextMessageEncodingBindingElement(MessageVersion.Soap12, Encoding.UTF8));
binding.Elements.Add(new HttpsTransportBindingElement());
AddressHeader[] addressHeaders = null;
EndpointAddress endpoint = new EndpointAddress(new Uri("https://uygtest.edefter.gov.tr/edefter/services/EDefterWSPort"), EndpointIdentity.CreateDnsIdentity("*.edefter.gov.tr"), addressHeaders);
EDefterWSClient proxy = new gibService.EDefterWSClient(binding, endpoint);
proxy.ClientCredentials.ClientCertificate.Certificate = certificate;
string serverCertFilePath = Path.Combine(Application.StartupPath, "edefter.gov.tr.crt");
proxy.ClientCredentials.ServiceCertificate.DefaultCertificate = new X509Certificate2(serverCertFilePath);
proxy.ClientCredentials.ServiceCertificate.Authentication.CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.None;
durum response = proxy.getBatchStatus("1");
public class CustomDefaultAlgorithmSuite : SecurityAlgorithmSuite
{
public override string DefaultAsymmetricKeyWrapAlgorithm
{
get { return SecurityAlgorithms.RsaOaepKeyWrap; }
}
public override string DefaultAsymmetricSignatureAlgorithm
{
get { return SecurityAlgorithms.RsaSha256Signature; }
}
public override string DefaultCanonicalizationAlgorithm
{
get { return SecurityAlgorithms.ExclusiveC14n; ; }
}
public override string DefaultDigestAlgorithm
{
get { return SecurityAlgorithms.Sha1Digest; }
}
public override string DefaultEncryptionAlgorithm
{
get { return SecurityAlgorithms.Aes128Encryption; }
}
public override int DefaultEncryptionKeyDerivationLength
{
get { return 128; }
}
public override int DefaultSignatureKeyDerivationLength
{
get { return 128; }
}
public override int DefaultSymmetricKeyLength
{
get { return 128; }
}
public override string DefaultSymmetricKeyWrapAlgorithm
{
get { return SecurityAlgorithms.Aes128Encryption; }
}
public override string DefaultSymmetricSignatureAlgorithm
{
get { return SecurityAlgorithms.HmacSha1Signature; }
}
public override bool IsAsymmetricKeyLengthSupported(int length)
{
return length >= 1024 && length <= 4096;
}
public override bool IsSymmetricKeyLengthSupported(int length)
{
return length >= 128 && length <= 256;
}
}