我正在尝试使用以下代码使用自签名证书:
I'm trying to use self-signed certificate using the following code:
X509Certificate2 cert = ToCertificate("CN=localhost"); public static X509Certificate2 ToCertificate(this string subjectName, StoreName name = StoreName.My, StoreLocation location = StoreLocation.LocalMachine ) { X509Store store = new X509Store(name, location); store.Open(OpenFlags.ReadOnly); try { var cert = store.Certificates.OfType<X509Certificate2>().FirstOrDefault(c => c.Subject.Equals(subjectName, StringComparison.OrdinalIgnoreCase)); return cert != null ? new X509Certificate2(cert) : null; } catch (Exception) { throw; } finally { store.Certificates.OfType<X509Certificate2>().ToList().ForEach(c => c.Reset()); store.Close(); } }我遇到以下异常:
PrivateKey = 'cert.PrivateKey' threw an exception of type 'System.Security.Cryptography.CryptographicException'
我尝试了此修补程序和此修复程序
但是仍然存在问题!
推荐答案davidchristiansen说:
davidchristiansen Said:
什么是CNG密钥? Windows中的证书是使用存储提供程序存储的。 Windows有两个不兼容的提供程序。简而言之,旧样式为加密服务提供商或CSP,而新样式为加密API:下一代或CNG。自Windows Vista以来,CNG提供程序就存在了,尽管它更安全,更易于使用,但许多软件仍然与CNG提供程序不兼容。这似乎还包括.NET Framework。
What is a CNG Key? Certificates in Windows are stored using Storage Providers. Windows has two of these providers, that are not compatible. The old style "Cryptographic Service Providers" or CSP in short and the new style "Cryptography API: Next Generation" or CNG. The CNG providers have been around since Windows Vista, and although it is more secure and easier to use many facets of software are still not compatible with CNG providers. This appears to also include the .NET Framework.
可能的解决方法是直接使用CryptoAPI / CNG API处理CNG密钥。但是,如果我们需要一个更简单,更纯净的.NET解决方案来理解CNG,则需要找到另一个解决方案(详细信息!)。
A possible workaround to this may be to use CryptoAPI/CNG API directly to deal with CNG keys. But if we want an easier and pure .NET solution which understands CNG, we need to find another solution (details to follow!).
我按照以下文章进行了转换,以将我的证书密钥从CNG转换为RSA。
I followed the following post to convert to convert my certificate key from CNG to RSA. It works!
http:/ /blog.davidchristiansen/2016/05/521/
来自博客的步骤:
将应用程序更改为使用刚创建的新PFX后,应该会发现您的问题已解决。
After changing your application to use the new PFX you just created, you should find that your issues have been resolved.
现在让我们看看如何使用OpenSSL执行这些步骤(从此处获取适用于Windows的OpenSSL )
Now let’s see how to carry out these steps using OpenSSL (Get OpenSSL for Windows from here)
OpenSSL pkcs12 -in yourcertificate.pfx -nokeys -out 您的证书e.cer -passin pass:myreallystrongpassword
OpenSSL pkcs12 -in "yourcertificate.pfx" -nokeys -out "yourcertificate.cer" -passin "pass:myreallystrongpassword"
OpenSSL pkcs12 -in yourcertificate.pfx -nocerts –out yourcertificate.pem -passin pass:myreallystrongpassword -passout pass:myreallystrongpassword
OpenSSL pkcs12 -in "yourcertificate.pfx" -nocerts –out "yourcertificate.pem" -passin "pass:myreallystrongpassword" -passout "pass:myreallystrongpassword"
OpenSSL rsa -inform PEM -in yourcertificate.pem -out yourcertificate.rsa -passin pass:myreallystrongpassword -passout pass:myreallystrongpassword
OpenSSL rsa -inform PEM -in "yourcertificate.pem" -out "yourcertificate.rsa" -passin "pass:myreallystrongpassword" -passout "pass:myreallystrongpassword"
OpenSSL pkcs12 -export -in yourcertificate.cer -inkey yourcertificate.rsa -out yourcertificate-converted.pfx -passin pass:myreallystrongpassword -passout pass:myreallystrongpassword
OpenSSL pkcs12 -export -in "yourcertificate.cer" -inkey "yourcertificate.rsa" -out "yourcertificate-converted.pfx" -passin "pass:myreallystrongpassword" -passout "pass:myreallystrongpassword"
更多推荐
私钥引发了System.Security.Cryptography.CryptographicException类型的异常
发布评论