从 RSACryptoServiceProvider 创建 RSA 密钥?

【问题标题】:Create RSA key from RSACryptoServiceProvider?从 RSACryptoServiceProvider 创建 RSA 密钥?
【发布时间】:2020-12-26 19:04:02
【问题描述】:

我想使用我通过 CSP 创建的密钥(我使用 Utimaco 界面“CSP 工具”), 要生成 CA 证书,我使用此代码(基于 this answer):

var csp = new CspParameters()
{
    ProviderName = "Utimaco CryptoServer CSP",
    ProviderType = 1,
    KeyContainerName = "Default Container"
};

RSACryptoServiceProvider rsaProvider = new RSACryptoServiceProvider(1024, csp);
RSAParameters myRSA = rsaProvider.ExportParameters(false);
using (RSA parent = RSA.Create(myRSA))
using (RSA rsa = RSA.Create(2048))
{
    CertificateRequest parentReq = new CertificateRequest(
        "CN=Experimental Issuing Authority",
        parent,
        HashAlgorithmName.SHA256,
        RSASignaturePadding.Pkcs1);

    parentReq.CertificateExtensions.Add(
        new X509BasicConstraintsExtension(true, false, 0, true));

    parentReq.CertificateExtensions.Add(
        new X509SubjectKeyIdentifierExtension(parentReq.PublicKey, false));

    using (X509Certificate2 parentCert = parentReq.CreateSelfSigned(
        DateTimeOffset.UtcNow.AddDays(-45),
        DateTimeOffset.UtcNow.AddDays(365)))
    {
        CertificateRequest req = new CertificateRequest(
            "CN=Valid-Looking Timestamp Authority",
            rsa,
            HashAlgorithmName.SHA256,
            RSASignaturePadding.Pkcs1);

        req.CertificateExtensions.Add(
            new X509BasicConstraintsExtension(false, false, 0, false));

        req.CertificateExtensions.Add(
            new X509KeyUsageExtension(
                System.Security.Cryptography.X509Certificates.X509KeyUsageFlags.DigitalSignature |
                System.Security.Cryptography.X509Certificates.X509KeyUsageFlags.NonRepudiation,
                false));

        req.CertificateExtensions.Add(
            new X509EnhancedKeyUsageExtension(
                new OidCollection
                {
        new Oid("1.3.6.1.5.5.7.3.8")
                },
                true));

        req.CertificateExtensions.Add(
            new X509SubjectKeyIdentifierExtension(req.PublicKey, false));

        using (X509Certificate2 cert = req.Create(
            parentCert,
            DateTimeOffset.UtcNow.AddDays(-1),
            DateTimeOffset.UtcNow.AddDays(90),
            new byte[] { 1, 2, 3, 4 }))
        {
            // Do something with these certs, like export them to PFX,
            // or add them to an X509Store, or whatever.
            X509Store store = new X509Store(StoreName.Root, StoreLocation.LocalMachine);
            store.Open(OpenFlags.ReadWrite);
            store.Add(cert);
            store.Add(parentCert);
            store.Close();

        }
    }
}

parentReq.CreateSelfSigned(..) 调用时抛出:System.Security.Cryptography.CryptographicException: 'Key does not exist.'

这是关键信息:

【问题讨论】:

    标签: c# cryptography certificate rsa cng


    【解决方案1】: 
     RSAParameters myRSA = rsaProvider.ExportParameters(false);
 using (RSA parent = RSA.Create(myRSA))

    这使得parent 只是公钥部分,这意味着它不能签署证书。

    假设您希望 CA 证书知道其私钥,只需使用 rsaProvider 而不是导出/导入到 parent。 (RSA parent = rsaProvider; 或者只是用rsaProvider 替换所有使用的parent

    【讨论】:

      猜你喜欢
      • 2021-10-24
      • 2015-01-21
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 2021-10-19
      • 2019-05-24
      • 2017-06-08
      相关资源
      最近更新 更多
      热门标签
      Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode