[英]How to set the key size for RSAProtectedConfigurationProvider from the code
My application has a possibility to protect chosen config file. 我的应用程序有可能保护所选的配置文件。 This is done using
SectionInformation.ProtectSection
method for specified section of loaded Configuration
. 这是使用
SectionInformation.ProtectSection
方法为已加载的Configuration
指定部分完成的。 I'm using standard provider RsaProtectedConfigurationProvider
. 我正在使用标准提供程序
RsaProtectedConfigurationProvider
。
The code is quite simple - very similar to example on MSDN . 代码非常简单 - 与MSDN上的示例非常相似。
Is there any way to set the key size that should be used by provider? 有没有办法设置提供商应该使用的密钥大小? As I know, the default one for RSA is 1024. I need to set it up to 2048 or bigger.
据我所知,RSA的默认值是1024.我需要将其设置为2048或更大。
The similar can be done using command line option -size when we use asp_regiis.exe . 当我们使用asp_regiis.exe时,可以使用命令行选项-size完成类似的操作。 But I need to do it from the code.
但我需要从代码中做到这一点。 Maybe there is any way to configure
RsaProtectedConfigurationProvider
or pre-create key and inject it somehow to the default key store so next using of SectionInformation.ProtectSection
will catch up it... 也许有任何方法可以配置
RsaProtectedConfigurationProvider
或预创建密钥并以某种方式将其注入默认密钥存储区,因此接下来使用SectionInformation.ProtectSection
将会赶上它...
Thanks for any advice or examples. 感谢您的任何建议或示例。
RSAProtectedConfigurationProvider
provides two different methods. RSAProtectedConfigurationProvider
提供了两种不同的方法。 One called AddKey
can be used to create a key inside the container. 一个名为
AddKey
可用于在容器内创建一个键。 If you mark the key as exportable you can use ExportKey
method later to grab that key and store it somewhere else. 如果将密钥标记为可导出,则可以稍后使用
ExportKey
方法获取该密钥并将其存储在其他位置。
If you already have an existing key, you may be able to use the ImportKey
method. 如果您已有现有密钥,则可以使用
ImportKey
方法。 It will accept an XML blob much like the one that comes out of ExportKey
. 它将接受一个XML blob,就像
ExportKey
。
RsaProtectedConfigurationProvider
uses a default container name of NetFrameworkConfigurationKey if one isn't provided. 如果未提供,则
RsaProtectedConfigurationProvider
使用默认容器名称NetFrameworkConfigurationKey 。 So, if you pre-create your key and add it to that container, then the provider should pick it up when you use it. 因此,如果您预先创建密钥并将其添加到该容器中,则提供程序应在您使用它时将其取出。
// Same properties as .NET uses to load the key
CspParameters csp = new CspParameters();
csp.KeyContainerName = "NetFrameworkConfigurationKey";
csp.KeyNumber = 1;
csp.ProviderType = 1;
// Create the new key, and save it in the key store
rsa = new RSACryptoServiceProvider(2048, csp);
rsa.PersistKeyInCsp = true;
rsa.Clear();
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.