堆栈内存溢出
  简体   繁体   English

写入/格式化受保护的USB闪存盘或USB令牌

[英]Write/format protected USB flash disk or USB token

 原文  2014-10-24 11:10:55       c#/ security/ certificate/ token/ disk

问题描述

I'm developing C# .NET application that will use certificates for signing data to be sent with private key, and verify signature with public key at receiver side. 我正在开发C#.NET应用程序,该应用程序将使用证书对要通过私钥发送的数据进行签名,并在接收方使用公钥验证签名。 I'm delivering *.p12 (PKCS #12 format) files to users in USB flash disk, but want to prevent users formatting or writing to it. 我正在向USB闪存盘中的用户提供* .p12(PKCS#12格式)文件,但希望阻止用户对其进行格式化或写入。 Is there any way to do this? 有什么办法吗?

Some advise me using USB token, but I don't have any experience with it. 有人建议我使用USB令牌,但我对此没有任何经验。 Is it possible to store *.p12 files in USB token or they contain only some certificate types? 是否可以将* .p12文件存储在USB令牌中,或者它们仅包含某些证书类型?

If none of above suitable for this, please advise me some better ways. 如果以上都不适合,请告诉我一些更好的方法。

1 个解决方案

解决方案1
 1 已采纳  2014-10-25 07:51:01

The problem with flash disks is not that the user can write to them but that the secret information (a private key) can be copied from it. 闪存盘的问题不是用户可以对其进行写入,而是可以从中复制秘密信息(私钥)。 USB cryptotokens in opposite let you use the key but not copy it. 相反的USB加密令牌使您可以使用密钥,但不能复制它。

USB cryptotokens don't store "files" (though some of them let you store "application data" of different size). USB加密令牌不存储“文件”(尽管其中一些可以让您存储不同大小的“应用程序数据”)。 They store certificates, public keys, private keys and symmetric (secret) keys. 它们存储证书,公钥,私钥和对称(秘密)密钥。 PKCS#12 file is a collection of certificates and associated private keys, so you can use a USB token to store contents of the PKCS#12 file in the USB token. PKCS#12文件是证书和关联的私钥的集合,因此您可以使用USB令牌在USB令牌中存储PKCS#12文件的内容

If you want to let users copy and distribute the keys for whatever reason (eg. to install the certificate with a key to Windows certificate storage), then USB cryptotoken won't work for your task well (while it's possible to use it as a flash disk, that would be overkill). 如果您想让用户出于任何原因复制和分发密钥(例如,将证书与密钥一起安装到Windows证书存储中),则USB cryptotoken无法很好地完成您的任务(虽然可以将其用作密钥)闪存盘,那会太过分了)。

As for write-protecting the USB flash disk - yes, on controller level those devices can be set as read-only, but I am not sure that this is doable from C#. 至于对USB闪存盘的写保护-是的,在控制器级别,可以将这些设备设置为只读,但是我不确定这在C#中是否可行。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 读取USB闪存盘问题 - Reading USB flash disk issue 将USB驱动器格式化为CDFS - Format USB drive as CDFS 在Windows服务中禁用特定的USB磁盘 - disable specific usb disk in windows service 在USB大容量存储上写入权限 - Write permission on usb mass storage 在USB,C#上读/写 - Read/Write on USB, C# 无法写入USB HID设备 - Unable to Write to a USB HID device 如何获取 U 盘的路径 - How to get the path for a usb flash drive 识别USB flash驱动器在C# - Identify USB flash drive in C# 使用 iTextSharp 5.3.3 和 USB 令牌签署 PDF - Sign PDF with iTextSharp 5.3.3 and USB token 从 USB Token 生成 XAdES in c# - Generating XAdES from USB Token in c#
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM