使用RSACryptoServiceProvider使用过期的证书加密/解密数据没有错误
[英]No error encrypting / decrypting data with an expired certificate using RSACryptoServiceProvider
问题描述
I currently doing a proof of concept to encrypt data using a certificate. 
我目前正在做一个概念证明,以使用证书对数据进行加密。 It works well but now, I want to try a scenario when the certificate is expired. 它运作良好,但现在,我想尝试证书过期的情况。 I created an expired certificate and I was surprise to notice that everthing works property even with the expired certificate. 我创建了一个过期的证书,但令我惊讶的是,即使使用了过期的证书,一切正常。 I was expecting an error. 我期待一个错误。
Do you know if it's because it's a self signed certificate ? 您是否知道这是因为它是自签名证书?
Here's the code I using to test my case 这是我用来测试案例的代码
[TestMethod]
public void Encrypt_decrypt_with_expired_certificate()
{
//Arrange
var baseString = "This is an encryption test";
X509Certificate2 newX509Certificate2 = new X509Certificate2("d:\\testx509certExpired.pfx", "apassword");
Console.WriteLine(newX509Certificate2.NotAfter); //Show the expiration date which is in the past
var encryptor = new CertificateEncryptor(newX509Certificate2); //This class is a simple wrapper around RSACryptoServiceProvider
//Act
string encryptedResult = encryptor.Encrypt(baseString); //Exception expected because of the expired certificate but not thrown
//Assert
Console.WriteLine("Base string : {0}", baseString);
Console.WriteLine("Encrypted string : {0}", encryptedResult);
Assert.IsNotNull(encryptedResult);
//revert back
string decryptedString = encryptor.Decrypt(encryptedResult);
Console.WriteLine("Decrypted string : {0}", decryptedString);
Assert.AreEqual(baseString, decryptedString);
}
Thanks 谢谢
2 个解决方案
解决方案1
4 已采纳 2015-01-23 06:15:20
As GregS said, RSACryptoServiceProvider class (not X509Certificate2) provides an ability to perform cryptographic operations. 正如GregS所说, RSACryptoServiceProvider类(不是X509Certificate2)提供了执行加密操作的能力。 RSACryptoServiceProvider knows nothing about certificate, it knows only keys and their parameters. RSACryptoServiceProvider对证书一无所知,只知道密钥及其参数。 This is why you don't see any errors. 这就是为什么您看不到任何错误的原因。
This means that certificate validation -- is your app responsibility. 这意味着证书验证-是您的应用程序责任。 You should check certificate when encrypting data and skip all certificate checks to decrypt data. 加密数据时应检查证书,并跳过所有证书检查以解密数据。
解决方案2
0 2018-06-20 13:44:42
When attempting to access the X509Certificate2.PublicKey.Key attribute of the certificate, a CryptographicException should be thrown if the certificate is not within its validity period. 尝试访问证书的X509Certificate2.PublicKey.Key属性时,如果证书不在其有效期内,则应引发CryptographicException。
Here is how I load the public & private keys from a certificate to perform cryptographic operations: 这是我从证书加载公钥和私钥以执行加密操作的方式:
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
class Example
{
private RSACryptoServiceProvider publicKey,
privateKey;
private bool getRSAKeys(X509Certificate2 cert, StoreLocation location)
{
try
{
//This will throw a CryptographicException if the certificate is expired
publicKey = (RSACryptoServiceProvider)cert.PublicKey.Key;
privateKey = (RSACryptoServiceProvider)cert.PrivateKey;
return true;
}
catch (CryptographicException e)
{
Console.WriteLine("The certificate is expired or otherwise unusable\r\n" + e.ToString());
return false;
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.