堆栈内存溢出
  简体   繁体   English

将BouncyCastle X509证书+私钥(RSA)导入Windows证书存储

[英]Import BouncyCastle X509Certificate + Private Key (RSA) into Windows Certificate Store

 原文  2015-11-16 13:29:39       c#/ x509certificate/ bouncycastle

问题描述

I've tried about everything to import a BouncyCastle-based X509Certificate instance with the associated private key (RsaPrivateCrtKeyParameters) via a .NET X509Certificate2 + an RSACryptoServiceProvider instances and saved it into a certificate store (.NET's X509Store, My/CurrentUser). 我已经尝试通过.NET X509Certificate2 + RSACryptoServiceProvider实例导入具有关联的私钥(RsaPrivateCrtKeyParameters)的基于BouncyCastle的X509Certificate实例,并将其保存到证书存储区(.NET的X509Store,My / CurrentUser)中。

In the Certificate Store MMC snapin, it seems like there is a private key associated with the certificate, and I've verified that a new key container is created in the appropriate place on disk, but when I try to export the certificate, I get the dreaded "Note: The associated private key cannot be found. Only the certificate can be exported" message. 在证书存储MMC管理单元中,似乎有一个与证书关联的私钥,并且我已经验证了在磁盘上的适当位置创建了一个新的密钥容器,但是当我尝试导出证书时,我得到了可怕的消息“注意:找不到关联的私钥。只能导出证书”消息。

If I run certutil -user -repairstore my THUMBPRINT , I get the following error: 如果我运行certutil -user -repairstore我的THUMBPRINT则会出现以下错误:

ERROR: Certificate public key does NOT match stored keyset 错误:证书公用密钥与存储的密钥集不匹配

From the other information it spits out, I can clearly see that the public keys differ, and that the Algorithm Parameters equals "05 00" on the Certificate Public Key, but not on the Container Public Key. 从它吐出的其他信息中,我可以清楚地看到公用密钥不同,并且证书参数公用密钥的算法参数等于“ 05 00”,而不是容器公用密钥的算法参数等于“ 05 00”。

In fact, I was not aware that there was a concept of a container public key, so I'm just very confused now. 实际上,我不知道有容器公钥的概念,所以现在我很困惑。 Does anyone have some working code for doing this? 有没有人为此提供一些工作代码?

1 个解决方案

解决方案1
 1  2015-11-16 17:07:31

I found the solution in Cabadam's answer here: https://social.msdn.microsoft.com/Forums/vstudio/en-US/ad01b2eb-1890-431a-86ae-e5da0e02b5b0/cryptographicexception-key-does-not-exist-when-attempting-to-connect-to-remote-service 我在这里的Cabadam答案中找到了解决方案: https ://social.msdn.microsoft.com/Forums/vstudio/en-US/ad01b2eb-1890-431a-86ae-e5da0e02b5b0/cryptographicexception-key-does-not-exist-when 尝试连接到远程服务 

RSACryptoServiceProvider tempRcsp = (RSACryptoServiceProvider)DotNetUtilities.ToRSA((RsaPrivateCrtKeyParameters)keyPair.Private);
  RSACryptoServiceProvider rcsp = new RSACryptoServiceProvider(new CspParameters(1, "Microsoft Strong Cryptographic Provider", new Guid().ToString(), new CryptoKeySecurity(), null));
  rcsp.ImportCspBlob(tempRcsp.ExportCspBlob(true));
  dotnetCertificate2.PrivateKey = rcsp;
// Save the certificate to the X509Store

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 将私钥添加到 X509Certificate - Add Private Key to X509Certificate X509Certificate 中的公钥和私钥 - Public and private key in X509Certificate 如何在保留私钥的同时将 BouncyCastle X509Certificate 转换为 .NET Standard X509Certificate2? - How to convert BouncyCastle X509Certificate to .NET Standard X509Certificate2 while retaining the private key? 从X509Certificate对象导出私钥 - Export private key from X509Certificate object X509Certificate 获取私钥到期日期 - X509Certificate get private key expiration date Windows Phone 8上的X509Certificate2到X509Certificate - X509Certificate2 to X509Certificate on Windows Phone 8 将X509Certificate2证书转换为BouncyCastle X509Certificate - Converting X509Certificate2 certificate into BouncyCastle X509Certificate 加密X509证书公钥 - Encrypting the X509Certificate public Key 通过X509Certificate加载时,私钥证书不支持数字签名 - Private key certificate does not support digital signature when loaded via X509Certificate 如何使用自签名证书创建带有私钥的签名 x509certificate - How to create signed x509certificate with a private key using a self signed certificate
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM