Bouncy Castle C#-密码保护密钥
[英]Bouncy Castle C# - Password Protect key
问题描述
I can decrypt a password protected PKCS8 DER key with the following code: 
我可以使用以下代码解密受密码保护的PKCS8 DER密钥:
MemoryStream ms = new MemoryStream(privateKey);
AsymmetricKeyParameter keyparams = Org.BouncyCastle.Security.PrivateKeyFactory.DecryptKey(password.ToCharArray(), ms);
RSAParameters rsaparams = DotNetUtilities.ToRSAParameters((RsaPrivateCrtKeyParameters)keyparams);
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
rsa.ImportParameters(rsaparams);
return rsa;
Now, I have to recreate the same type of key when it is given to me in a different format (in this example it was given to me as a PFX file). 现在,当我以不同的格式提供给我时,我必须重新创建相同类型的密钥(在此示例中,它以PFX文件的形式提供给我)。 So I have to create a password protected PKCS8 DER key from the PFX private key. 因此,我必须从PFX私钥创建一个受密码保护的PKCS8 DER密钥。 After reading the Bouncy Castle source code, I managed to find the PrivateKeyFactory.EncryptKey function, but I can't get it to work. 阅读Bouncy Castle源代码后,我设法找到PrivateKeyFactory.EncryptKey函数,但无法正常工作。 The code I have is the following: 我的代码如下:
X509Certificate2 cert = new X509Certificate2(pfx_bytes, password,X509KeyStorageFlags.Exportable);
var pkey = cert.PrivateKey;
var bcCert = DotNetUtilities.FromX509Certificate(cert);
var bcPkey = DotNetUtilities.GetKeyPair(pkey).Private;
return PrivateKeyFactory.EncryptKey(Org.BouncyCastle.Asn1.DerObjectIdentifier.Der, password.ToCharArray(), Encoding.UTF8.GetBytes(Guid.NewGuid().ToString()), 10, bcPkey);
When I run the previous code, I get the exception "System.ArgumentException : attempt to use non-PBE algorithm with PBE EncryptedPrivateKeyInfo generation". 运行前面的代码时,出现异常"System.ArgumentException :尝试将非PBE算法与PBE EncryptedPrivateKeyInfo生成一起使用”。
Google searches reveal nothing except the source code for the function, and though I've tried to follow it to find the solution I haven't been able to. Google搜索除了显示该函数的源代码外没有发现任何东西,尽管我一直尝试遵循该函数来找到我无法找到的解决方案。
Can someone please point me in the right direction as to how I could use the function to create a password protected PKCS8 DER key from a standard .net Private key? 有人可以向我指出正确的方向,如何使用该功能从标准的.net私钥创建受密码保护的PKCS8 DER密钥吗?
2 个解决方案
解决方案1
1 2013-03-17 12:15:09
The first argument to PrivateKeyFactory.EncryptKey is supposed to identify an algorithm to encrypt with. PrivateKeyFactory.EncryptKey的第一个参数应该标识用于加密的算法。 The simplest way is to give the ObjectIdentifier (OID) of a standard PBE algorithm eg PKCSObjectIdentifiers.PbeWithShaAnd3KeyTripleDesCbc instead of DerObjectIdentifier.Der . 最简单的方法是提供标准PBE算法的ObjectIdentifier(OID),例如PKCSObjectIdentifiers.PbeWithShaAnd3KeyTripleDesCbc而不是DerObjectIdentifier.Der。 You could take a look at PbeUtilities class if you want to see what other algorithms are available. 如果要查看还有哪些其他算法可用,可以看一下PbeUtilities类。
解决方案2
0 2013-11-19 14:03:13
PBE algorithms supported by PBEUtil: PBEUtil支持的PBE算法:
PBEwithMD2andDES-CBC, PBEwithMD2andRC2-CBC, PBEwithMD5andDES-CBC, PBEwithMD5andRC2-CBC, PBEwithSHA1andDES-CBC, PBEwithSHA1andRC2-CBC, PBEwithSHA-1and128bitRC4, PBEwithSHA-1and40bitRC4, PBEwithSHA-1and3-keyDESEDE-CBC, PBEwithSHA-1and2-keyDESEDE-CBC, PBEwithSHA-1and128bitRC2-CBC, PBEwithSHA-1and40bitRC2-CBC, PBEwithHmacSHA-1, PBEwithHmacSHA-224, PBEwithHmacSHA-256, PBEwithHmacRIPEMD128, PBEwithHmacRIPEMD160, and PBEwithHmacRIPEMD256. PBE withMD2和DES-CBC,PBEwithMD2和RC2-CBC,PBEwithMD5和DES-CBC,PBEwithMD5和RC2-CBC,PBEwithSHA1和DES-CBC,PBEwithSHA1和RC2-CBC,PBEwithSHA-1和128bitRC4,PBE withSHA-1和40bitRC4,PBEwithSHA-1和3DESCED,PBEwithSHA-1和3-DES 1和128位RC2-CBC,带有SHA-1的PBE和40位RC2-CBC,带有HmacSHA-1的PBE,带有HmacSHA-224的PBE,带有HmacSHA-256的PBE,带有HmacRIPEMD128,PBE带有HmacRIPEMD160的PBE和带有HmacRIPEMD256的PBE。
Example: 例:
private static string EncryptPrivateKey(AsymmetricKeyParameter privateKey)
{
var encKey = PrivateKeyFactory.EncryptKey("PBEwithSHA1andDES-CBC", "test".ToCharArray(),
new byte[256], 1, privateKey);
return Convert.ToBase64String(encKey);
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.