stackoom
  简体   繁体   中英

No error encrypting / decrypting data with an expired certificate using RSACryptoServiceProvider

 原文  2015-01-22 20:52:58       c#/ encryption/ encryption-asymmetric/ x509certificate2

Question

I currently doing a proof of concept to encrypt data using a certificate. It works well but now, I want to try a scenario when the certificate is expired. I created an expired certificate and I was surprise to notice that everthing works property even with the expired certificate. I was expecting an error.

Do you know if it's because it's a self signed certificate ?

Here's the code I using to test my case 

[TestMethod]
public void Encrypt_decrypt_with_expired_certificate()
{
    //Arrange
    var baseString = "This is an encryption test";
    X509Certificate2 newX509Certificate2 = new X509Certificate2("d:\\testx509certExpired.pfx", "apassword");
    Console.WriteLine(newX509Certificate2.NotAfter); //Show the expiration date which is in the past
    var encryptor = new CertificateEncryptor(newX509Certificate2); //This class is a simple wrapper around RSACryptoServiceProvider

    //Act
    string encryptedResult = encryptor.Encrypt(baseString); //Exception expected because of the expired certificate but not thrown

    //Assert
    Console.WriteLine("Base string : {0}", baseString);
    Console.WriteLine("Encrypted string : {0}", encryptedResult);
    Assert.IsNotNull(encryptedResult);

    //revert back
    string decryptedString = encryptor.Decrypt(encryptedResult);
    Console.WriteLine("Decrypted string : {0}", decryptedString);
    Assert.AreEqual(baseString, decryptedString);
}

Thanks

2 answers

solution1
 4 ACCPTED  2015-01-23 06:15:20

As GregS said, RSACryptoServiceProvider class (not X509Certificate2) provides an ability to perform cryptographic operations. RSACryptoServiceProvider knows nothing about certificate, it knows only keys and their parameters. This is why you don't see any errors.

This means that certificate validation -- is your app responsibility. You should check certificate when encrypting data and skip all certificate checks to decrypt data.

solution2
 0  2018-06-20 13:44:42

When attempting to access the X509Certificate2.PublicKey.Key attribute of the certificate, a CryptographicException should be thrown if the certificate is not within its validity period.

Here is how I load the public & private keys from a certificate to perform cryptographic operations: 

using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;

class Example

{
    private RSACryptoServiceProvider publicKey,
                                     privateKey;

    private bool getRSAKeys(X509Certificate2 cert, StoreLocation location)
    {
        try
        {
            //This will throw a CryptographicException if the certificate is expired
            publicKey = (RSACryptoServiceProvider)cert.PublicKey.Key;

            privateKey = (RSACryptoServiceProvider)cert.PrivateKey;
            return true;
        }
        catch (CryptographicException e)
        {
            Console.WriteLine("The certificate is expired or otherwise unusable\r\n" + e.ToString());
            return false;
        }
    }

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Encrypting and decrypting data using NHibernate Encrypting data using RSACryptoServiceProvider has what seems to me as a bizarre feature Decrypting using RSACryptoServiceProvider.Decrypt Encrypting and decrypting a string using Rijndael Using certificate from store for RSACryptoServiceProvider File data changed after encrypting then decrypting Encrypting and decrypting File - Lead to “Bad Data” Error RSA encrypting in C# and decrypting in Go Encrypting/Decrypting a file using C# and RSA Encrypting & Decrypting files using OpenSSL in .NET
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM