X509Certificate2-如果使用ECC证书,则访问被拒绝异常
[英]X509Certificate2 - Access Denied Exception if use ECC certificate
问题描述
我尝试使用System.Security.Cryptography.Pkcs加密和解密数据,但它仅适用于RSA证书,如果我使用ECC (曲线ECDH_brainpoolP512r1)证书,则X509Certificate2的构造函数会因Access Denied异常而崩溃。
在Powershell中创建SelfSignedCertificate
New-SelfSignedCertificate `
-Subject "CN=Test Code Signing RSA" `
-Type DocumentEncryptionCert `
-KeyUsage "DigitalSignature" `
-FriendlyName "Test Code Signing" `
-NotAfter (get-date).AddYears(5) `
-KeyExportPolicy Exportable `
-SmimeCapabilities `
-KeyAlgorithm ECDH_brainpoolP512r1
阅读代码中的SelfSignedCertificate
var base64cert = "MIIF/wIBAzCCBbsGCSqGSIb3DQEHAaCCBawEggWoMIIFpDCCAkcGCSqGSIb3DQEHAaCCAjgEggI0MIICMDCCAiwGCyqGSIb3DQEMCgECoIIBNjCCATIwHAYKKoZIhvcNAQwBAzAOBAi2P5j9EliEaQICB9AEggEQyJLkopAMyHJh0jQXtnlwK4yjpE0WqYXf9sNPPLOFXgaxNU7gLKc3F6kPJUxLCxnvjOe7bRJS3v4A0GQBBqeFEJjBT9hd88RaQ2NsNxDrQEh/ZAyTUg+l6CyApUtcJb5uehPVnj7xnWtu4vvxDh5hRqSVxSR50wOjk/MKlyX1hhF1JybzRiqESKIMLx84HWJqZ6Fp87asJ0/0isL+kVxarqLrTkv0CGt2QaLxZzu9YDGj6nuGy2EBQwGHwMCEVTFupX55njV4aU3YTG2U+BHFl667NekTtOXH5GXDbp6D+9PntXBxW2d3E68v7lBVMjPKfTsTeCs4aLOwQzsXIFgvouw6GgGsZCrYaQwMNuGayC4xgeIwDQYJKwYBBAGCNxECMQAwEwYJKoZIhvcNAQkVMQYEBAEAAAAwXQYJKoZIhvcNAQkUMVAeTgB0AGUALQA0ADYANwBmADEAOAAxAGMALQBiAGQAZQA0AC0ANAA5AGUANgAtAGEANABjADMALQA4ADQAOAAwADYAMgBmADIANgA4ADEAMTBdBgkrBgEEAYI3EQExUB5OAE0AaQBjAHIAbwBzAG8AZgB0ACAAUwBvAGYAdAB3AGEAcgBlACAASwBlAHkAIABTAHQAbwByAGEAZwBlACAAUAByAG8AdgBpAGQAZQByMIIDVQYJKoZIhvcNAQcBoIIDRgSCA0IwggM+MIIDOgYLKoZIhvcNAQwKAQOgggLdMIIC2QYKKoZIhvcNAQkWAaCCAskEggLFMIICwTCCAiagAwIBAgIQXQFCNRCYc4hHLhQAD247rTAJBgcqhkjOPQQBMDAxLjAsBgNVBAMMJVRlc3QgQ29kZSBTaWduaW5nIEVDQyBicmFpbnBvb2xQNTEycjEwHhcNMTgwMzAyMTQyMTQ1WhcNMjMwMzAyMTQzMTQ2WjAwMS4wLAYDVQQDDCVUZXN0IENvZGUgU2lnbmluZyBFQ0MgYnJhaW5wb29sUDUxMnIxMIGbMBQGByqGSM49AgEGCSskAwMCCAEBDQOBggAETcwT2kPzMxF5upq+xb2NpTmRk2Gkp1mThVESNI9A1tgWk3wIylN72b1t5yHxveiWdopn3LkeT0hTaXSJ4fZsHmYRo0KZS5fKZbSSiFlLbxAwndgG99HLakz/I59WtXzSenSaM6HkP+Nz0Kmxvvy0umOXLg0bU8qpX5tLUtEFAxOjgd8wgdwwDgYDVR0PAQH/BAQDAgeAMBQGA1UdJQQNMAsGCSsGAQQBgjdQATCBlAYJKoZIhvcNAQkPBIGGMIGDMAsGCWCGSAFlAwQBKjALBglghkgBZQMEAS0wCwYJYIZIAWUDBAEWMAsGCWCGSAFlAwQBGTALBglghkgBZQMEAQIwCwYJYIZIAWUDBAEFMAoGCCqGSIb3DQMHMAcGBSsOAwIHMA4GCCqGSIb3DQMCAgIAgDAOBggqhkiG9w0DBAICAgAwHQYDVR0OBBYEFMmLfUI9zvfjMlvbolK8pP0zeZNhMAkGByqGSM49BAEDgYkAMIGFAkEAlCq9PiR4Yl0A+kIZO1yyfmKpcmJI6++jZJJ1P2LxZIi9ZgIJQLIWjmBTMP1nswAzNbnqetOBuJy55+SkO2OsngJAGXIYtW8RBFcTmRYnhCLeIsB/De3khytnaeHNBZVB/x0n/gFqVNMaPZp6l4MPGhEBS8pcvLN4zvO7phxR0Xt3HDFKMBMGCSqGSIb3DQEJFTEGBAQBAAAAMDMGCSqGSIb3DQEJFDEmHiQAVABlAHMAdAAgAEMAbwBkAGUAIABTAGkAZwBuAGkAbgBnAAAwOzAfMAcGBSsOAwIaBBSas13IRWnhNtoPLKp29FJpLmCptgQUkF0JRqyYiDG0Ql7zAPED2uVWzykCAgfQ";
new System.Security.Cryptography.X509Certificates.X509Certificate2(Convert.FromBase64String(base64cert), "qwert");
例外
Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: Access Denied
at Internal.Cryptography.Pal.CertificatePal.FilterPFXStore(Byte[] rawData, SafePasswordHandle password, PfxCertStoreFlags pfxCertStoreFlags)
at Internal.Cryptography.Pal.CertificatePal.FromBlobOrFile(Byte[] rawData, String fileName, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags)
at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(Byte[] rawData, String password, X509KeyStorageFlags keyStorageFlags)
at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(Byte[] rawData, String password)
at PkcsEncryption.Program.Certificate(Boolean rsa) in c:\git\PkcsEncryption\PkcsEncryption\Program.cs:line 88
at PkcsEncryption.Program.Encrypt(Byte[] dataPlain, Boolean useRsa) in c:\git\PkcsEncryption\PkcsEncryption\Program.cs:line 56
at PkcsEncryption.Program.Main(String[] args) in c:\git\PkcsEncryption\PkcsEncryption\Program.cs:line 22
1 个解决方案
解决方案1
6 已采纳 2018-03-09 16:19:08
您已在其中编码为base64的PFX在内部设置了标记,指示该标记已从计算机密钥库中导出。 您的访问被拒绝表示您没有以管理员身份运行(因此没有权限将密钥添加到计算机的密钥库中)。
为了确保将PFX中的密钥添加到当前用户的密钥存储中,请设置X509KeyStorageFlags.UserKeySet标志。 或者,如果您已经安装了.NET Framework v4.7.2的早期访问版本(或将来发布的版本),则可以使用EphemeralKeySet将私钥保留在内存中,并完全避免使用密钥库。
new System.Security.Cryptography.X509Certificates.X509Certificate2(
Convert.FromBase64String(base64cert),
"qwert",
X509KeyStorageFlags.UserKeySet);
BouncyCastle PrivateKey 到 X509Certificate2 PrivateKey (ECC)
[英]BouncyCastle PrivateKey To X509Certificate2 PrivateKey (ECC)
X509Certificate2的RemoteCertificateValidationCallback
[英]RemoteCertificateValidationCallback with X509Certificate2
Azure Web应用程序新X509Certificate2()导致System.Security.Cryptography.CryptographicException:访问被拒绝
[英]Azure Web Application new X509Certificate2() causing System.Security.Cryptography.CryptographicException: Access denied
X509Certificate2 构造函数中“指定的网络密码不正确”异常
[英]“The specified network password is not correct” exception in X509Certificate2 constructor
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
阅读X509Certificate2时如何解决拒绝访问的问题
BouncyCastle PrivateKey 到 X509Certificate2 PrivateKey (ECC)
X509Certificate2信息
X509Certificate2的RemoteCertificateValidationCallback
X509Certificate2到EccKey
Azure Web应用程序新X509Certificate2()导致System.Security.Cryptography.CryptographicException:访问被拒绝
X509Certificate2 构造函数中“指定的网络密码不正确”异常
X509Certificate2:使用私钥解密时访问被拒绝
X509Certificate2访问私钥到安全令牌
如何使用Moq模拟X509Certificate2?
相关标签