问题描述
我正在尝试使用以下代码使用自签名证书:
I'm trying to use self-signed certificate using the following code:
X509Certificate2 cert = ToCertificate("CN=localhost");
public static X509Certificate2 ToCertificate(this string subjectName,
StoreName name = StoreName.My,
StoreLocation location = StoreLocation.LocalMachine
)
{
X509Store store = new X509Store(name, location);
store.Open(OpenFlags.ReadOnly);
try
{
var cert = store.Certificates.OfType<X509Certificate2>().FirstOrDefault(c => c.Subject.Equals(subjectName, StringComparison.OrdinalIgnoreCase));
return cert != null ? new X509Certificate2(cert) : null;
}
catch (Exception)
{
throw;
}
finally
{
store.Certificates.OfType<X509Certificate2>().ToList().ForEach(c => c.Reset());
store.Close();
}
}
我遇到以下异常:
PrivateKey = 'cert.PrivateKey' threw an exception of type 'System.Security.Cryptography.CryptographicException'
我尝试了和
但是仍然存在问题!
推荐答案
davidchristiansen说:
davidchristiansen Said:
可能的解决方法是直接使用CryptoAPI / CNG API处理CNG密钥。但是,如果我们需要一个更简单,更纯净的.NET解决方案来理解CNG,则需要找到另一个解决方案(详细信息!)。
A possible workaround to this may be to use CryptoAPI/CNG API directly to deal with CNG keys. But if we want an easier and pure .NET solution which understands CNG, we need to find another solution (details to follow!).
我按照以下文章进行了转换,以将我的证书密钥从CNG转换为RSA。
I followed the following post to convert to convert my certificate key from CNG to RSA. It works!
来自博客的步骤:
- 从PFX
文件中提取公钥和完整证书链 - 提取CNG私钥
- 将私钥转换为RSA格式
- 将具有RSA私钥的公钥合并到新的PFX文件中
- Extract your public key and full certificate chain from your PFX file
- Extract the CNG private key
- Convert the private key to RSA format
- Merge public keys with RSA private key to a new PFX file
将应用程序更改为使用刚创建的新PFX后,
应该会发现您的问题已解决。
After changing your application to use the new PFX you just created, you should find that your issues have been resolved.
现在让我们看看如何使用OpenSSL执行这些步骤(从此处获取适用于Windows的OpenSSL
)
Now let’s see how to carry out these steps using OpenSSL (Get OpenSSL for Windows from here)
- 提取您的PFX文件中的公钥和完整证书链
OpenSSL pkcs12 -in yourcertificate.pfx -nokeys -out
您的证书e.cer -passin pass:myreallystrongpassword
OpenSSL pkcs12 -in "yourcertificate.pfx" -nokeys -out "yourcertificate.cer" -passin "pass:myreallystrongpassword"
- 提取CNG私钥
OpenSSL pkcs12 -in yourcertificate.pfx -nocerts –out
yourcertificate.pem -passin pass:myreallystrongpassword -passout
pass:myreallystrongpassword
OpenSSL pkcs12 -in "yourcertificate.pfx" -nocerts –out "yourcertificate.pem" -passin "pass:myreallystrongpassword" -passout "pass:myreallystrongpassword"
- 将私钥转换为RSA格式
OpenSSL rsa -inform PEM -in yourcertificate.pem -out
yourcertificate.rsa -passin pass:myreallystrongpassword -passout
pass:myreallystrongpassword
OpenSSL rsa -inform PEM -in "yourcertificate.pem" -out "yourcertificate.rsa" -passin "pass:myreallystrongpassword" -passout "pass:myreallystrongpassword"
- 将具有RSA私钥的公钥合并到新的PFX文件中
OpenSSL pkcs12 -export -in yourcertificate.cer -inkey
yourcertificate.rsa -out yourcertificate-converted.pfx -passin
pass:myreallystrongpassword -passout pass:myreallystrongpassword
OpenSSL pkcs12 -export -in "yourcertificate.cer" -inkey "yourcertificate.rsa" -out "yourcertificate-converted.pfx" -passin "pass:myreallystrongpassword" -passout "pass:myreallystrongpassword"
这篇关于私钥引发了System.Security.Cryptography.CryptographicException类型的异常的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!