调用RSACryptoServiceProvider.SignData时ArgumentException“值无效”

时间:2011-03-01 19:30:11

标签: security rsa sha256

使用以下代码调用RSACryptoServiceProvider.SignData时,我收到System.ArgumentException“值无效”:

var csp = (RSACryptoServiceProvider)_certificate.PrivateKey;
string simpleName = CryptoConfig.MapNameToOID("SHA256");
return csp.SignData(data, simpleName);

代码来自第三方样本,因此它应该在适当的情况下工作。它似乎可能是由我的操作系统引起的,但我还没有找到解决方案,所以我想在这里发帖看看是否有人可以提供帮助?

.NET Framework:3.5 操作系统:Microsoft Windows Server 2003 R2企业版Service Pack 2

2 个答案:

答案 0 :(得分:3)

在进行了更多的挖掘之后,我已经找到了比编辑machine.config文件更合适的解决方案。您可以为自己感兴趣的算法指定OID,然后将该值传递给RSA提供程序,如下所示:

public static string Sign(string data)
{   
    RSACryptoServiceProvider rsaProvider = new RSACryptoServiceProvider(); 
    HashAlgorithm algorithm = new SHA256CryptoServiceProvider();
    const string sha256Oid = "2.16.840.1.101.3.4.2.1";

    byte[] dataBytes = Encoding.ASCII.GetBytes(data);
    byte[] hashBytes= algorithm.ComputeHash(dataBytes);
    byte[] signedBytes = rsaProvider.SignHash(hashBytes, sha256Oid);
    string signature = Convert.ToBase64String(signedBytes);

    return signature;
}

答案 1 :(得分:0)

从提供的链接:

“根本原因是CryptoConfig不理解SHA256CryptoServiceProvider。它是作为.NET 3.5中绿色位的一部分添加的,并且由于分层限制红色位(例如RSACryptoServiceProvider所在的mscorlib.dll)不知道它的存在......

如果您使用的是.Net Framework 4.0,则解决方案是修改“machine.config”文件:

%WINDIR%\Microsoft.NET\Framework\v4.0.xxxxx\ CONFIG  -> for x86
%WINDIR%\Microsoft.NET\Framework64\v4.0.xxxxx\CONFIG -> for x64

如果您使用的是.Net Framework 3.5,则解决方法是修改“machine.config”文件:

%WINDIR%\Microsoft.NET\Framework\v2.0.xxxxx\ CONFIG  -> for x86
%WINDIR%\Microsoft.NET\Framework64\v2.0.xxxxx\CONFIG -> for x64

以下是您需要在“machine.config”文件中创建的条目,用于支持SHA256CryptoServiceProvider,SHA256Cng,SHA384CryptoServiceProvider,SHA384Cng,SHA512CryptoServiceProvider和SHA512Cng。“

<mscorlib>
    <cryptographySettings>
      <cryptoNameMapping>
        <cryptoClasses>
          <cryptoClass SHA256CSP="System.Security.Cryptography.SHA256CryptoServiceProvider, System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
          <cryptoClass SHA256CNG="System.Security.Cryptography.SHA256Cng, System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
          <cryptoClass SHA384CSP="System.Security.Cryptography.SHA384CryptoServiceProvider, System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
          <cryptoClass SHA384CNG="System.Security.Cryptography.SHA384Cng, System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
          <cryptoClass SHA512CSP="System.Security.Cryptography.SHA512CryptoServiceProvider, System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
          <cryptoClass SHA512CNG="System.Security.Cryptography.SHA512Cng, System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
        </cryptoClasses>
        <nameEntry name="SHA256" class="SHA256CSP" />
        <nameEntry name="SHA256CryptoServiceProvider" class="SHA256CSP" />
        <nameEntry name="System.Security.Cryptography.SHA256CryptoServiceProvider" class="SHA256CSP" />
        <nameEntry name="SHA256Next" class="SHA256CNG" />
        <nameEntry name="SHA256Cng" class="SHA256CNG" />
        <nameEntry name="System.Security.Cryptography.SHA256Cng" class="SHA256CNG" />
        <nameEntry name="SHA384" class="SHA384CSP" />
        <nameEntry name="SHA384CryptoServiceProvider" class="SHA384CSP" />
        <nameEntry name="System.Security.Cryptography.SHA384CryptoServiceProvider" class="SHA384CSP" />
        <nameEntry name="SHA384Next" class="SHA384CNG" />
        <nameEntry name="SHA384Cng" class="SHA384CNG" />
        <nameEntry name="System.Security.Cryptography.SHA384Cng" class="SHA384CNG" />
        <nameEntry name="SHA512" class="SHA512CSP" />
        <nameEntry name="SHA512CryptoServiceProvider" class="SHA512CSP" />
        <nameEntry name="System.Security.Cryptography.SHA512CryptoServiceProvider" class="SHA512CSP" />
        <nameEntry name="SHA512Next" class="SHA512CNG" />
        <nameEntry name="SHA512Cng" class="SHA512CNG" />
        <nameEntry name="System.Security.Cryptography.SHA512Cng" class="SHA512CNG" />
      </cryptoNameMapping>
      <oidMap>
        <oidEntry OID="2.16.840.1.101.3.4.2.1" name="SHA256" />
        <oidEntry OID="2.16.840.1.101.3.4.2.1" name="SHA256Next" />
        <oidEntry OID="2.16.840.1.101.3.4.2.2" name="SHA384" />
        <oidEntry OID="2.16.840.1.101.3.4.2.2" name="SHA384Next" />
        <oidEntry OID="2.16.840.1.101.3.4.2.3" name="SHA512" />
        <oidEntry OID="2.16.840.1.101.3.4.2.3" name="SHA512Next" />
      </oidMap>
    </cryptographySettings>
  </mscorlib>

链接:http://blogs.msdn.com/b/winsdk/archive/2010/08/18/getting-a-system-argumentexception-value-was-invalid-when-trying-to-sign-data-using-sha256cryptoserviceprovider.aspx

相关问题
最新问题