Azure辅助角色:证书密钥无法在指定状态下使用

时间:2013-09-07 14:30:53

标签: azure

  

System.Security.Cryptography.CryptographicException:密钥无效   在指定的状态下使用。

     

在   System.Security.Cryptography.CryptographicException.ThrowCryptographicException(的Int32   hr)在System.Security.Cryptography.Utils._ExportKey(SafeKeyHandle   hKey,Int32 blobType,Object cspObject)at   System.Security.Cryptography.RSACryptoServiceProvider.ExportParameters(布尔   includePrivateParameters)at   System.Security.Cryptography.RSA.ToXmlString(布尔   includePrivateParameters)

现在,我相信这是因为当Azure将证书添加到我的WorkerRole部署时,它不会安装带有“将此密钥标记为可导出”选项的证书。

我需要向我的workerrole添加一个证书,以便能够解密加密设置。

任何人都对如何将Azure标记为可导出的证书私钥有任何想法。或者如果它可能是另一个问题。

ONSTART:

    try{

        var conn = System.Text.UTF8Encoding.UTF8.GetString(Decrypt(Convert.FromBase64String(setting), true, cert));

    }catch(Exception ex)
    {
        Trace.TraceError(ex.ToString());

    }

方法:

        public static X509Certificate2 LoadCertificate(StoreName storeName,
   StoreLocation storeLocation, string tprint)
        {
            X509Store store = new X509Store(storeName, storeLocation);

            try
            {
                store.Open(OpenFlags.ReadOnly);

                X509Certificate2Collection certificateCollection =
                     store.Certificates.Find(X509FindType.FindByThumbprint,
                                            tprint, false);

                if (certificateCollection.Count > 0)
                {
                    //  We ignore if there is more than one matching cert, 
                    //  we just return the first one.
                    return certificateCollection[0];
                }
                else
                {
                    throw new ArgumentException("Certificate not found");
                }
            }
            finally
            {
                store.Close();
            }
        }
    public static byte[] Decrypt(byte[] encryptedData, bool fOAEP,
                           X509Certificate2 certificate)
    {
        if (encryptedData == null)
        {
            throw new ArgumentNullException("encryptedData");
        }
        if (certificate == null)
        {
            throw new ArgumentNullException("certificate");
        }

        using (RSACryptoServiceProvider provider = new RSACryptoServiceProvider())
        {
            // Note that we use the private key to decrypt
            provider.FromXmlString(GetXmlKeyPair(certificate));

            return provider.Decrypt(encryptedData, fOAEP);
        }
    }
    public static string GetXmlKeyPair(X509Certificate2 certificate)
    {
        if (certificate == null)
        {
            throw new ArgumentNullException("certificate");
        }

        if (!certificate.HasPrivateKey)
        {
            throw new ArgumentException("certificate does not have a private key");
        }
        else
        {
            return certificate.PrivateKey.ToXmlString(true);
        }
    }

1 个答案:

答案 0 :(得分:0)

我找到了解决方案。

答案在我的另一个问题中给出:How can I get a certificate by name given in ServiceDefinition on Azure

相关问题
最新问题