我在对XML消息进行数字签名时遇到问题。要求规定ECDSA证书将与特定曲线一起使用。这意味着SignedXml.ComputeSignature(...)
方法提供的RSA和DSA功能无法在不创建SignatureDescription
,AsymmetricSignatureFormatter
和AsymmetricSignatureDeformatter
的自定义实现的情况下工作。< / p>
话虽如此,并且没有发布大量代码,我创建了一个简单的函数,该函数应该使用证书并使用其公钥使用ECDsaCng
类对数据进行签名,因为这是我用来创建自定义的上面提到的实施。
即使使用我的自定义实现,也会发生异常抛出&#34; System.Security.Cryptography.CryptographicException: Key does not exist.
&#34;。但是,如果我只创建一个CngKey
而不是导入它就可以了。从我所看到的,这个异常被抛出调用internal static extern ErrorCode NCryptSignHash(...)
上ncrypt.dll
的方法的代码。System.Security.Cryptography.CryptographicException: Key does not exist.
所以我的问题是为什么抛出异常&#34; [TestMethod]
public void CreateSignatureTest()
{
var request = "Some xml goes here...";
var store = new X509Store(StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadOnly);
var certificates = store.Certificates;
var applicableCertificate = certificates.Cast<X509Certificate2>()
.FirstOrDefault(certificate => certificate.Subject.Contains("ECDSA_CERT_NAME"));
var encryptingKey = (ECDsaCng)applicableCertificate.GetECDsaPublicKey();
var exported = encryptingKey.Key.Export(CngKeyBlobFormat.EccPublicBlob);
var creationParameters = new CngKeyCreationParameters
{
ExportPolicy = CngExportPolicies.AllowPlaintextExport
};
using (CngKey objCngKey = CngKey.Import(exported, CngKeyBlobFormat.EccPublicBlob)) // This will throw a Key Does Not Exist Exception
//using (CngKey objCngKey = CngKey.Create(CngAlgorithm.ECDsaP256, null, creationParameters)) // This works...
{
//'Convert String to be signed to a byte array
var data = Encoding.Default.GetBytes(request);
//'Create a ECDsaCng Object
var ecdsa = new ECDsaCng(objCngKey);
//'Sign the string
var bSignature = ecdsa.SignData(data);
//'Convert Signature to Base64 string for better reading
var sSignature = Convert.ToBase64String(bSignature);
}
}
&#34;以及如何解决它。
var rewrite = require('knockout-arrows');
module.exports = function (str) {
if (this.cacheable) {
this.cacheable();
}
var template = rewrite(str);
return "module.exports = '" + template + "'";
};
答案 0 :(得分:2)
您获取了公钥。然后将其导入新容器并调用Sign。由于私钥是签名所必需的,因此抛出一个异常,说私钥字段不存在。
为什么要克隆对象呢?只需致电cert.GetECDsaPrivateKey()
并使用该对象。