使用非对称密钥解密XML会因.NET中的InvalidCastException而失败

时间:2017-06-13 08:10:48

标签: c# .net xml-encryption

使用.NET 4.6我尝试执行以下操作:

  • 从PFX文件加载密钥以进行解密。
  • 使用上述文件中的私钥解密XML文档。

我的代码基于MSDN的How to: Decrypt XML Elements with Asymmetric Keys

CspParameters cspParams = new CspParameters();
cspParams.KeyContainerName = "XML_ENC_RSA_KEY";

// Load PFX
X509Certificate2 encryptionPfx = new X509Certificate2(@"file.pfx", "test_password");
RSACryptoServiceProvider rsaKey = new RSACryptoServiceProvider();
rsaKey = encryptionPfx.PrivateKey as RSACryptoServiceProvider;

// Decrypt XML
EncryptedXml encryptedXml = new EncryptedXml(xmlDocument);
encryptedXml.AddKeyNameMapping("TESTKEY", rsaKey);
encryptedXml.DecryptDocument();

运行此代码时,我得到了InvalidCastException方法抛出的GetDecryptionKey()

Object of type "System.Security.Cryptography.RSACryptoServiceProvider" cannot be cast to "System.Security.Cryptography.SymmetricAlgorithm".

据我所知,MSDN示例中,此代码应从XML中获取EncryptedKey元素,并使用RSA密钥解密密钥。

我在这里缺少什么?

这是完整的堆栈跟踪:

System.InvalidCastException wurde nicht behandelt.
  HResult=-2147467262
  Message=Das Objekt des Typs "System.Security.Cryptography.RSACryptoServiceProvider" kann nicht in Typ "System.Security.Cryptography.SymmetricAlgorithm" umgewandelt werden.
  Source=System.Security
  StackTrace:
       bei System.Security.Cryptography.Xml.EncryptedXml.GetDecryptionKey(EncryptedData encryptedData, String symmetricAlgorithmUri)
       bei System.Security.Cryptography.Xml.EncryptedXml.DecryptDocument()
       bei XML_Encryption_Tools.XmlDecryption.DecryptDocument(XmlDocument xmlDocument) in C:\Users\user\Documents\Visual Studio 2015\Projects\XML Encryption Tools\XML Encryption Tools\XmlDecryption.cs:Zeile 38.
       bei XML_Encryption_Tools.Program.Main(String[] args) in C:\Users\user\Documents\Visual Studio 2015\Projects\XML Encryption Tools\XML Encryption Tools\Program.cs:Zeile 17.
       bei System.AppDomain._nExecuteAssembly(RuntimeAssembly assembly, String[] args)
       bei System.AppDomain.ExecuteAssembly(String assemblyFile, Evidence assemblySecurity, String[] args)
       bei Microsoft.VisualStudio.HostingProcess.HostProc.RunUsersAssembly()
       bei System.Threading.ThreadHelper.ThreadStart_Context(Object state)
       bei System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
       bei System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
       bei System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
       bei System.Threading.ThreadHelper.ThreadStart()
  InnerException:

这是加密的XML:

<xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="G051f21d6-44b8-4ca8-abcd-bcec94a81ffa" Type="http://www.w3.org/2001/04/xmlenc#Element">
    <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
    <dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
      <dsig:KeyName>TESTKEY</dsig:KeyName>
        <xenc:EncryptedKey Id="EK65c1fdc2-a757-4482-8238-1d19c5d05006">
            <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
                <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
            </xenc:EncryptionMethod>
            <xenc:CipherData>
                <xenc:CipherValue>Here is cipherValue_1</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedKey>
    </dsig:KeyInfo>
    <xenc:CipherData>
        <xenc:CipherValue>Here is cipherValue_2</xenc:CipherValue>
    </xenc:CipherData>
</xenc:EncryptedData>

1 个答案:

答案 0 :(得分:0)

经过深入调试后,似乎加密的XML不太正确。如果我将KeyName元素作为KeyInfo的子元素移动到新的EncryptedKey元素,那么我的代码就可以运行。

<xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="G051f21d6-44b8-4ca8-abcd-bcec94a81ffa" Type="http://www.w3.org/2001/04/xmlenc#Element">
    <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
    <dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
    <!-- This KeyName is found but not associated with the encrypted key. -->      
    <dsig:KeyName>TESTKEY</dsig:KeyName>
        <xenc:EncryptedKey Id="EK65c1fdc2-a757-4482-8238-1d19c5d05006">
            <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
            <!-- If I place the KeyInfo and KeyName here, my code works. -->
            <dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
                <dsig:KeyName>TESTKEY</dsig:KeyName>
            </dsig:KeyInfo>
                <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
            </xenc:EncryptionMethod>
            <xenc:CipherData>
                <xenc:CipherValue>Here is cipherValue_1</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedKey>
    </dsig:KeyInfo>
    <xenc:CipherData>
        <xenc:CipherValue>Here is cipherValue_2</xenc:CipherValue>
    </xenc:CipherData>
</xenc:EncryptedData>
相关问题
最新问题