RSA加密公钥未从容器返回?

时间:2009-05-06 00:21:52

标签: cryptography c#-2.0 rijndaelmanaged public-key rsacryptoserviceprovider

我觉得我想做的事情非常简单。但出于某种原因,它不想工作:

这是一个完整的代码片段,用于测试我要做的事情:

using System;
using System.Xml;
using System.Security.Cryptography;
using System.Security.Cryptography.Xml;

namespace XmlCryptographySendingTest
{
    class Program
    {
        static void Main(string[] args)
        {
            string fullKeyContainer = "fullKeyContainer";
            string publicKeyContainer = "publicKeyContainer";
        //create the two providers
        RSACryptoServiceProvider serverRSA = GetKeyFromContainer(fullKeyContainer);

        //save public and full key pairs
        SaveKeyToContainer(fullKeyContainer, serverRSA.ExportParameters(true));
        SaveKeyToContainer(publicKeyContainer, serverRSA.ExportParameters(false));

        //get rid of them from memory
        serverRSA.Clear();
        serverRSA = null;
        GC.Collect();

        //retrieve a full server set and a private client set
        serverRSA = GetKeyFromContainer(fullKeyContainer);
        RSACryptoServiceProvider clientRSA = GetKeyFromContainer(publicKeyContainer);

        //at this point the public key should be the same for both RSA providers
        string clientPublicKey = clientRSA.ToXmlString(false);
        string serverPublicKey = serverRSA.ToXmlString(false);

        if (clientPublicKey.Equals(serverPublicKey))
        {//they have the same public key.

            // Create an XmlDocument object.
            XmlDocument xmlDoc = new XmlDocument();

            // Load an XML file into the XmlDocument object.
            try
            {
                xmlDoc.PreserveWhitespace = true;
                xmlDoc.Load("test.xml");
            }
            catch (Exception e)
            {
                Console.WriteLine(e.Message);
            }

            //we can encypt with the clientRSA using the public key
            Encrypt(xmlDoc, "Fields", "DataFields", clientRSA, "test");

            Console.WriteLine("Encrypted: \r\n" + xmlDoc.OuterXml);

            //and should be able to decrypt with the serverRSA using the private key
            Decrypt(xmlDoc, serverRSA, "test");

            Console.WriteLine("Decrypted : \r\n" + xmlDoc.OuterXml);
        }
        else
        {
            Console.WriteLine("The two RSA have different public keys...");
        }

        Console.ReadLine();
    }



    private static CspParameters GetCspParameters(string containerName)
    {
        // Create the CspParameters object and set the key container 
        // name used to store the RSA key pair.
        CspParameters tmpParameters = new CspParameters();
        tmpParameters.Flags = CspProviderFlags.UseMachineKeyStore; //use the machine key store--this allows us to use the machine level container when applications run without a logged-in user
        tmpParameters.ProviderType = 1;
        tmpParameters.KeyNumber = (int)KeyNumber.Exchange;
        tmpParameters.KeyContainerName = containerName;
        return tmpParameters;
    }


    public static void SaveKeyToContainer(string containerName, RSAParameters rsaParameters)
    {
        CspParameters tmpParameters = GetCspParameters(containerName);

        // Create a new instance of RSACryptoServiceProvider that accesses
        // the key container 
        RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(tmpParameters);

        //set the key information from the text
        rsa.ImportParameters(rsaParameters);
    }

    public static RSACryptoServiceProvider GetKeyFromContainer(string containerName)
    {
        // Create the CspParameters object and set the key container 
        // name used to store the RSA key pair.
        CspParameters tmpParameters = GetCspParameters(containerName);

        // Create a new instance of RSACryptoServiceProvider that accesses
        // the key container.
        RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(tmpParameters);

        return rsa;
    }

    public static void DeleteKeyFromContainer(string containerName)
    {
        // Create the CspParameters object and set the key container 
        // name used to store the RSA key pair.
        CspParameters tmpParameters = GetCspParameters(containerName);

        // Create a new instance of RSACryptoServiceProvider that accesses
        // the key container.
        RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(tmpParameters);

        // Delete the key entry in the container.
        rsa.PersistKeyInCsp = false;

        // Call Clear to release resources and delete the key from the container.
        rsa.Clear();
    }



    public static void Encrypt(XmlDocument Doc, string ElementToEncrypt, string EncryptionElementID, RSA Alg, string KeyName)
    {
        // Check the arguments.
        if (Doc == null)
            throw new ArgumentNullException("Doc");
        if (ElementToEncrypt == null)
            throw new ArgumentNullException("ElementToEncrypt");
        if (EncryptionElementID == null)
            throw new ArgumentNullException("EncryptionElementID");
        if (Alg == null)
            throw new ArgumentNullException("Alg");
        if (KeyName == null)
            throw new ArgumentNullException("KeyName");

        ////////////////////////////////////////////////
        // Find the specified element in the XmlDocument
        // object and create a new XmlElemnt object.
        ////////////////////////////////////////////////
        XmlElement elementToEncrypt = Doc.GetElementsByTagName(ElementToEncrypt)[0] as XmlElement;

        // Throw an XmlException if the element was not found.
        if (elementToEncrypt == null)
        {
            throw new XmlException("The specified element was not found");

        }
        RijndaelManaged sessionKey = null;

        try
        {
            //////////////////////////////////////////////////
            // Create a new instance of the EncryptedXml class
            // and use it to encrypt the XmlElement with the
            // a new random symmetric key.
            //////////////////////////////////////////////////

            // Create a 256 bit Rijndael key.
            sessionKey = new RijndaelManaged();
            sessionKey.KeySize = 256;

            EncryptedXml eXml = new EncryptedXml();

            byte[] encryptedElement = eXml.EncryptData(elementToEncrypt, sessionKey, false);
            ////////////////////////////////////////////////
            // Construct an EncryptedData object and populate
            // it with the desired encryption information.
            ////////////////////////////////////////////////

            EncryptedData edElement = new EncryptedData();
            edElement.Type = EncryptedXml.XmlEncElementUrl;
            edElement.Id = EncryptionElementID;
            // Create an EncryptionMethod element so that the
            // receiver knows which algorithm to use for decryption.

            edElement.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES256Url);
            // Encrypt the session key and add it to an EncryptedKey element.
            EncryptedKey ek = new EncryptedKey();

            byte[] encryptedKey = EncryptedXml.EncryptKey(sessionKey.Key, Alg, false);

            ek.CipherData = new CipherData(encryptedKey);

            ek.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncRSA15Url);

            // Create a new DataReference element
            // for the KeyInfo element.  This optional
            // element specifies which EncryptedData
            // uses this key.  An XML document can have
            // multiple EncryptedData elements that use
            // different keys.
            DataReference dRef = new DataReference();

            // Specify the EncryptedData URI.
            dRef.Uri = "#" + EncryptionElementID;

            // Add the DataReference to the EncryptedKey.
            ek.AddReference(dRef);
            // Add the encrypted key to the
            // EncryptedData object.

            edElement.KeyInfo.AddClause(new KeyInfoEncryptedKey(ek));
            // Set the KeyInfo element to specify the
            // name of the RSA key.


            // Create a new KeyInfoName element.
            KeyInfoName kin = new KeyInfoName();

            // Specify a name for the key.
            kin.Value = KeyName;

            // Add the KeyInfoName element to the
            // EncryptedKey object.
            ek.KeyInfo.AddClause(kin);
            // Add the encrypted element data to the
            // EncryptedData object.
            edElement.CipherData.CipherValue = encryptedElement;
            ////////////////////////////////////////////////////
            // Replace the element from the original XmlDocument
            // object with the EncryptedData element.
            ////////////////////////////////////////////////////
            EncryptedXml.ReplaceElement(elementToEncrypt, edElement, false);
        }
        catch (Exception e)
        {
            // re-throw the exception.
            throw e;
        }
        finally
        {
            if (sessionKey != null)
            {
                sessionKey.Clear();
            }

        }

    }

    public static void Decrypt(XmlDocument Doc, RSA Alg, string KeyName)
    {
        // Check the arguments.  
        if (Doc == null)
            throw new ArgumentNullException("Doc");
        if (Alg == null)
            throw new ArgumentNullException("Alg");
        if (KeyName == null)
            throw new ArgumentNullException("KeyName");

        // Create a new EncryptedXml object.
        EncryptedXml exml = new EncryptedXml(Doc);

        // Add a key-name mapping.
        // This method can only decrypt documents
        // that present the specified key name.
        exml.AddKeyNameMapping(KeyName, Alg);

        // Decrypt the element.
        exml.DecryptDocument();

        }

    }
}

只要我使用私钥和公钥保存/获取RSACryptoServiceProvider,这似乎工作正常。一旦我用公共密钥保存RSACryptoServiceProvider,下次我尝试检索它时,我得到的是一个新的和不同的RSACryptoServiceProvider!

你可以想象,你不能用一组密钥加密某些东西,然后尝试用一整套新的密码来解密!

有关为何发生这种情况的任何想法?或者存储公共密钥的正确方法是什么?

3 个答案:

答案 0 :(得分:3)

我有a very similar question

我现在几乎可以肯定密钥容器不能用于存储公钥。它们的主要目的似乎是存储密钥对。密钥容器仅存储最初生成的密钥,导入PublicOnly密钥仅影响实例而不影响存储。

.NET开发人员指南中的“如何:在密钥容器中存储非对称密钥”页面指出

  

如果您需要存储私钥,则应使用密钥容器

...这与我通过MSDN找到的声明非常清楚。

我使用的替代机制是将密钥存储在XML文件中(因为它是公共密钥,如果它很容易可见,它应该无关紧要),并使用文件系统访问规则设置权限以防止不必要的修改。

答案 1 :(得分:0)

我的理解是,您对 SaveKeyToContainer 中的 ImportParameters 的调用不会影响商店中的密钥。您的 SaveKeyToContainer 的实现是使用存储中的密钥初始化 RSACryptoServiceProvider 的实例(当容器不存在时生成新的密钥对),然后导入参数,影响实例,而不影响商店。

稍后检索 publicKeyContainer 时,会获得在您尝试保存它时生成的新密钥对,而不是导入的公共片段。

抱歉,我无法提供有关使用Cryptography API将密钥导入商店的任何详细信息。我相信商店只支持密钥对,即不希望只能导入公钥。

答案 2 :(得分:0)

.NET加密类的文档很差。

我已经用同样的问题击败了我的大脑并得出了相同的结论,即使文档中没有明确说明。

当您创建RSA提供程序的实例时,您将获得一个新的密钥对。 如果您提供参数对象并命名密钥容器,则新密钥对将存储在那里。

如果您导入公钥,则会保持持久!