我正在开发一个项目,我需要使用“公钥”来使用RSA算法加密邮件。我被提供了一个证书,我的第一个想法是使用该证书中的公钥,并且在调查之后,我了解到我需要使用RSACryptoServiceProvider进行加密。从公钥(不是证书)构造RSACryptoServiceProvider
我检查了msdn,只有我以为我应该使用的方法是RSACryptoServiceProvider.ImportCspBlob(byte[] keyBlob)。 当我试图使用从证书导出的公钥时,出现证书头数据无效的错误。
我知道我可以将X509certificate2.PublicKey.Key转换为RSACryptoServiceProvider,但是从我的客户所了解的情况来看,我将只会给予公钥而不是证书。该密钥必须保存在.xml配置文件中。
所以总结一下:有没有一种方法可以在只给定证书的公钥的情况下生成RSACryptoServiceProvider?
你可以尝试看看下面这个例子:RSA public key encryption in C#
var publicKey = "<RSAKeyValue><Modulus>21wEnTU+mcD2w0Lfo1Gv4rtcSWsQJQTNa6gio05AOkV/Er9w3Y13Ddo5wGtjJ19402S71HUeN0vbKILLJdRSES5MHSdJPSVrOqdrll/vLXxDxWs/U0UT1c8u6k/Ogx9hTtZxYwoeYqdhDblof3E75d9n2F0Zvf6iTb4cI7j6fMs=</Modulus><Exponent>AQAB</Exponent></RSAKeyValue>";
var testData = Encoding.UTF8.GetBytes("testing");
using (var rsa = new RSACryptoServiceProvider(1024))
{
try
{
// client encrypting data with public key issued by server
//
rsa.FromXmlString(publicKey);
var encryptedData = rsa.Encrypt(testData, true);
var base64Encrypted = Convert.ToBase64String(encryptedData);
}
finally
{
rsa.PersistKeyInCsp = false;
}
}
您是确定并遵循良好的典型模式。数据的发送者不需要私钥。
以下可能会确认您已经计算出的一些代码。 我为接收机/解码器设置私钥的一行被遗漏了。 我从我的构建部署东西的测试用例中拿出了这个。
byte[] certBytAr; // This is the certificate as bianry in a .cer file (no private key in it - public only)
X509Certificate2 cert2 = new X509Certificate2(certBytAr);
string strToEncrypt = "Public To Private Test StackOverFlow PsudeoCode. Surfs Up at Secret Beach.";
byte[] bytArToEncrypt = Encoding.UTF8.GetBytes(strToEncrypt);
RSACryptoServiceProvider rsaEncryptor = (RSACryptoServiceProvider)cert2.PublicKey.Key;
byte[] dataNowEncryptedArray = rsaEncryptor.Encrypt(bytArToEncrypt, true);
// done - you now have encrypted bytes
//
// somewhere elxe ...
// this should decrpyt it - simulate the destination which will decrypt the data with the private key
RSACryptoServiceProvider pk = // how this is set is complicated
// set the private key in the x509 oobject we created way above
cert2.PrivateKey = pk;
RSACryptoServiceProvider rsaDecryptor = (RSACryptoServiceProvider)cert2.PrivateKey;
byte[] dataDecrypted = rsaDecryptor.Decrypt(dataNowEncryptedArray, true);
Console.WriteLine(" encrypt 1 Way Intermediate " + BitConverter.ToString(dataDecrypted));
string strDecodedFinal = Encoding.UTF8.GetString(dataDecrypted);
if (strDecodedFinal == strToEncrypt)
{
}
else
{
Console.WriteLine(" FAILURE OF ENCRYPTION ROUND TRIP IN SIMPLE TEST (Direction: Public to Private). No Surfing For You ");
}