发表新帖
发表新帖

CryptographicException “Key not valid for use in specified state.” while trying to export RSAParameters of a X509 private key

后端 未结
关注
7 1501
悲&欢浪女
悲&欢浪女 2020-12-03 06:34

I am staring at this for quite a while and thanks to the MSDN documentation I cannot really figure out what\'s going. Basically I am loading a PFX file from the disc into a

相关标签:
7条回答
  • 暖寄归人
    2020-12-03 06:53

    AFAIK this should work and you're likely hitting a bug/some limitations. Here's some questions that may help you figure out where's the issue.

    • How did you create the PKCS#12 (PFX) file ? I've seen some keys that CryptoAPI does not like (uncommon RSA parameters). Can you use another tool (just to be sure) ?

    • Can you export the PrivateKey instance to XML, e.g. ToXmlString(true), then load (import) it back this way ?

    • Old versions of the framework had some issues when importing a key that was a different size than the current instance (default to 1024 bits). What's the size of your RSA public key in your certificate ?

    Also note that this is not how you should encrypt data using RSA. The size of the raw encryption is limited wrt the public key being used. Looping over this limit would only give you really bad performance.

    The trick is to use a symmetric algorithm (like AES) with a totally random key and then encrypt this key (wrap) using the RSA public key. You can find C# code to do so in my old blog entry on the subject.

    0 讨论(0)
  • 广开言路
    2020-12-03 06:55

    I'm not exactly an expert in these things, but I did a quick google, and found this:

    http://social.msdn.microsoft.com/Forums/en/clr/thread/4e3ada0a-bcaf-4c67-bdef-a6b15f5bfdce

    "if you have more than 245 bytes in your byte array that you pass to your RSACryptoServiceProvider.Encrypt(byte[] rgb, bool fOAEP) method then it will throw an exception."

    0 讨论(0)
  • 死守一世寂寞
    2020-12-03 07:02

    Old post, but maybe can help someone. If you are using a self signed certificate and make the login with a different user, you have to delete the old certificate from storage and then recreate it. I've had the same issue with opc ua software

    0 讨论(0)
  • 醉话见心
    2020-12-03 07:03

    I believe that the issue may be that the key is not marked as exportable. There is another constructor for X509Certificate2 that takes an X509KeyStorageFlags enum. Try replacing the line:

    X509Certificate2 x = new X509Certificate2(@"C:\temp\certs\1\test.pfx", "test");

    With this:

    X509Certificate2 x = new X509Certificate2(@"C:\temp\certs\1\test.pfx", "test", X509KeyStorageFlags.Exportable);
    0 讨论(0)
  • [愿得一人]
    2020-12-03 07:11

    For others that end up here through Google, but don't use any X509Certificate2, if you call ToXmlString on RSACryptoServiceProvider but you've only loaded a public key, you will get this message as well. The fix is this (note the last line):

    var rsaAlg = new RSACryptoServiceProvider();

rsaAlg.ImportParameters(rsaParameters);

var xml = rsaAlg.ToXmlString(!rsaAlg.PublicOnly);
    0 讨论(0)
  • 清酒与你
    2020-12-03 07:12

    For the issue I encountered a code change was not an option as the same library was installed and working elsewhere.

    Iridium's answer lead me to look making the key exportable and I was able to this as part of the MMC Certificate Import Wizard.

    Hope this helps someone else. Thanks heaps

    0 讨论(0)
 看不清?
提交回复
热议问题