发表新帖
发表新帖

Importing PKCS#8 encrypted key to RSACng?

后端 未结
关注
1 1033
感动是毒
感动是毒 2021-01-26 12:58

If I have encrypted RSA key in PKCS#8, can I somehow import it to RSACng as CngKeyBlobFormat.Pkcs8PrivateBlob? Or does this CngKeyBlobFormat.Pkcs

相关标签:
1条回答
  • 心在旅途
    2021-01-26 13:07

    CNG understands how to decrypt encrypted PKCS#8, but you need to give it a password. Since .NET doesn't ask you for the password (and it gets passed via a manner other than the properties) there isn't a good way to do it.

    Your options are pretty much:

    • P/Invoke so you can specify the NCRYPTBUFFER_PKCS_SECRET value.
    • Change your process so that you have an unencrypted PKCS#8.
    • Change your process so that you have a PFX/PKCS#12 instead of an encrypted PKCS#8 (and then change to reading it via X509Certificate2).
    • Wait for a future version of .NET Core, which will have the ability to load a PKCS#8, encrypted PKCS#8, and some other formats, directly into the RSA/DSA/ECDsa/ECDiffieHellman objects (feature is currently in the master branch).
    • Find a library which can decrypt it for you. Bouncy Castle can probably do it.

    See also: Digital signature in c# without using BouncyCastle

    0 讨论(0)
 看不清?
提交回复
热议问题