问题
I want to encrypt a XML file by using a X.509 certificate and also decrypt it, too. As far as I know I need to use the public key (inside the certificate) to encrypt the XML and the private key to decrypt the XML. Thus only the guy with private key is able to read the decrypted data. Microsoft provides some code for encryption/decryption here:
Encryption: https://msdn.microsoft.com/en-us/library/ms229744(v=vs.110).aspx
Decryption: https://msdn.microsoft.com/en-us/library/ms229943(v=vs.110).aspx
As you can see from the first example a X.509 certificate will be loaded to encrypt the file. But the second example does not(!) load a certificate to decrypt the example. It seems that the encrypted file holds all the necessary data to be decrypted? Does this mean that the file can be decrypted by anybody? I think I have a lag of understanding here - why is it not necessary to use a certificate to decrypt the data?
Regards, Michael
回答1:
On decryption, the certificate is loaded from the computers certificate store. From your second link:
The code example in this procedure decrypts an XML element using an X.509 certificate from the local certificate store of the current user account.
In that example, the public key used to encrypt the XML is stored in the encrypted data and is used to look up the proper certificate from the store.
So the answer to your question -- "why is not necessary to use a certificate to decrypt the data" -- is: it is necessary. The certificate was loaded automatically.
来源:https://stackoverflow.com/questions/45059848/how-to-encrypt-decrypt-xml-wiith-x-509-certificate-correctly