问题
i am using a certificate generated by makecert which has both private and public key. The java side uses this public key to encrypt the data and .net decrypts it back.
I am trying to decrypt Java's encrypted 64 bit encoded string and getting bad data.
To see if all is good on.Net end, I frist tried to encrypt with the public key and then decrypt with private using the same certificate. My code looks like this.
X509Certificate2 cert = GetCert(key, StoreName.My, StoreLocation.LocalMachine);
RSACryptoServiceProvider provider = (RSACryptoServiceProvider)cert.PrivateKey;
RSACryptoServiceProvider publicprovider = (RSACryptoServiceProvider)cert.PublicKey.Key;
if (cert.HasPrivateKey)
MessageBox.Show("Got private key");
byte[] encrypted = publicprovider.Encrypt(Encoding.UTF8.GetBytes(text), false);
byte[] decryptedBytes = provider.Decrypt(encrypted, false);
Even here I am getting the error. Am i Missing something?
The certificate looks valid with both public and private key.
回答1:
I had the same problem with a self-signed cert, the issue was that I was generating the cert with the switch -sky signature
instead of -sky exchange
(you use signature for signing and exchange for encryption/decryption)
Here is my full command to makecert that works:
makecert -r -pe -a sha1 -n "CN=MyName" -ss my -sr CurrentUser -sky exchange
回答2:
The following code works fine for me:
RSACryptoServiceProvider privateKey = new RSACryptoServiceProvider();
privateKey.FromXmlString("<RSAKeyValue><Modulus>wL8s+C8SnnlaaqR+VsyijmxOJOARNa4o7ZNsqfy3+9J9Ol2JNSjjMfQWoUnFtClzJBlZhU5KtuazQe8ZKXTX9YvKoJdRhlsonZkC04qiTMdO/FZIH00GrCRxeQ7XDnQnvPB9Bdsvs//7zrY3f7eLIkpIyK9cQHU+5jjJd5IT0eE=</Modulus><Exponent>AQAB</Exponent><P>83xxN7jvpg5z16pxz2tIQIdqd/EfmikR9Q2TjG2tosWkUSvtyx0xHZ9EqdTUbSGZZ+jgrabzkafYc7Mplylwew==</P><Q>yqcnYSZEXHwJvRWi2V09PNEENTozQZywcFptUUGar9TciaQvoNv3lpnfzUKNBRdhzq4lImxkamajZlTWE5buUw==</Q><DP>37HqilkbwyHwB6mOGhPkM3S1ujAK6qTk3JB2iEOTjMGrru9+7maJYz+Z47Wm3ARMXgyzrpZ9m8nqsJFfmoL11Q==</DP><DQ>v285tv8kMs2FkZYfuP/oOkwkkneBNejjj68Md2bmzlThZDCyQV2pvB1tmgPVHUsiPNCrCaKlFRISJzfa5rR8Ow==</DQ><InverseQ>fgJE2TRe/SS+YqW0/I+FtHrdfbbao0/R3pHD4r4oceZQUemlBgZ7DxOAetebHKthlOdjGkmfWYB8EU4XoWggqw==</InverseQ><D>FMLCwjy3wbAKiCANp6XFAJgz1o7365NFv0k41BpvasViTa4TgFFWH2ROJ7M9g0lPqJy+YrhrHcY9mqV5TVjTheQp0JeckrgO2B39XngPMAMMdne3rWGpf0Pfbj3FLfchMk6XYDXSZzCS2CmSeRA4aBMb+4R3YurixyJLrnGRMH0=</D></RSAKeyValue>");
RSACryptoServiceProvider publicKey = new RSACryptoServiceProvider();
publicKey.FromXmlString("<RSAKeyValue><Modulus>wL8s+C8SnnlaaqR+VsyijmxOJOARNa4o7ZNsqfy3+9J9Ol2JNSjjMfQWoUnFtClzJBlZhU5KtuazQe8ZKXTX9YvKoJdRhlsonZkC04qiTMdO/FZIH00GrCRxeQ7XDnQnvPB9Bdsvs//7zrY3f7eLIkpIyK9cQHU+5jjJd5IT0eE=</Modulus><Exponent>AQAB</Exponent></RSAKeyValue>");
{
string text = "foo";
byte[] encrypted = publicKey.Encrypt(Encoding.UTF8.GetBytes(text), false);
byte[] decryptedBytes = privateKey.Decrypt(encrypted, false);
}
Can you double-check that the exported private key is from cert.PrivateKey and the public key is from cert.PublicKey.Key?
回答3:
I stumbled across this page when I was trying to find examples of makcert usage with x509 certificates and rsa using c#, and unfortunately it only provided part of the solution. I put all the bits together in a blog entry that people might be interested in, and it can be found here: http://nick-howard.blogspot.com/2011/05/makecert-x509-certificates-and-rsa.html
回答4:
I finally found the problem. I wasn't putting the key to makecert to define it as RSA Crypto key.
来源:https://stackoverflow.com/questions/1623189/rsacryptoserviceprovider-using-x509-certificates-c-sharp