我有一个生成一个BouncyCastle的RSA密钥对。我需要加密的私钥,然后将加密的私钥和公钥存储到单独SQL2008数据库字段。
I have a function that generates a BouncyCastle RSA key pair. I need to encrypt the private key and then store the encrypted private and public keys into separate SQL2008 database fields.
我使用以下命令获取密钥对:
I am using the following to get the keypair:
private static AsymmetricCipherKeyPair createASymRandomCipher()
{
RsaKeyPairGenerator r = new RsaKeyPairGenerator();
r.Init(new KeyGenerationParameters(new SecureRandom(), 1024));
AsymmetricCipherKeyPair keys = r.GenerateKeyPair();
return keys;
}
这是返回键很好,但我不知道我怎么能那么加密私钥,然后将其存储在数据库中。
This is returning the keys fine, but I am not sure how I can then encrypt the private key and subsequently store it in the database.
这是我目前使用的是什么加密的数据(不正确):
This is what I am currently using the encrypt the data (incorrectly?):
public static byte[] encBytes2(AsymmetricKeyParameter keyParam, byte[] Key, byte[] IV)
{
MemoryStream ms = new MemoryStream();
Rijndael rjdAlg = Rijndael.Create();
rjdAlg.Key = Key;
rjdAlg.IV = IV;
CryptoStream cs = new CryptoStream(ms, rjdAlg.CreateEncryptor(), CryptoStreamMode.Write);
byte[] keyBytes = System.Text.Encoding.Unicode.GetBytes(keyParam.ToString());
cs.Write(keyBytes, 0, keyBytes.Length);
cs.Close();
byte[] encryptedData = ms.ToArray();
return encryptedData;
}
显然keyBytes设置在那里我将keyParam.ToString()是不正确的,因为它只转换KeyParameter的名称,而不是实际值。我提交给这个函数的previous密钥对回报keys.Private的。
Obviously the keyBytes setting where I am converting keyParam.ToString() is not correct as it only converts the KeyParameter name, not the actual value. I am submitting to this function the previous key pair return of keys.Private.
另一个问题是,因为我不加密的公钥什么格式应在SQL2008数据库中,我将存储此,为nvarchar(256)或其他?
The other question is as I am not encrypting the Public Key what format should I be storing this in the SQL2008 database, nvarchar(256) or other?
任何帮助将是很大的AP preciated。
Any help would be greatly appreciated.
推荐答案
有关原因,应该清楚,默认的(也许是无意的)序列化不会只应写在非常有限的情况下私钥发挥出色。
For reasons that should be clear, default (and perhaps inadvertent) serialization does not play well with private keys which should only be written out in very limited situations.
BouncyCastle的具有用于PKCS#8,这是序列的专用密钥的相关标准的支持。有所谓的PrivateKeyInfo进行和EncryptedPrivateKeyInfo ASN.1结构。因为他们在ASN.1有标准的方式进行序列化/反序列化它们。顾名思义,1存储在明文的密钥,所述其它加密基于一个密码键。
BouncyCastle has support for PKCS#8, which is the relevant standard for "serializing" private keys. There are ASN.1 structures called PrivateKeyInfo and EncryptedPrivateKeyInfo. Since they are in ASN.1 there are standard ways to serialize/deserialize them. As the name suggests, one stores the key in plaintext, the other encrypts the key based on a password.
有关公共密钥 - 这些通常不会被加密。 BC支持SubjectPublicKeyInfo进行的X.509标准格式序列化他们。
For the public keys - these would not ordinarily be encrypted. BC supports the X.509 standard format of SubjectPublicKeyInfo for serializing them.
在C#编译,高级班来看看是:
In the C# build, the high-level classes to look at would be:
Org.BouncyCastle.Security.PrivateKeyFactory Org.BouncyCastle.Security.PublicKeyFactory Org.BouncyCastle.Pkcs.EncryptedPrivateKeyInfoFactory Org.BouncyCastle.Pkcs.PrivateKeyInfoFactory Org.BouncyCastle.X509.SubjectPublicKeyInfoFactory相关推荐
最新文章