解密与PrivateKey X.509证书证书、PrivateKey

由网友(原谅莪对迩旳伪冷漠-)分享简介:我有一个问题要解密消息usgin X.509证书。I have a problem to decrypt a message usgin X.509 Certificate.我产生我与makecert证书此选项:I generate my certificate with makecert with this o...

我有一个问题要解密消息usgin X.509证书。

I have a problem to decrypt a message usgin X.509 Certificate.


I generate my certificate with makecert with this options:

makecert -r -pe -n "CN=MyCertificate" -ss CA -sr CurrentUser -a sha1 -sky signature -cy authority -sv CA.pvk CA.cer


And the PrivateKey was "mypassword".


My problem is when I want to decrypt a message encrypt with previous certificate in c#.

我发现这个类 HTTP://blog.shutupand$c$c.net / P = 660 ,但在 X509Decrypt 的方法,百达的PrivateKey为空。

I found this class http://blog.shutupandcode.net/?p=660, but in the X509Decrypt method allways the PrivateKey is null.

public static byte[] X509Decrypt(byte[] data, string certificateFile, string password)
    // load the certificate and decrypt the specified data
    using (var ss = new System.Security.SecureString())
        foreach (var keyChar in password.ToCharArray())

        // load the password protected certificate file
        X509Certificate2 cert = new X509Certificate2(certificateFile, ss);

        using (RSACryptoServiceProvider rsa = (RSACryptoServiceProvider)cert.PrivateKey)
            return rsa.Decrypt(data, true);


I tried passing the certificate file (.cer)

X509DecryptString(token, @"c:CA.cer", "mypassword");


And passing the pvk file (.pvk)

X509DecryptString(token, @"c:CA.pvk", "mypassword");


But allways have that the PrivateKey property is null.


Can anyone guide me to decrypt the message using the pvk file?




证书本身仅包含公钥(+某些数据),而不是私钥。 (这是非常不可能的RSA私钥是保护你的私钥可能是输入mypassword输入mypassword的密码,但私钥本身(更具体地说是专用指数,在RSA)将是一个相当长的数字。)

The certificate itself only contains the public key (+ some data), but not the private key. (It's very unlikely that the RSA private key is "mypassword". The password that protects your private key may be "mypassword", but the private key itself (more specifically the private exponent, in RSA) will be a rather long number.)

结果(因为 CA.cer 只包含证书), X509DecryptString(令牌,@C: CA.cer 输入mypassword)将几乎肯定无法正常工作。

As a result (because CA.cer only contains the certificate), X509DecryptString(token, @"c:CA.cer", "mypassword") will almost certainly not work.

X509DecryptString(令牌,@C: CA.pvk,输入mypassword); 可以工作的原则,但要创建一个 X509Certificate2 从它的对象,它仍然需要证书和私钥。你应该能够加载从PKCS#12容器(或.p12 / .PFX)。

X509DecryptString(token, @"c:CA.pvk", "mypassword"); could work in principle, but you're creating a X509Certificate2 object from it, and it still needs the certificate and the private key. You should be able to load that from a PKCS#12 container (.p12/.pfx).

要创建这个容器,你可以使用 pvk2pfx

To create this container, you can use pvk2pfx:

pvk2pfx -spc CA.cer -pvk CA.pvk -pfx CA.pfx

(如果没有指定 -pfx CA.pfx ,将推出的人机交互界面,在这种情况下,你需要勾选框,导出私钥。)

(If you don't specify -pfx CA.pfx, it will launch the interactive interface, in which case you need to tick the box to export the private key.)

然后,尝试使用PFX / P12文件,而不是来解密。

Then, try to decrypt using that pfx/p12 file instead.


