阅读this question(尤其是@dthorpe’s answer),我决定尝试CLR Security.
CLR安全库在CngKey class上放置了一个扩展方法来生成自签名证书,但我无法成功创建CngKey实例:
var key = CngKey.Create(Cngalgorithm.Sha1); //same with Sha256,Sha512 and MD5 //or var key = CngKey.Create(Cngalgorithm.Sha1,null,new CngKeyCreationParameters() { ExportPolicy = CngExportPolicies.AllowExport,KeyUsage = CngKeyUsages.AllUsages,KeyCreationoptions = CngKeyCreationoptions.MachineKey,});
任何这些行都会引发异常:
System.Security.Cryptography.CryptographicException was unhandled
HResult=-2146893783
Message=The requested operation is not supported.
Source=System.Core StackTrace: at System.Security.Cryptography.NCryptNative.CreatePersistedKey(SafeNCryptProviderHandle provider,String algorithm,String name,CngKeyCreationoptions options) at System.Security.Cryptography.CngKey.Create(Cngalgorithm algorithm,String keyName,CngKeyCreationParameters creationParameters) at System.Security.Cryptography.CngKey.Create(Cngalgorithm algorithm) at Tests.Program.Main(String[] args) at Program.cs:line 51
>我正在运行Windows 7机箱(因此它支持RPC,根据MSDN)
>尝试在Windows Server 2012框中,出现相同的错误
>该进程以管理员身份运行(因此无论如何都可以访问所有证书存储)
>服务CNG密钥隔离和远程过程调用(RPC)正在运行
任何帮助,将不胜感激.
解决方法
HRESULT descriptions和SO和MSDN上的方便搜索工具(我只是用谷歌搜索你的HRESULT代码-2146893783)
我找到了一个包含类似HRESULT失败代码的topic on MSDN,作者提供了link to MSDN article about CNG:
NCRYPT_ALGORITHM_GROUP_PROPERTY
L”Algorithm Group”
A null-terminated Unicode string that contains the name of the object’s algorithm group. This property only applies to keys. The following identifiers are returned by the Microsoft key storage provider:
- NCRYPT_RSA_ALGORITHM_GROUP
“RSA”,TheRSAalgorithm group.- NCRYPT_DH_ALGORITHM_GROUP
“DH”,TheDiffie-Hellmanalgorithm group.- NCRYPT_DSA_ALGORITHM_GROUP
“DSA”,TheDSAalgorithm group.- NCRYPT_ECDSA_ALGORITHM_GROUP
“ECDSA”,Theelliptic curve DSAalgorithm group.- NCRYPT_ECDH_ALGORITHM_GROUP
“ECDH”,Theelliptic curve Diffie-Hellmanalgorithm group.
我在MSDN上发现了一篇关于CNG Key Storage Providers的文章,其中包含类似的算法列表:
- Diffie-Hellman (DH)
Secret agreement and key exchange,512 to 4096 in 64-bit increments- Digital Signature Algorithm (DSA)
Signatures,512 to 1024 in 64-bit increments- Elliptic Curve Diffie-Hellman (ECDH)
Secret agreement and key exchange,P256,P384,P521- Elliptic Curve Digital Signature Algorithm (ECDSA)
Signatures,P521- RSA
asymmetric encryption and signing,512 to 16384 in 64-bit increments
所以,正如你所说,你只尝试过Sha1,Sha256,Sha512和MD5,也许你只是使用另一个algorithm from list available?你可以找到上面提到的那些:
> RSA
> ECDsa
> ECDiffieHellman
Here other developers successfully created其中一个并能够将其导出:
var cngKey = CngKey.Create(Cngalgorithm.ECDiffieHellmanP256,new CngKeyCreationParameters { ExportPolicy = CngExportPolicies.AllowPlaintextExport });
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 [email protected] 举报,一经查实,本站将立刻删除。
