c# – CngKey.Create不支持请求的操作

发布时间：2020-12-15 22:38:03 所属栏目：百科来源：网络整理

导读：我正在尝试在C#程序集中(以编程方式)生成自签名证书(以.NET 4.0为目标),以充当根CA以生成其他证书.证书不需要在 Windows证书存储中保留,我将其导出为文件. 阅读this question(尤其是@dthorpe’s answer),我决定尝试CLR Security. CLR安全库在CngKey class上

我正在尝试在C#程序集中(以编程方式)生成自签名证书(以.NET 4.0为目标),以充当根CA以生成其他证书.证书不需要在 Windows证书存储中保留,我将其导出为文件.

阅读this question(尤其是@dthorpe’s answer),我决定尝试CLR Security.

CLR安全库在CngKey class上放置了一个扩展方法来生成自签名证书,但我无法成功创建CngKey实例：

var key = CngKey.Create(CngAlgorithm.Sha1); //same with Sha256,Sha512 and MD5
//or
var key = CngKey.Create(CngAlgorithm.Sha1,null,new CngKeyCreationParameters()
{
    ExportPolicy = CngExportPolicies.AllowExport,KeyUsage = CngKeyUsages.AllUsages,KeyCreationOptions = CngKeyCreationOptions.MachineKey,});

任何这些行都会引发异常：

System.Security.Cryptography.CryptographicException was unhandled
HResult=-2146893783
Message=The requested operation is not supported.

Source=System.Core  
StackTrace:  
  at System.Security.Cryptography.NCryptNative.CreatePersistedKey(SafeNCryptProviderHandle provider,String algorithm,String name,CngKeyCreationOptions options)  
  at System.Security.Cryptography.CngKey.Create(CngAlgorithm algorithm,String keyName,CngKeyCreationParameters creationParameters)  
  at System.Security.Cryptography.CngKey.Create(CngAlgorithm algorithm)  
  at Tests.Program.Main(String[] args) at Program.cs:line 51

搜索SO和互联网,我检查了以下内容：

>我正在运行Windows 7机箱(因此它支持RPC,根据MSDN)
>尝试在Windows Server 2012框中,出现相同的错误
>该进程以管理员身份运行(因此无论如何都可以访问所有证书存储)
>服务CNG密钥隔离和远程过程调用(RPC)正在运行

任何帮助,将不胜感激.

解决方法

小偏离主题：在谷歌搜索这个问题期间发现 a site with HRESULT descriptions和SO和MSDN上的方便搜索工具(我只是用谷歌搜索你的HRESULT代码-2146893783)

我找到了一个包含类似HRESULT失败代码的topic on MSDN,作者提供了link to MSDN article about CNG：

NCRYPT_ALGORITHM_GROUP_PROPERTY
L”Algorithm Group”
A null-terminated Unicode string that contains the name of the object’s algorithm group. This property only applies to keys. The following identifiers are returned by the Microsoft key storage provider:

NCRYPT_RSA_ALGORITHM_GROUP
“RSA”,The RSA algorithm group.

NCRYPT_DH_ALGORITHM_GROUP
“DH”,The Diffie-Hellman algorithm group.

NCRYPT_DSA_ALGORITHM_GROUP
“DSA”,The DSA algorithm group.

NCRYPT_ECDSA_ALGORITHM_GROUP
“ECDSA”,The elliptic curve DSA algorithm group.

NCRYPT_ECDH_ALGORITHM_GROUP
“ECDH”,The elliptic curve Diffie-Hellman algorithm group.

我在MSDN上发现了一篇关于CNG Key Storage Providers的文章,其中包含类似的算法列表：

Diffie-Hellman (DH)
Secret agreement and key exchange,512 to 4096 in 64-bit increments

Digital Signature Algorithm (DSA)
Signatures,512 to 1024 in 64-bit increments

Elliptic Curve Diffie-Hellman (ECDH)
Secret agreement and key exchange,P256,P384,P521

Elliptic Curve Digital Signature Algorithm (ECDSA)
Signatures,P521

RSA
Asymmetric encryption and signing,512 to 16384 in 64-bit increments

所以,正如你所说,你只尝试过Sha1,Sha256,Sha512和MD5,也许你只是使用另一个algorithm from list available？你可以找到上面提到的那些：

> RSA
> ECDsa

> P256
> P384
> P521

> ECDiffieHellman

> P256
> P384
> P521

Here other developers successfully created其中一个并能够将其导出：

var cngKey = CngKey.Create(CngAlgorithm.ECDiffieHellmanP256,new CngKeyCreationParameters { ExportPolicy = CngExportPolicies.AllowPlaintextExport });

（编辑：李大同）

【声明】本站内容均来自网络，其相关言论仅代表作者个人观点，不代表本站立场。若无意侵犯到您的权利，请及时与联系站长删除相关内容!