获取当前的ASP.NET机器密钥

好奇先生好奇也有机器钥匙. MachineKeySection上的属性并不好,因为它们可以得到 zeroed-out after initialization,这在您可以用反射来读取之前发生.

在当前的4.5框架中进行了一些挖掘之后,证明自动生成的密钥存储在HttpApplication.s_autogenKeys字节数组中.验证密钥是前64个字节,后跟24个字节的解密密钥.

如果您没有在4.5框架中选择加入新的加密内容,也就是说,您没有设置< httpRuntime targetFramework =“4.5”>在你的web.config(如果你有一个应用程序,你创建与以前的版本的框架的情况),那么你得到这样的键：

byte[] autogenKeys = (byte[])typeof(HttpRuntime).GetField("s_autogenKeys",BindingFlags.NonPublic | BindingFlags.Static).GetValue(null);

        int validationKeySize = 64;
        int decryptionKeySize = 24;

        byte[] validationKey = new byte[validationKeySize];
        byte[] decryptionKey = new byte[decryptionKeySize];

        Buffer.BlockCopy(autogenKeys,validationKey,validationKeySize);
        Buffer.BlockCopy(autogenKeys,validationKeySize,decryptionKey,decryptionKeySize);

        // This is the IsolateApps bit,which is set for both keys
        int pathHash = StringComparer.InvariantCultureIgnoreCase.GetHashCode(HttpRuntime.AppDomainAppVirtualPath);
        validationKey[0] = (byte)(pathHash & 0xff);
        validationKey[1] = (byte)((pathHash & 0xff00) >> 8);
        validationKey[2] = (byte)((pathHash & 0xff0000) >> 16);
        validationKey[3] = (byte)((pathHash & 0xff000000) >> 24);

        decryptionKey[0] = (byte)(pathHash & 0xff);
        decryptionKey[1] = (byte)((pathHash & 0xff00) >> 8);
        decryptionKey[2] = (byte)((pathHash & 0xff0000) >> 16);
        decryptionKey[3] = (byte)((pathHash & 0xff000000) >> 24);

两个键的默认值为AutoGenerate,IsolateApps; IsolateApps位要求将应用程序路径哈希的前四个字节复制到键的开头.

如果您选择加入cryptographic improvements in fx4.5,那么您必须挖掘MachineKeyMasterKeyProvider获得有效的密钥.

获取没有HttpApplication的密钥

HttpApplication通过从SetAutogenKeys()调用webengine4.dll中的本机方法获取其关键字.我们也可以自己调用DLL.我们需要知道的是我们的应用路径.

假设我们要获取根应用程序的自动生成的键“/”.

使用LinqPad

[DllImport(@"C:WindowsMicrosoft.NETFrameworkv4.0.30319webengine4.dll")]
internal static extern int EcbCallISAPI(IntPtr pECB,int iFunction,byte[] bufferIn,int sizeIn,byte[] bufferOut,int sizeOut);

void Main()
{
    string appPath = "/";
    byte[] genKeys = new byte[1024];
    byte[] autogenKeys = new byte[1024];

    int res = EcbCallISAPI(IntPtr.Zero,4,genKeys,genKeys.Length,autogenKeys,autogenKeys.Length);

    if (res == 1) {
        // Same as above
        int validationKeySize = 64;
        int decryptionKeySize = 24;

        byte[] validationKey = new byte[validationKeySize];
        byte[] decryptionKey = new byte[decryptionKeySize];

        Buffer.BlockCopy(autogenKeys,decryptionKeySize);

        int pathHash = StringComparer.InvariantCultureIgnoreCase.GetHashCode(appPath);
        validationKey[0] = (byte)(pathHash & 0xff);
        validationKey[1] = (byte)((pathHash & 0xff00) >> 8);
        validationKey[2] = (byte)((pathHash & 0xff0000) >> 16);
        validationKey[3] = (byte)((pathHash & 0xff000000) >> 24);

        decryptionKey[0] = (byte)(pathHash & 0xff);
        decryptionKey[1] = (byte)((pathHash & 0xff00) >> 8);
        decryptionKey[2] = (byte)((pathHash & 0xff0000) >> 16);
        decryptionKey[3] = (byte)((pathHash & 0xff000000) >> 24);

        Console.WriteLine("DecryptionKey: {0}",decryptionKey.Aggregate(new StringBuilder(),(acc,c) => acc.AppendFormat("{0:x2}",c),acc => acc.ToString()));
        Console.WriteLine("ValidationKey: {0}",validationKey.Aggregate(new StringBuilder(),acc => acc.ToString()));
    }
}

从MachineKeyMasterKeyProvider获取密钥

通过使用internal constructor实例化MachineKeyMasterKeyProvider,然后传入如上面代码中获取的autogenKeys字节数组,可以访问新的fx4.5内容的键.提供程序具有GetEncryptionKey和GetValidationKey方法来获取实际的键.