0

System.Security.Cryptography.CryptographicException:密钥在指定状态下无效。

在 System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr) 在 System.Security.Cryptography.Utils._ExportKey(SafeKeyHandle hKey, Int32 blobType, Object cspObject) 在 System.Security.Cryptography.RSACryptoServiceProvider.ExportParameters(Boolean includePrivateParameters) 在 System .Security.Cryptography.RSA.ToXmlString(布尔值 includePrivateParameters)

现在,我相信会发生这种情况,因为当 Azure 将证书添加到我的 WorkerRole 部署时,它不会使用“将此密钥标记为可导出”选项安装证书。

我需要向我的工人角色添加一个证书才能解密加密设置。

任何人都对我如何使 Azure 将证书私钥标记为可导出有任何想法。或者如果这可能是另一个问题。

开始:

    try{

        var conn = System.Text.UTF8Encoding.UTF8.GetString(Decrypt(Convert.FromBase64String(setting), true, cert));

    }catch(Exception ex)
    {
        Trace.TraceError(ex.ToString());

    }

方法:

        public static X509Certificate2 LoadCertificate(StoreName storeName,
   StoreLocation storeLocation, string tprint)
        {
            X509Store store = new X509Store(storeName, storeLocation);

            try
            {
                store.Open(OpenFlags.ReadOnly);

                X509Certificate2Collection certificateCollection =
                     store.Certificates.Find(X509FindType.FindByThumbprint,
                                            tprint, false);

                if (certificateCollection.Count > 0)
                {
                    //  We ignore if there is more than one matching cert, 
                    //  we just return the first one.
                    return certificateCollection[0];
                }
                else
                {
                    throw new ArgumentException("Certificate not found");
                }
            }
            finally
            {
                store.Close();
            }
        }
    public static byte[] Decrypt(byte[] encryptedData, bool fOAEP,
                           X509Certificate2 certificate)
    {
        if (encryptedData == null)
        {
            throw new ArgumentNullException("encryptedData");
        }
        if (certificate == null)
        {
            throw new ArgumentNullException("certificate");
        }

        using (RSACryptoServiceProvider provider = new RSACryptoServiceProvider())
        {
            // Note that we use the private key to decrypt
            provider.FromXmlString(GetXmlKeyPair(certificate));

            return provider.Decrypt(encryptedData, fOAEP);
        }
    }
    public static string GetXmlKeyPair(X509Certificate2 certificate)
    {
        if (certificate == null)
        {
            throw new ArgumentNullException("certificate");
        }

        if (!certificate.HasPrivateKey)
        {
            throw new ArgumentException("certificate does not have a private key");
        }
        else
        {
            return certificate.PrivateKey.ToXmlString(true);
        }
    }
4

1 回答 1

0

我找到了解决方案。

答案在我的另一个问题中给出:如何通过 Azure 上的 ServiceDefinition 中给出的名称获得证书

于 2013-09-07T15:22:45.013 回答