string keyName = "c94a1e1f-177c-460a-8a34-bf1a3da300a2";
string valueToDecrypt = "GvI5sh1P3a30iX6vkfolier/rHFEDpfVhXngxp12AoUXgfCxkvICugNcvZ9yZLIrTJcsS3clyp8iA7ByRkxYvb1oYOzGznFYkKfWE/4mtarUdlyrLYX8ubYMEGeDfUIhisXGTkRe9ewr7QoNt4wJ8Avu+mRjTonPwzDGTE3f2CQ=";
string retVal = String.Empty;
RSACryptoServiceProvider rsa = null;
try
{
if (!String.IsNullOrEmpty(keyName))
{
byte[] bDecryptedValue = Convert.FromBase64String(valueToDecrypt);
// Array.Reverse(bDecryptedValue);
//byte[] bDecryptedValue = Encoding.UTF8.GetBytes(valueToDecrypt);
CspParameters cp = new CspParameters() { KeyContainerName = keyName, Flags = CspProviderFlags.UseExistingKey};
rsa = new RSACryptoServiceProvider(cp);
Console.WriteLine("RSE Object created");
byte[] byteNumber = rsa.Decrypt(bDecryptedValue, false);
retVal = ASCIIEncoding.ASCII.GetString(byteNumber);
}
}
当我在 WCF 应用程序中使用此代码时,它可以正常工作。但是当我在控制台应用程序上使用相同的代码时。Bad data从行抛出异常:
byte[] byteNumber = rsa.Decrypt(bDecryptedValue, false);
我在解密之前反转字节数组后尝试过,但也没有用。我还尝试创建加密密钥安全访问规则,因为在 IIS 中,应用程序池在“NetworkService”身份下运行。
CryptoKeySecurity cks = new CryptoKeySecurity();
var si = new SecurityIdentifier(WellKnownSidType.NetworkServiceSid, null);
var sec = new System.Security.AccessControl.CryptoKeyAccessRule(si, CryptoKeyRights.GenericAll, AccessControlType.Allow);
cks.AddAccessRule(sec);
cp.CryptoKeySecurity = cks;
知道是什么原因吗?
WCF 服务中使用的代码是
public string Decrypt(string keyName, string valueToDecrypt)
{
string retVal = String.Empty;
RSACryptoServiceProvider rsa = null;
try
{
if (!String.IsNullOrEmpty(keyName))
{
byte[] bDecryptedValue = Convert.FromBase64String(valueToDecrypt);
CspParameters cp = new CspParameters() { KeyContainerName = keyName, Flags = CspProviderFlags.UseExistingKey };
Console.WriteLine("Reached initialization");
rsa = new RSACryptoServiceProvider(cp);
byte[] byteNumber = rsa.Decrypt(bDecryptedValue, false);
retVal = ASCIIEncoding.ASCII.GetString(byteNumber);
}
}
catch (Exception ex)
{
retVal = ex.Message;
}
finally
{
if (rsa != null)
{
rsa.Dispose();
}
}
return retVal;
}
用于加密的函数是
string Encrypt(string valueToEncrypt)
{
string retVal = String.Empty;
RSACryptoServiceProvider rsa = null;
try
{
Key currentKey = GetActiveCryptoKey();
// while running the Kay name is "c94a1e1f-177c-460a-8a34-bf1a3da300a2"
if ((currentKey != null) && (!String.IsNullOrEmpty(currentKey.KeyName)))
{
byte[] bDecryptedValue = ASCIIEncoding.ASCII.GetBytes(valueToEncrypt);
CspParameters cp = new CspParameters() { KeyContainerName = currentKey.KeyName, Flags = CspProviderFlags.UseExistingKey};
rsa = new RSACryptoServiceProvider(cp);
byte[] byteNumber = rsa.Encrypt(bDecryptedValue, false);
retVal = Convert.ToBase64String(byteNumber);
}
}
catch (FaultException fex)
{
throw new FaultException<ServiceFault>(new ServiceFault(fex), fex.Message);
}
catch (Exception ex)
{
LogException(ex);
}
finally
{
if (rsa != null)
{
rsa.Dispose();
}
}
return retVal;
}