我正在尝试编写一个应用程序,该应用程序将使用存储在数据库中的证书(公钥和私钥)对 xml 文件进行签名。
我遇到的问题是,每当我从文件(而不是从数据库)加载 pfx 文件时,并尝试使用以下方法计算 xml 的签名:
var cert = new X509Certificate2(@"c:\temp\cert.pfx");
var signedXml = new SignedXml(doc) {SigningKey = cert};
signedXml.ComputeSignature();
我得到以下异常:
An exception of type 'System.Security.Cryptography.CryptographicException' occurred in mscorlib.dll but was not handled in user code
Additional information: The system cannot find the file specified.
at System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr)
at System.Security.Cryptography.Utils.SignValue(SafeKeyHandle hKey, Int32 keyNumber, Int32 calgKey, Int32 calgHash, Byte[] hash, Int32 cbHash, ObjectHandleOnStack retSignature)
at System.Security.Cryptography.Utils.SignValue(SafeKeyHandle hKey, Int32 keyNumber, Int32 calgKey, Int32 calgHash, Byte[] hash)
at System.Security.Cryptography.RSACryptoServiceProvider.SignHash(Byte[] rgbHash, Int32 calgHash)
at System.Security.Cryptography.RSAPKCS1SignatureFormatter.CreateSignature(Byte[] rgbHash)
at System.Security.Cryptography.Xml.SignedXml.ComputeSignature()
<snip>
... my code
</snip>
我使用以下内容创建了 pfx:
makecert -r -pe -n "CN=CompanyXYZ Server" -b 01/01/2007 -e 01/01/2010 -sky exchange Server.cer -sv Server.pvk
pvk2pfx.exe -pvk Server.pvk -spc Server.cer -pfx Server.pfx
只是为了进一步澄清这一点。它正在 ASP.NET 网站中使用,我无法将“加载用户配置文件”设置为 true。