1

使用以下代码调用 RSACryptoServiceProvider.SignData 时,我收到 System.ArgumentException "Value was invalid":

var csp = (RSACryptoServiceProvider)_certificate.PrivateKey;
string simpleName = CryptoConfig.MapNameToOID("SHA256");
return csp.SignData(data, simpleName);

该代码来自第三方示例,因此它应该在正确的情况下工作。看来这可能是由我的操作系统引起的,但我还没有找到解决方案,所以我想我会在这里发帖看看是否有人可以提供帮助?

.NET Framework:3.5 操作系统:Microsoft Windows Server 2003 R2 Enterprise Edition Service Pack 2

4

2 回答 2

4

在做了更多的挖掘之后,我设法找到了一个比编辑 machine.config 文件更合适的解决方案。您可以为自己有兴趣使用的算法指定 OID,然后将该值传递给 RSA 提供程序,如下所示:

public static string Sign(string data)
{   
    RSACryptoServiceProvider rsaProvider = new RSACryptoServiceProvider(); 
    HashAlgorithm algorithm = new SHA256CryptoServiceProvider();
    const string sha256Oid = "2.16.840.1.101.3.4.2.1";

    byte[] dataBytes = Encoding.ASCII.GetBytes(data);
    byte[] hashBytes= algorithm.ComputeHash(dataBytes);
    byte[] signedBytes = rsaProvider.SignHash(hashBytes, sha256Oid);
    string signature = Convert.ToBase64String(signedBytes);

    return signature;
}
于 2011-05-09T19:41:29.860 回答
1

从提供的链接:

“根本原因是 CryptoConfig 不理解 SHA256CryptoServiceProvider。它是作为 .NET 3.5 中绿色位的一部分添加的,并且由于分层限制,红色位(例如 RSACryptoServiceProvider 所在的 mscorlib.dll)不知道关于它的存在...

如果您使用的是 .Net Framework 4.0,则解决方法是修改“machine.config”文件:

%WINDIR%\Microsoft.NET\Framework\v4.0.xxxxx\ CONFIG  -> for x86
%WINDIR%\Microsoft.NET\Framework64\v4.0.xxxxx\CONFIG -> for x64

如果您使用的是 .Net Framework 3.5,则解决方法是修改“machine.config”文件:

%WINDIR%\Microsoft.NET\Framework\v2.0.xxxxx\ CONFIG  -> for x86
%WINDIR%\Microsoft.NET\Framework64\v2.0.xxxxx\CONFIG -> for x64

这是您需要在“machine.config”文件中创建的条目,以支持 SHA256CryptoServiceProvider、SHA256Cng、SHA384CryptoServiceProvider、SHA384Cng、SHA512CryptoServiceProvider 和 SHA512Cng。

<mscorlib>
    <cryptographySettings>
      <cryptoNameMapping>
        <cryptoClasses>
          <cryptoClass SHA256CSP="System.Security.Cryptography.SHA256CryptoServiceProvider, System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
          <cryptoClass SHA256CNG="System.Security.Cryptography.SHA256Cng, System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
          <cryptoClass SHA384CSP="System.Security.Cryptography.SHA384CryptoServiceProvider, System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
          <cryptoClass SHA384CNG="System.Security.Cryptography.SHA384Cng, System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
          <cryptoClass SHA512CSP="System.Security.Cryptography.SHA512CryptoServiceProvider, System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
          <cryptoClass SHA512CNG="System.Security.Cryptography.SHA512Cng, System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
        </cryptoClasses>
        <nameEntry name="SHA256" class="SHA256CSP" />
        <nameEntry name="SHA256CryptoServiceProvider" class="SHA256CSP" />
        <nameEntry name="System.Security.Cryptography.SHA256CryptoServiceProvider" class="SHA256CSP" />
        <nameEntry name="SHA256Next" class="SHA256CNG" />
        <nameEntry name="SHA256Cng" class="SHA256CNG" />
        <nameEntry name="System.Security.Cryptography.SHA256Cng" class="SHA256CNG" />
        <nameEntry name="SHA384" class="SHA384CSP" />
        <nameEntry name="SHA384CryptoServiceProvider" class="SHA384CSP" />
        <nameEntry name="System.Security.Cryptography.SHA384CryptoServiceProvider" class="SHA384CSP" />
        <nameEntry name="SHA384Next" class="SHA384CNG" />
        <nameEntry name="SHA384Cng" class="SHA384CNG" />
        <nameEntry name="System.Security.Cryptography.SHA384Cng" class="SHA384CNG" />
        <nameEntry name="SHA512" class="SHA512CSP" />
        <nameEntry name="SHA512CryptoServiceProvider" class="SHA512CSP" />
        <nameEntry name="System.Security.Cryptography.SHA512CryptoServiceProvider" class="SHA512CSP" />
        <nameEntry name="SHA512Next" class="SHA512CNG" />
        <nameEntry name="SHA512Cng" class="SHA512CNG" />
        <nameEntry name="System.Security.Cryptography.SHA512Cng" class="SHA512CNG" />
      </cryptoNameMapping>
      <oidMap>
        <oidEntry OID="2.16.840.1.101.3.4.2.1" name="SHA256" />
        <oidEntry OID="2.16.840.1.101.3.4.2.1" name="SHA256Next" />
        <oidEntry OID="2.16.840.1.101.3.4.2.2" name="SHA384" />
        <oidEntry OID="2.16.840.1.101.3.4.2.2" name="SHA384Next" />
        <oidEntry OID="2.16.840.1.101.3.4.2.3" name="SHA512" />
        <oidEntry OID="2.16.840.1.101.3.4.2.3" name="SHA512Next" />
      </oidMap>
    </cryptographySettings>
  </mscorlib>

链接:http: //blogs.msdn.com/b/winsdk/archive/2010/08/18/getting-a-system-argumentexception-value-was-invalid-when-trying-to-sign-data-using- sha256cryptoserviceprovider.aspx

于 2011-05-09T18:41:54.677 回答