我正在编写一个可以在证书存储中创建证书的代码,并且我正在使用 CNG。其实不是真的在写,而是改编自 MSDN 的一个例子。我的代码可以编译,它为某些算法创建密钥,但这些密钥都不能用于创建证书。对于大多数人来说,它说“未知的密码算法”。
这是我的代码的一部分,它尝试所有可用的算法并为每个算法创建一个密钥和证书:
NCRYPT_PROV_HANDLE ncrypt_prov;
err = NCryptOpenStorageProvider(
&ncrypt_prov
, NULL // provider name - use default
, 0 // flags - none exist as of 2019
); RAISE_ERRCODE(err);
NCRYPT_KEY_HANDLE key;
for (const auto* algo : algos)
{
std::cout << "trying ";
std::wcout << algo << std::endl;
err = NCryptCreatePersistedKey(
ncrypt_prov
, &key
, algo
, NULL // create ephemeral key
, 0 // legacy key spec param
, 0 // flags
);
if (err != ERROR_SUCCESS)
{
std::cout << "when creating a key: ";
print_error(err);
continue;
}
PCCERT_CONTEXT cert = CertCreateSelfSignCertificate(
key
, &subject_name
, 0
, NULL
, NULL
, NULL
, NULL
, NULL
);
if (cert == 0)
{
auto err = GetLastError();
std::cout << "when crafting a certificate: ";
print_error(err);
continue;
}
std::cout << "certificate created with algo " << algo << std::endl;
}
我从这里得到的算法列表。
以下是所有尝试过的算法的错误输出:
trying 3DES
when crafting a certificate: Errcode 80091002
Details: Unknown cryptographic algorithm.
trying 3DES_112
when crafting a certificate: Errcode 80091002
Details: Unknown cryptographic algorithm.
trying AES
when crafting a certificate: Errcode 80091002
Details: Unknown cryptographic algorithm.
trying AES-CMAC
when creating a key: Errcode 80090029
Details: The requested operation is not supported.
trying AES-GMAC
when creating a key: Errcode 80090029
Details: The requested operation is not supported.
trying CAPI_KDF
when crafting a certificate: Errcode 80091002
Details: Unknown cryptographic algorithm.
trying DES
when crafting a certificate: Errcode 80091002
Details: Unknown cryptographic algorithm.
trying DESX
when crafting a certificate: Errcode 80091002
Details: Unknown cryptographic algorithm.
trying DH
when crafting a certificate: Errcode 32
Details: The request is not supported.
trying DSA
when crafting a certificate: Errcode 8009000b
Details: Key not valid for use in specified state.
trying ECDH_P256
when crafting a certificate: Errcode 8009000b
Details: Key not valid for use in specified state.
trying ECDH_P384
when crafting a certificate: Errcode 8009000b
Details: Key not valid for use in specified state.
trying ECDH_P521
when crafting a certificate: Errcode 8009000b
Details: Key not valid for use in specified state.
trying ECDSA_P256
when crafting a certificate: Errcode 8009000b
Details: Key not valid for use in specified state.
trying ECDSA_P384
when crafting a certificate: Errcode 8009000b
Details: Key not valid for use in specified state.
trying ECDSA_P521
when crafting a certificate: Errcode 8009000b
Details: Key not valid for use in specified state.
trying MD2
when creating a key: Errcode 80090029
Details: The requested operation is not supported.
trying MD4
when creating a key: Errcode 80090029
Details: The requested operation is not supported.
trying MD5
when creating a key: Errcode 80090029
Details: The requested operation is not supported.
trying RC2
when crafting a certificate: Errcode 80091002
Details: Unknown cryptographic algorithm.
trying RC4
when creating a key: Errcode 80090029
Details: The requested operation is not supported.
trying RNG
when creating a key: Errcode 80090029
Details: The requested operation is not supported.
trying DUALECRNG
when creating a key: Errcode 80090029
Details: The requested operation is not supported.
trying FIPS186DSARNG
when creating a key: Errcode 80090029
Details: The requested operation is not supported.
trying RSA
when crafting a certificate: Errcode 8009000b
Details: Key not valid for use in specified state.
trying RSA_SIGN
when creating a key: Errcode 80090029
Details: The requested operation is not supported.
trying SHA1
when creating a key: Errcode 80090029
Details: The requested operation is not supported.
trying SHA256
when creating a key: Errcode 80090029
Details: The requested operation is not supported.
trying SHA384
when creating a key: Errcode 80090029
Details: The requested operation is not supported.
trying SHA512
when creating a key: Errcode 80090029
Details: The requested operation is not supported.
trying SP800_108_CTR_HMAC
when crafting a certificate: Errcode 80091002
Details: Unknown cryptographic algorithm.
trying SP800_56A_CONCAT
when crafting a certificate: Errcode 80091002
Details: Unknown cryptographic algorithm.
trying PBKDF2
when crafting a certificate: Errcode 80091002
Details: Unknown cryptographic algorithm.
也许我只是在滥用新的 API?使用旧的 wincrypt32 时效果很好。