0

我想读取 EFS 证书(比如从 pfx 文件中)并临时使用它来读取/写入一些文件。(一旦程序退出,我希望它不会保留在任何商店中。)它看起来可能会提供此功能,但是当我尝试它时SetUserFileEncryptionKey,我得到了一个奇怪的返回码( )。0x80092004这是我的代码:

var x509Cert = new X509Certificate2(@"C:\Users\Public\Downloads\key.pfx", "<mypass>");
var certContext = Marshal.PtrToStructure<CertContext>(x509Cert.Handle);

var blob = new EfsCertificateBlob
{
    dwCertEncodingType = certContext.dwCertEncodingType,
    cbData = certContext.cbCertEncoded,
    pbData = certContext.pbCertEncoded,
};

var pCertBlob = Marshal.AllocHGlobal(Marshal.SizeOf(blob));
Marshal.StructureToPtr(blob, pCertBlob, false);

var id = WindowsIdentity.GetCurrent();
var curStringSid = id.User?.Value;
Console.WriteLine(curStringSid);

ConvertStringSidToSid(curStringSid, out var sidPtr);

var certStruct = new EncryptionCertificate
{
    cbTotalLength = (uint) Marshal.SizeOf(typeof(EncryptionCertificate)),
    pUserSid = sidPtr,
    pCertBlob = pCertBlob,
};

var res = SetUserFileEncryptionKey(certStruct);

Console.WriteLine($"Result: 0x{res:X}"); // Result: 0x80092004

这也是我的互操作代码:

[StructLayout(LayoutKind.Sequential)]
public class CertContext
{
    public uint dwCertEncodingType;
    public IntPtr pbCertEncoded;
    public uint cbCertEncoded;
    public IntPtr pCertInfo;
    public IntPtr hCertStore;
}

[StructLayout(LayoutKind.Sequential)]
public class EfsCertificateBlob
{
    public uint dwCertEncodingType;
    public uint cbData;
    public IntPtr pbData;
}

[StructLayout(LayoutKind.Sequential)]
public class EncryptionCertificate
{
    public uint cbTotalLength;
    public IntPtr pUserSid;
    public IntPtr pCertBlob;
}

[DllImport("Advapi32.dll")]
public static extern uint SetUserFileEncryptionKey(EncryptionCertificate pEncryptionCertificate);

SetUserFileEncryptionKey我希望它做的事吗?我在这里做错了什么?

(我的用例是处理我不希望用户以后能够读取或重新分发的敏感数据。所以我希望这些文件在进程终止后就无法访问。)

4

1 回答 1

0

这似乎0x80092004CRYPT_E_NOT_FOUND并且SetUserFileEncryptionKey仅适用于已经是用户证书存储的一部分的证书。当我导入相关证书时,上面的代码返回ERROR_SUCCESS. 看来这个功能不能满足我希望的用例。

于 2020-10-14T17:44:05.280 回答