问题描述

如何通过加密将CngKey导出到PKCS#8?

How can I export CngKey to PKCS#8 with encryption?

static void Main(string[] args)
    {
        CngKeyCreationParameters ckcParams = new CngKeyCreationParameters()
        {
            ExportPolicy = CngExportPolicies.AllowExport,
            KeyCreationOptions = CngKeyCreationOptions.None,
            KeyUsage = CngKeyUsages.AllUsages,
        };
        ckcParams.Parameters.Add(new CngProperty("Length", BitConverter.GetBytes(2048), CngPropertyOptions.None));

        myCngKey = CngKey.Create(CngAlgorithm.Rsa, "theCngKey", ckcParams);

        byte[] privatePlainTextBlob = myCngKey.Export(CngKeyBlobFormat.Pkcs8PrivateBlob);
 }

将ExportPolicy设置为AllowPlainTextExport允许导出密钥，但只能以纯文本形式导出.我想创建一个用对称密钥加密的PCKS8 blob.

Setting the ExportPolicy to AllowPlainTextExport allows the key to be exported, but only in plain text. I would like to create a PCKS8 blob which is encrypted with a symmetric key.

谢谢

推荐答案

由于 CngKey.Export 不接受密码，因此您必须手动P/Invoke以 NCryptExportKey ，提供了NCRYPTBUFFER_PKCS_SECRET值(Unicode/UCS-2编码的密码(带有显式的空终止符).

Since CngKey.Export doesn't accept a password, you'd have to manually P/Invoke to NCryptExportKey, providing a NCRYPTBUFFER_PKCS_SECRET value (Unicode/UCS-2 encoded password with explicit null terminator).

http://source.dot.net/#System.Security.Cryptography.Cng/Common/System/Security/Cryptography/ECCng.ImportExport.cs,8b172741466df7a1 可以用作构建参数列表的示例.不好玩.

http://source.dot.net/#System.Security.Cryptography.Cng/Common/System/Security/Cryptography/ECCng.ImportExport.cs,8b172741466df7a1 can be used as an example of building the parameter list. It's not fun.

这篇关于使用加密C#导出PKCS8中的CngKey的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！