问题描述

我正在尝试找到一种方法来从 powershell 脚本中授予私钥的权限.证书存储在 CNG 中.欢迎提出任何想法.

I'm trying to find a way to grant permissions for private key from powershell script. Certificate is stored in CNG. All ideas are welcome.

推荐答案

用于获取私钥文件名的 Cmdlet 代码.

Cmdlet code for getting private key filename.

[Cmdlet("Get", "PrivateKeyName")]
public class GetKeyNameCmdlet : Cmdlet
{
    [Parameter(Position = 0, Mandatory = false)]
    public X509Certificate2 Cert;

    protected override void ProcessRecord()
    {
        WriteObject(GetUniqueKeyName(Cert));
    }

    private static string GetUniqueKeyName(X509Certificate2 cert)
    {
        if (cert == null)
            throw new ArgumentNullException("cert");

        var cngPrivateKey = cert.GetCngPrivateKey();

        if (cngPrivateKey != null)
            return cngPrivateKey.UniqueName;

        var rsaPrivateKey = cert.PrivateKey as RSACryptoServiceProvider;
        if (rsaPrivateKey != null)
            return rsaPrivateKey.CspKeyContainerInfo.UniqueKeyContainerName;

         throw new Exception("cert");
    }
}

使用 cmdlet.CngCrypt.dll - 带有 cmdlet 代码的 dll.

using cmdlet. CngCrypt.dll - dll with cmdlet code.

  Import-Module .\CngCrypt.dll
  $local:certificateRootPath = join-path $env:ALLUSERSPROFILE      '\Microsoft\Crypto\RSA\MachineKeys\'
  $WorkingCert = Get-ChildItem CERT:\LocalMachine\My |where {$_.Subject -match 'Test'}| sort
  Get-PrivateKeyName ($WorkingCert)

这篇关于如何从powershell授予私钥权限的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！