I'm having some trouble importing and accessing a private key with the ASPNET user. I know that when one imports a private key (.pfx file) manually, in windows, you get an option to mark the key as exportable. Now, as far as I can tell, this is needed in order to retrieve that private key later on.
我在使用ASPNET用户导入和访问私钥时遇到了一些麻烦。我知道当手动导入私钥(.pfx文件)时,在Windows中,您可以选择将密钥标记为可导出。现在,据我所知,这是为了稍后检索该私钥所必需的。
My problem comes in that I'm importing the private key in code, as the ASPNET user, and there doesn't seem to be a way to mark it as exportable, in the way that the windows certificate import wizard does. To clarify, the import works just fine, but when I access the details on the now-imported certificate, there is no private key data.
我的问题在于,我在代码中导入私钥,作为ASPNET用户,并且似乎没有办法将其标记为可导出,就像Windows证书导入向导那样。为了澄清,导入工作正常,但是当我访问现在导入的证书上的详细信息时,没有私钥数据。
This is the code I'm using to import the certificate, once I have already opened the .pfx file, with the correct password.
这是我用于导入证书的代码,一旦我已经使用正确的密码打开.pfx文件。
public void ImportCertificate(X509Certificate2 cert, StoreName name, StoreLocation loc)
{
X509Store certStore = new X509Store(name, loc);
StorePermission permission = new StorePermission(PermissionState.Unrestricted);
permission.Flags = StorePermissionFlags.AddToStore;
permission.Assert();
certStore.Open(OpenFlags.ReadWrite);
certStore.Add(cert);
certStore.Close();
}
Am I mucking up the permissions or the way I import this private key? Or am I going about this the wrong way entirely?
我是否正在修改权限或导入此私钥的方式?或者我完全以错误的方式解决这个问题?
1 个解决方案
#1
1
I believe you need to set the X509KeyStorageFlags.Exportable flag when you import the certificate. You don't show that code, but there is an overload of the Import method with this signature:
我相信您需要在导入证书时设置X509KeyStorageFlags.Exportable标志。您没有显示该代码,但使用此签名的Import方法存在重载:
public override void Import(string fileName, string password,
X509KeyStorageFlags keyStorageFlags);
or this one:
或者这一个:
public override void Import(byte[] rawData, string password,
X509KeyStorageFlags keyStorageFlags);
Which will let you set it before you import. Otherwise, everything looks good!
这将允许您在导入之前进行设置。否则,一切看起来都不错!
Richard
#1
1
I believe you need to set the X509KeyStorageFlags.Exportable flag when you import the certificate. You don't show that code, but there is an overload of the Import method with this signature:
我相信您需要在导入证书时设置X509KeyStorageFlags.Exportable标志。您没有显示该代码,但使用此签名的Import方法存在重载:
public override void Import(string fileName, string password,
X509KeyStorageFlags keyStorageFlags);
or this one:
或者这一个:
public override void Import(byte[] rawData, string password,
X509KeyStorageFlags keyStorageFlags);
Which will let you set it before you import. Otherwise, everything looks good!
这将允许您在导入之前进行设置。否则,一切看起来都不错!
Richard