如何在C#中从ePass3003 USB令牌导出私钥?

huangapple go评论90阅读模式
英文:

How to export private key from ePass3003 usb token in C#?

问题

我有一个USB签名令牌,其中包含RSA加密算法的公钥和私钥,我可以使用以下命令导出公钥文件:

openssl x509 -pubkey -noout -in mystamp.cer > pubkey.txt

现在我需要在C#中从USB令牌中导出与此公钥相对应的私钥。我使用以下代码:

X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly);
X509Certificate2 cert = store.Certificates.Find(X509FindType.FindByThumbprint, "71faaced4d4ae3d81399faa61fbc13c56bce0638", false)[0];
byte[] certBytes = cert.Export(X509ContentType.Pkcs12, "My Password Of Token");
var privateKey = (System.Security.Cryptography.RSACryptoServiceProvider)cert.PrivateKey;
var privateKeyString1 = privateKey.ToXmlString(false);
var privateKeyString2 = Convert.ToBase64String(certBytes);

但是当我将privateKeyString1或privateKeyString2传递给CryptoUtils.SignData()方法时,我收到私钥格式的错误。

英文:

I have a USB sign token that it is contains public key and private key with RSA Encryption Algorithm, I could export public key file with command

> openssl x509 -pubkey -noout -in mystamp.cer > pubkey.txt

Now I need to export private key this public key from token USB in c#.
Also I use this code

X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);

        store.Open(OpenFlags.ReadOnly);

        X509Certificate2 cert = store.Certificates.Find(X509FindType.FindByThumbprint, "71faaced4d4ae3d81399faa61fbc13c56bce0638", false)[0];

        // Export the certificate including the private key.
        byte[] certBytes = cert.Export(X509ContentType.Pkcs12, "My Password Of Token");
        
        var privateKey = (System.Security.Cryptography.RSACryptoServiceProvider)cert.PrivateKey;
        var privateKeyString1= privateKey.ToXmlString(false);// I when change to true get an error
        var privateKeyString2= Convert.ToBase64String(certBytes);

But when privateKeyString1 or privateKeyString2 pass to this method CryptoUtils.SignData()
I get an error for private key format.

答案1

得分: 3

你不能从令牌中导出私钥(实际上,令牌是一种智能卡)。这是硬件安全模块令牌(或智能卡)的主要目的,即密钥材料无法离开硬件。但是,这并不妨碍您通过调用中间件API来使用密钥进行签名或加密操作。

英文:

You cannot export the private key from your token (which is actually a smart card. That's the main purpose of hardware security modules tokens (or smart cards) that key material cannot leave the hardware. However, this doesn't prevent you from using the key for signing or encryption operations by calling middleware APIs.

huangapple
  • 本文由 发表于 2023年2月23日 21:36:57
  • 转载请务必保留本文链接:https://go.coder-hub.com/75545584.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定