.net c#需要一种向后的方式来识别我正在检查的证书

Need a backwards way to identify what certificate I am checking
2020-11-24
  •  译文(汉语)
  •  原文(英语)

我是使用C#ASP的项目的新手.该代码的一部分对URL链接中的哈希码进行加密,以通过电子邮件模板上的一些短码处理将其发送给电子邮件.我们使用的加密是带有CryptographyManager类的对称Rijndael.这是在我(或团队中任何其他人)任职之前很久才实施的,因此我们不知道最初是如何设置的(即证书名称是/是什么).因此最终发生的是,我们的代码在测试/ UAT /生产服务器和夜间进程服务器上运行良好,但是每当我们在自己的机器上调试此代码时,都会出现此错误:

Microsoft.Practices.ServiceLocation.ActivationException:尝试获取类型为CryptographyManager的实例的激活错误,键为"" ---> Microsoft.Practices.Unity.ResolutionFailedException:依赖项的解析失败,类型为="Microsoft.Practices.EnterpriseLibrary. Security.Cryptography.CryptographyManager",名称="(无)".

当然,我的想法是我缺少机器上的私钥/证书存储来完成此任务.因此,我查看了服务器上的certmgr,发现了370个证书,没有明显的名字与我们的项目联系在一起.喜悦.

因此,我回到了代码中,看看是否可以断点理解我们所处位置的方式:

public static MyEmailViewModel GetEmailTemplateBody(string templateName, string MasterID)
{
        MyEmailViewModel email = new MyEmailViewModel();
        EmailShortCodeProvider emailShortCodeProvider = new EmailShortCodeProvider(new ParticipantRepository(),
            new MyEncryptionProvider(EnterpriseLibraryContainer.Current.GetInstance<CryptographyManager>()));
...

我在上面的最后一行上失败了.我的主要怀疑是EnterpriseLibraryContainer尝试解决的任何CryptographyManager实例都缺少证书名称和密钥(如果我正确解释了该错误消息),但是该对象不是null ...只是需要设置.

检查web.config文件:

  <securityCryptographyConfiguration defaultHashInstance="SHA1CryptoServiceProvider" defaultSymmetricCryptoInstance="RijndaelManagedServiceProvider">
    <hashProviders>
      <add name="SHA1CryptoServiceProvider" type="Microsoft.Practices.EnterpriseLibrary.Security.Cryptography.HashAlgorithmProvider, Microsoft.Practices.EnterpriseLibrary.Security.Cryptography, Version=5.0.414.0, Culture=neutral, PublicKeyToken="xxxxxxxxxxxxxx" algorithmType="System.Security.Cryptography.SHA1CryptoServiceProvider, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=xxxxxxxxxxxxxx" saltEnabled="true" />
    </hashProviders>
    <symmetricCryptoProviders>
      <add name="RijndaelManagedServiceProvider" type="Microsoft.Practices.EnterpriseLibrary.Security.Cryptography.SymmetricAlgorithmProvider, Microsoft.Practices.EnterpriseLibrary.Security.Cryptography, Version=5.0.414.0, Culture=neutral, PublicKeyToken="xxxxxxxxxxxxxxx" algorithmType="System.Security.Cryptography.RijndaelManaged, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken="xxxxxxxxxxxxxxxx" protectedKeyFilename="C:\xxxxxxxx\xxxxxxxx.key" protectedKeyProtectionScope="LocalMachine" />
    </symmetricCryptoProviders>
  </securityCryptographyConfiguration>

我认为,如果我可以复制由protectedKeyFilename标记指定的密钥,那么麻烦就过去了,但是没有运气.密钥通常是特定于机器的,并且要从服务器导出密钥,大多数说明都需要使用certmgr进行导出,而我需要一个证书名称才能实现.

我花了几天的时间研究此问题,吸收了很多信息,但是没有明显的进展.有人知道我如何以任何方式获得证书名称吗?我是完全错误的,不需要证书,只是一个很好的钥匙吗?我感到沮丧和不知所措,以至于不确定我是在问正确的问题还是提供正确的信息.任何帮助或指针,我们将不胜感激.谢谢.

摘要:加密的新知识,使用旧的Microsoft CryptographyManager,我想我需要找到证书名称.

解决过程1

所以我问的是错误的问题.据我所知,没有办法以反向方式获得该证书名称.我确实找到了证书,但是没有在我的任何真实证书存储中.

我登录到服务器并启动了IIS管理器(6.0).在计算机->网站->默认网站(或任何网站名称)下,右键单击属性->目录设置->在"安全通信"部分下,您可以查看证书,或通过以下方式修改/复制证书: "服务器证书"按钮.

在我奇怪的情况下,证书是定制的(我们有一个部门负责管理),并且证书路径是通过中间证书颁发的.

I am new to a project using C# ASP. One part in the code encrypts a hashcode in a URL link to be sent in an email via some shortcode processing on the email template. The encryption we are using is symmetric Rijndael with the CryptographyManager class. This was implemented long before my (or anyone else on the team's) tenure here, so we do not know how this was setup originally (i.e. what the certificate name was/is). So what ends up happening is our code runs fine on The test/UAT/production server, and our nightly process server, but whenever we debug this code on our own machines, we get this error:

Microsoft.Practices.ServiceLocation.ActivationException: Activation error occured while trying to get instance of type CryptographyManager, key "" ---> Microsoft.Practices.Unity.ResolutionFailedException: Resolution of the dependency failed, type = "Microsoft.Practices.EnterpriseLibrary.Security.Cryptography.CryptographyManager", name = "(none)".

Granted, my thought is that I am missing the private key/certificate store on my machine to complete such a task. So I took a look at certmgr on the server and found 370 certificates, with no obvious names tying themselves to our project. Joy.

So I went back into the code to see if I could breakpoint my way to an understanding of where we are looking:

public static MyEmailViewModel GetEmailTemplateBody(string templateName, string MasterID)
{
        MyEmailViewModel email = new MyEmailViewModel();
        EmailShortCodeProvider emailShortCodeProvider = new EmailShortCodeProvider(new ParticipantRepository(),
            new MyEncryptionProvider(EnterpriseLibraryContainer.Current.GetInstance<CryptographyManager>()));
...

And I am failing on the last line above. My main suspicion is that whatever instance of CryptographyManager the EnterpriseLibraryContainer is trying to resolve is missing the cert name and key (if I am interpreting that error message correctly), yet the object is not null...just in need of setup.

Checking the web.config file:

  <securityCryptographyConfiguration defaultHashInstance="SHA1CryptoServiceProvider" defaultSymmetricCryptoInstance="RijndaelManagedServiceProvider">
    <hashProviders>
      <add name="SHA1CryptoServiceProvider" type="Microsoft.Practices.EnterpriseLibrary.Security.Cryptography.HashAlgorithmProvider, Microsoft.Practices.EnterpriseLibrary.Security.Cryptography, Version=5.0.414.0, Culture=neutral, PublicKeyToken="xxxxxxxxxxxxxx" algorithmType="System.Security.Cryptography.SHA1CryptoServiceProvider, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=xxxxxxxxxxxxxx" saltEnabled="true" />
    </hashProviders>
    <symmetricCryptoProviders>
      <add name="RijndaelManagedServiceProvider" type="Microsoft.Practices.EnterpriseLibrary.Security.Cryptography.SymmetricAlgorithmProvider, Microsoft.Practices.EnterpriseLibrary.Security.Cryptography, Version=5.0.414.0, Culture=neutral, PublicKeyToken="xxxxxxxxxxxxxxx" algorithmType="System.Security.Cryptography.RijndaelManaged, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken="xxxxxxxxxxxxxxxx" protectedKeyFilename="C:\xxxxxxxx\xxxxxxxx.key" protectedKeyProtectionScope="LocalMachine" />
    </symmetricCryptoProviders>
  </securityCryptographyConfiguration>

I would think my trouble would be over if I could copy that key specified by the protectedKeyFilename tag, but no luck. Keys tend to be machine specific, and to export them from the server, most instructions require exporting using certmgr and I need a certificate name for that to happen.

I've spent days looking into this with lots of information absorbed, but no tangible progress. Does anyone have a clue on how I can get the certificate name in any fashion? Am I completely wrong and I need no certificate, just a really good key? I am frustrated and overwhelmed to the point where I am not sure if I am asking the right questions or providing the right info. Any help or pointers are greatly appreciated. Thank you.

Summary: New to encryption, using old Microsoft CryptographyManager, I think I need to find cert name.

Solutions1

So I was asking the wrong questions. There was no way to get that certificate name in a backwards manner (to my knowledge). I did find the certificate, but it was not in any of my real certificate stores.

I logged onto the server and brought up the IIS manager (6.0). Under the machine -> Web Sites -> Default Web Site (or whatever the site name is), right-click Properties -> Directory Settings -> Under the Secure Communications section, you can view the certificate, or modify/copy it via the "Server Certificate" button.

In my strange case, the certificate was custom-built (we have a department that manages these), and the certificate path was issued via an intermediary certificate.

转载于:https://stackoverflow.com/questions/28158244/need-a-backwards-way-to-identify-what-certificate-i-am-checking

本人是.net程序员,因为英语不行,使用工具翻译,希望对有需要的人有所帮助
如果本文质量不好,还请谅解,毕竟这些操作还是比较费时的,英语较好的可以看原文

留言回复
我们只提供高质量资源,素材,源码,坚持 下了就能用 原则,让客户花了钱觉得值
上班时间 : 周一至周五9:00-17:30 期待您的加入