Powershell System.Security.Cryptography.RSACryptoServiceProvider 不接受长度超过 50 个字符的加密密码
Powershell System.Security.Cryptography.RSACryptoServiceProvider doesn't accept encrypting password with length more than 50 chars
当我尝试使用 System.Security.Cryptography.RSACryptoServiceProvider 对象加密 50 个字符的字符串时,我在调用加密时遇到错误的长度错误。
我有根据的猜测是字符串的长度太多(可能是 [byte] 的限制?),因为当我有一个 39char 字符串时一切正常。
以下完整错误:
Exception calling "Encrypt" with "2" argument(s): "Bad Length.
"At [omitted]
+ $encrypted = $rsa.Encrypt($bytes,$true)
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : CryptographicException
Exception calling "Decrypt" with "2" argument(s): "Error occurred while decoding OAEP padding."
At [omitted]
+ $Password = [char[]]$rsa.Decrypt($encrypted, $true) -join "" | Co ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : CryptographicException
我的代码:
function Checkpassword([String] $Type) {
$pwpath = "$root$Type.pw"
$encrypted = ''
if (test-path $pwpath -erroraction silentlycontinue) {
$encrypted = Import-Clixml $pwpath
}
if(!($encrypted)) {
write-host "No $Type password file found, create one now by entering your $Type password." -fore yellow
# Create password file using local encryption
$key = (2,3,56,34,254,222,1,1,2,23,42,54,33,233,1,34,2,7,6,5,35,43,6,6,6,6,6,6,31,33,60,23)
$pass = Read-Host "Enter your $Type password" -AsSecureString
$securepass = $pass |ConvertFrom-SecureString -Key $key
$bytes = [byte[]][char[]]$securepass
$csp = New-Object System.Security.Cryptography.CspParameters
$csp.KeyContainerName = "SuperSecretProcessOnMachine"
$csp.Flags = $csp.Flags -bor [System.Security.Cryptography.CspProviderFlags]::UseMachineKeyStore
$rsa = New-Object System.Security.Cryptography.RSACryptoServiceProvider -ArgumentList 5120,$csp
$rsa.PersistKeyInCsp = $true
$encrypted = $rsa.Encrypt($bytes,$true)
$encrypted |Export-Clixml "$root$Type.pw" -force
}
$key = (2,3,56,34,254,222,1,1,2,23,42,54,33,233,1,34,2,7,6,5,35,43,6,6,6,6,6,6,31,33,60,23)
$csp = New-Object System.Security.Cryptography.CspParameters
$csp.KeyContainerName = "SuperSecretProcessOnMachine"
$csp.Flags = $csp.Flags -bor [System.Security.Cryptography.CspProviderFlags]::UseMachineKeyStore
$rsa = New-Object System.Security.Cryptography.RSACryptoServiceProvider -ArgumentList 5120,$csp
$rsa.PersistKeyInCsp = $true
$Password = [char[]]$rsa.Decrypt($encrypted, $true) -join "" |ConvertTo-SecureString -Key $key
$credential = New-Object System.Management.Automation.PsCredential ".",$Password }
请记住,您在调用 ConvertFrom-SecureString -Key $Key
时已经使用 3DES 隐式加密了字符串。
这意味着即使字符串本身只有 ~100 字节,生成的有效负载 ($bytes
) 的大小也 >500 字节,已经超过了使用 OEAP 加密的明文的最大大小,并且一个 4096 位密钥。
您可以在密钥容器中安装更大的密钥,或者(更确切地说)使用另一种更适合长消息加密的加密算法
当我尝试使用 System.Security.Cryptography.RSACryptoServiceProvider 对象加密 50 个字符的字符串时,我在调用加密时遇到错误的长度错误。 我有根据的猜测是字符串的长度太多(可能是 [byte] 的限制?),因为当我有一个 39char 字符串时一切正常。
以下完整错误:
Exception calling "Encrypt" with "2" argument(s): "Bad Length. "At [omitted]
+ $encrypted = $rsa.Encrypt($bytes,$true) + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [], MethodInvocationException + FullyQualifiedErrorId : CryptographicExceptionException calling "Decrypt" with "2" argument(s): "Error occurred while decoding OAEP padding." At [omitted] + $Password = [char[]]$rsa.Decrypt($encrypted, $true) -join "" | Co ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [], MethodInvocationException + FullyQualifiedErrorId : CryptographicException
我的代码:
function Checkpassword([String] $Type) {
$pwpath = "$root$Type.pw"
$encrypted = ''
if (test-path $pwpath -erroraction silentlycontinue) {
$encrypted = Import-Clixml $pwpath
}
if(!($encrypted)) {
write-host "No $Type password file found, create one now by entering your $Type password." -fore yellow
# Create password file using local encryption
$key = (2,3,56,34,254,222,1,1,2,23,42,54,33,233,1,34,2,7,6,5,35,43,6,6,6,6,6,6,31,33,60,23)
$pass = Read-Host "Enter your $Type password" -AsSecureString
$securepass = $pass |ConvertFrom-SecureString -Key $key
$bytes = [byte[]][char[]]$securepass
$csp = New-Object System.Security.Cryptography.CspParameters
$csp.KeyContainerName = "SuperSecretProcessOnMachine"
$csp.Flags = $csp.Flags -bor [System.Security.Cryptography.CspProviderFlags]::UseMachineKeyStore
$rsa = New-Object System.Security.Cryptography.RSACryptoServiceProvider -ArgumentList 5120,$csp
$rsa.PersistKeyInCsp = $true
$encrypted = $rsa.Encrypt($bytes,$true)
$encrypted |Export-Clixml "$root$Type.pw" -force
}
$key = (2,3,56,34,254,222,1,1,2,23,42,54,33,233,1,34,2,7,6,5,35,43,6,6,6,6,6,6,31,33,60,23)
$csp = New-Object System.Security.Cryptography.CspParameters
$csp.KeyContainerName = "SuperSecretProcessOnMachine"
$csp.Flags = $csp.Flags -bor [System.Security.Cryptography.CspProviderFlags]::UseMachineKeyStore
$rsa = New-Object System.Security.Cryptography.RSACryptoServiceProvider -ArgumentList 5120,$csp
$rsa.PersistKeyInCsp = $true
$Password = [char[]]$rsa.Decrypt($encrypted, $true) -join "" |ConvertTo-SecureString -Key $key
$credential = New-Object System.Management.Automation.PsCredential ".",$Password }
请记住,您在调用 ConvertFrom-SecureString -Key $Key
时已经使用 3DES 隐式加密了字符串。
这意味着即使字符串本身只有 ~100 字节,生成的有效负载 ($bytes
) 的大小也 >500 字节,已经超过了使用 OEAP 加密的明文的最大大小,并且一个 4096 位密钥。
您可以在密钥容器中安装更大的密钥,或者(更确切地说)使用另一种更适合长消息加密的加密算法