使用非默认 AlgorithmIdentifier 解密 EnvelopedCms
Decrypting EnvelopedCms with non-default AlgorithmIdentifier
我正在尝试像这样解密 EnvelopedCms that was encrypted using a non-default AlgorithmIdentifier:
ContentInfo contentInfo = new ContentInfo(data);
EnvelopedCms envelopedCms = new EnvelopedCms(contentInfo, new AlgorithmIdentifier(new System.Security.Cryptography.Oid("2.16.840.1.101.3.4.1.42")));
CmsRecipientCollection recipients = new CmsRecipientCollection(SubjectIdentifierType.IssuerAndSerialNumber, certificates);
envelopedCms.Encrypt(recipients);
byte[] encryptedData = envelopedCms.Encode();
加密按预期工作。现在,当我尝试使用如下方式解密 envelopedCms 时:
EnvelopedCms envelopedCms = new EnvelopedCms();
envelopedCms.Decode(encryptedData );
envelopedCms.Decrypt(certificates);
byte[] decryptedData = envelopedCms.ContentInfo.Content;
我注意到 a.) 访问证书需要很长时间(比使用默认 AlgorithmIdentifier 时更长)和 b.) 我收到此错误消息:
System.Security.Cryptography.CryptographicException: Access was denied because of a security violation.
从失败的来源来看,这可能不是问题所在。任何人都可以[使用智能卡]获得上面的解密代码吗?
//编辑1
请注意,仅当使用的证书位于智能卡上并且指定了默认算法标识符 (3DES) 以外的 AlgorithmIdentifier 时,才会出现此问题,如示例代码中所示。如果使用默认的 AlgorithmIdentifier 或证书未放置在智能卡上,则一切正常。它本身看起来不像是 SC 问题,因为它使用默认的 AlgorithmIdentifier。而是 SC 和 AES AlgorithmIdentifier 的组合导致了这个问题,但我找不到有效的解决方案。
//编辑2
演示该问题的完整示例,阅读评论了解详情:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Security.Cryptography.X509Certificates;
using System.Text;
using System.Threading.Tasks;
using System.Security.Cryptography;
using System.IO;
using System.Reflection;
using System.Diagnostics;
using System.Runtime.Serialization;
using System.Security.Cryptography.Pkcs;
namespace ConsoleApp
{
class Program
{
static void Main(string[] args)
{
// Select the (smartcard) certificate to use it for encryption
X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
X509Certificate2Collection collection = (X509Certificate2Collection)store.Certificates;
X509Certificate2Collection fcollection = (X509Certificate2Collection)collection.Find(X509FindType.FindByTimeValid, DateTime.Now, false);
X509Certificate2Collection scollection = X509Certificate2UI.SelectFromCollection(fcollection, "Certificate Select", "Select your smartcard certificate", X509SelectionFlag.MultiSelection);
// Output which certificate will be used
Console.WriteLine("Using Certificate:");
int i = 0;
foreach (X509Certificate2 x509 in scollection)
{
byte[] rawdata = x509.RawData;
Console.WriteLine("---------------------------------------------------------------------");
Console.WriteLine("1.\tFull DN: {0}", x509.Subject);
Console.WriteLine("\tThumbprint: {0}", x509.Thumbprint);
Console.WriteLine("---------------------------------------------------------------------");
i++;
}
store.Close();
// Wait
Console.WriteLine("Press any key to continue...");
Console.ReadKey(true);
// Create data for encryption
string message = "THIS IS OUR SECRET MESSAGE";
byte[] data = System.Text.Encoding.ASCII.GetBytes(message);
// Encrypt
Console.WriteLine("Encrypting message...");
// ContentInfo contentInfo = new ContentInfo(data); // will use default ContentInfo Oid, which is "DATA"
// Explicitly use ContentInfo Oid 1.2.840.113549.1.7.1, "DATA", which is the default.
ContentInfo contentInfo = new ContentInfo(new System.Security.Cryptography.Oid("1.2.840.113549.1.7.1"), data);
// If using OID 1.2.840.113549.3.7 (the default one used if empty constructor is used) or 1.2.840.113549.1.9.16.3.6 everything works
// If using OID 2.16.840.1.101.3.4.1.42 (AES CBC) it breaks
AlgorithmIdentifier encryptionAlgorithm = new AlgorithmIdentifier(new System.Security.Cryptography.Oid("1.2.840.113549.3.7"));
// EnvelopedCms envelopedCms = new EnvelopedCms(contentInfo); // this will use default encryption algorithm (3DES)
EnvelopedCms envelopedCms = new EnvelopedCms(contentInfo, encryptionAlgorithm);
Console.WriteLine("Encyption Algorithm:" + envelopedCms.ContentEncryptionAlgorithm.Oid.FriendlyName);
Console.WriteLine("Encyption Algorithm:" + envelopedCms.ContentEncryptionAlgorithm.Oid.Value);
CmsRecipientCollection recipients = new CmsRecipientCollection(SubjectIdentifierType.IssuerAndSerialNumber, scollection);
/*Console.WriteLine("Receipientinfo count: " + encryptionEnvelopedCms.RecipientInfos.Count.ToString());
foreach (var i in encryptionEnvelopedCms.RecipientInfos)
{
Console.Write("RecipientInfo Encryption Oid: " + i.KeyEncryptionAlgorithm.Oid);
}
*/
envelopedCms.Encrypt(recipients);
byte[] encryptedData = envelopedCms.Encode();
Console.WriteLine("Message encrypted!");
// Decrypt
envelopedCms.Decode(encryptedData);
Console.WriteLine("Decryption Algorithm:" + envelopedCms.ContentEncryptionAlgorithm.Oid.FriendlyName);
Console.WriteLine("Decryption Algorithm:" + envelopedCms.ContentEncryptionAlgorithm.Oid.Value);
// Next line will fail if both conditions are true:
// 1. A non-default AlgorithmIdentifier was used for encryption, in our case AES
// 2. The private key required for decryption is placed on a smartcard that requires a manual action, such as entering a PIN code, before releasing the private key
// Note that everything works just fine when the default AlgorithmIdentifier is used (3DES) or the private key is available in the X509Store
envelopedCms.Decrypt(scollection);
byte[] decryptedData = envelopedCms.ContentInfo.Content;
Console.WriteLine("Message decrypted!");
Console.WriteLine("Decrypted message: " + System.Text.Encoding.ASCII.GetString(decryptedData));
Console.WriteLine("Press any key to exit.");
Console.ReadKey(true);
}
}
}
虽然我的回答可能会导致一些不完整的切线,但我相信它会让您得到与我相同的断言。事实上,我使用 X509Store 允许我找到我的机器拥有的证书。然后我将集合传递到 CmsReceipientCollection 中,其中包含从我的 store.Certificates 中找到的 X509Certificate2Collection。这个方法需要 128ms 来执行。 HTH!
[TestMethod]
public void TestEnvelopedCMS()
{
X509Store store = new X509Store("MY", StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
X509Certificate2Collection collection = (X509Certificate2Collection)store.Certificates;
X509Certificate2Collection fcollection = (X509Certificate2Collection)collection.Find(X509FindType.FindByTimeValid, DateTime.Now, false);
byte[] data = new byte[256];
//lets change data before we encrypt
data[2] = 1;
ContentInfo contentInfo = new ContentInfo(data);
EnvelopedCms envelopedCms = new EnvelopedCms(contentInfo, new AlgorithmIdentifier(new System.Security.Cryptography.Oid("2.16.840.1.101.3.4.1.42")));
CmsRecipientCollection recipients = new CmsRecipientCollection(SubjectIdentifierType.IssuerAndSerialNumber, fcollection);
envelopedCms.Encrypt(recipients);
byte[] encryptedData = envelopedCms.Encode();
//lets decrypt now
envelopedCms.Decode(encryptedData);
envelopedCms.Decrypt(fcollection);
byte[] decryptedData = envelopedCms.ContentInfo.Content;
//grab index from byte[]
var item = decryptedData.Skip(2).Take(1).FirstOrDefault();
var item2 = data.Skip(2).Take(1).FirstOrDefault();
Assert.IsTrue(item == item2);
}
好吧,我终于找到了这不起作用的原因。这真的取决于我使用的 SC (Yubikey 4)。在我的例子中,我使用 openssl 创建了我的 RSA 密钥,然后使用官方的 Yubico PIV 管理器/PIV 工具将它们传输到 SC。 Yubico 的官方 SC 驱动程序(YubiKey Smart Card Minidriver (YKMD))似乎还不支持这一点。然而,官方驱动程序似乎是唯一支持 Yubikey 所有高级功能的驱动程序,目前如果您想使用 AES 作为加密算法,似乎需要它。我之前使用的是 OpenSC 驱动程序,它对 3DES 工作得很好,但对更高级的功能会失败。因此,如果有人使用 Yubikey 遇到这个问题:
- 确保您使用的是官方驱动程序(YubiKey 智能卡微型驱动程序 (YKMD))而不是 Windows 基本驱动程序或 OpenSC 驱动程序
- 要使官方驱动程序正常工作,您必须在 Windows、like shown in this article.
上使用 certutil 导入您的证书
- 如果在尝试使用 certutil 导入时出现 "NTE_BAD_KEYSET" 行错误,这可能是因为您使用 Yubico 工具(PIV 工具 and/or PIV 管理器)初始化了 PIV 函数。在这种情况下也不支持,因此,您必须先重置 Yubikey PIV 配置(基本上输入错误的 PIN x 次,然后输入错误的 PUK x 次,然后您可以重置 PIV 配置 - 所有这些都是使用 Yubico 的 PIV 工具完成 as shown here at the bottom of the page)
- 现在您可以使用 Yubico 工具设置自定义 PIN、PUK、管理密钥等。似乎 "only" 不允许使用此工具完成 PIV 配置的初始化。另请注意,您会发现更多详细信息,例如 "how to set the touch policy"(默认情况下关闭,有点 su***)in the SC deployment guide from Yubico.
我正在尝试像这样解密 EnvelopedCms that was encrypted using a non-default AlgorithmIdentifier:
ContentInfo contentInfo = new ContentInfo(data);
EnvelopedCms envelopedCms = new EnvelopedCms(contentInfo, new AlgorithmIdentifier(new System.Security.Cryptography.Oid("2.16.840.1.101.3.4.1.42")));
CmsRecipientCollection recipients = new CmsRecipientCollection(SubjectIdentifierType.IssuerAndSerialNumber, certificates);
envelopedCms.Encrypt(recipients);
byte[] encryptedData = envelopedCms.Encode();
加密按预期工作。现在,当我尝试使用如下方式解密 envelopedCms 时:
EnvelopedCms envelopedCms = new EnvelopedCms();
envelopedCms.Decode(encryptedData );
envelopedCms.Decrypt(certificates);
byte[] decryptedData = envelopedCms.ContentInfo.Content;
我注意到 a.) 访问证书需要很长时间(比使用默认 AlgorithmIdentifier 时更长)和 b.) 我收到此错误消息:
System.Security.Cryptography.CryptographicException: Access was denied because of a security violation.
从失败的来源来看,这可能不是问题所在。任何人都可以[使用智能卡]获得上面的解密代码吗?
//编辑1 请注意,仅当使用的证书位于智能卡上并且指定了默认算法标识符 (3DES) 以外的 AlgorithmIdentifier 时,才会出现此问题,如示例代码中所示。如果使用默认的 AlgorithmIdentifier 或证书未放置在智能卡上,则一切正常。它本身看起来不像是 SC 问题,因为它使用默认的 AlgorithmIdentifier。而是 SC 和 AES AlgorithmIdentifier 的组合导致了这个问题,但我找不到有效的解决方案。
//编辑2 演示该问题的完整示例,阅读评论了解详情:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Security.Cryptography.X509Certificates;
using System.Text;
using System.Threading.Tasks;
using System.Security.Cryptography;
using System.IO;
using System.Reflection;
using System.Diagnostics;
using System.Runtime.Serialization;
using System.Security.Cryptography.Pkcs;
namespace ConsoleApp
{
class Program
{
static void Main(string[] args)
{
// Select the (smartcard) certificate to use it for encryption
X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
X509Certificate2Collection collection = (X509Certificate2Collection)store.Certificates;
X509Certificate2Collection fcollection = (X509Certificate2Collection)collection.Find(X509FindType.FindByTimeValid, DateTime.Now, false);
X509Certificate2Collection scollection = X509Certificate2UI.SelectFromCollection(fcollection, "Certificate Select", "Select your smartcard certificate", X509SelectionFlag.MultiSelection);
// Output which certificate will be used
Console.WriteLine("Using Certificate:");
int i = 0;
foreach (X509Certificate2 x509 in scollection)
{
byte[] rawdata = x509.RawData;
Console.WriteLine("---------------------------------------------------------------------");
Console.WriteLine("1.\tFull DN: {0}", x509.Subject);
Console.WriteLine("\tThumbprint: {0}", x509.Thumbprint);
Console.WriteLine("---------------------------------------------------------------------");
i++;
}
store.Close();
// Wait
Console.WriteLine("Press any key to continue...");
Console.ReadKey(true);
// Create data for encryption
string message = "THIS IS OUR SECRET MESSAGE";
byte[] data = System.Text.Encoding.ASCII.GetBytes(message);
// Encrypt
Console.WriteLine("Encrypting message...");
// ContentInfo contentInfo = new ContentInfo(data); // will use default ContentInfo Oid, which is "DATA"
// Explicitly use ContentInfo Oid 1.2.840.113549.1.7.1, "DATA", which is the default.
ContentInfo contentInfo = new ContentInfo(new System.Security.Cryptography.Oid("1.2.840.113549.1.7.1"), data);
// If using OID 1.2.840.113549.3.7 (the default one used if empty constructor is used) or 1.2.840.113549.1.9.16.3.6 everything works
// If using OID 2.16.840.1.101.3.4.1.42 (AES CBC) it breaks
AlgorithmIdentifier encryptionAlgorithm = new AlgorithmIdentifier(new System.Security.Cryptography.Oid("1.2.840.113549.3.7"));
// EnvelopedCms envelopedCms = new EnvelopedCms(contentInfo); // this will use default encryption algorithm (3DES)
EnvelopedCms envelopedCms = new EnvelopedCms(contentInfo, encryptionAlgorithm);
Console.WriteLine("Encyption Algorithm:" + envelopedCms.ContentEncryptionAlgorithm.Oid.FriendlyName);
Console.WriteLine("Encyption Algorithm:" + envelopedCms.ContentEncryptionAlgorithm.Oid.Value);
CmsRecipientCollection recipients = new CmsRecipientCollection(SubjectIdentifierType.IssuerAndSerialNumber, scollection);
/*Console.WriteLine("Receipientinfo count: " + encryptionEnvelopedCms.RecipientInfos.Count.ToString());
foreach (var i in encryptionEnvelopedCms.RecipientInfos)
{
Console.Write("RecipientInfo Encryption Oid: " + i.KeyEncryptionAlgorithm.Oid);
}
*/
envelopedCms.Encrypt(recipients);
byte[] encryptedData = envelopedCms.Encode();
Console.WriteLine("Message encrypted!");
// Decrypt
envelopedCms.Decode(encryptedData);
Console.WriteLine("Decryption Algorithm:" + envelopedCms.ContentEncryptionAlgorithm.Oid.FriendlyName);
Console.WriteLine("Decryption Algorithm:" + envelopedCms.ContentEncryptionAlgorithm.Oid.Value);
// Next line will fail if both conditions are true:
// 1. A non-default AlgorithmIdentifier was used for encryption, in our case AES
// 2. The private key required for decryption is placed on a smartcard that requires a manual action, such as entering a PIN code, before releasing the private key
// Note that everything works just fine when the default AlgorithmIdentifier is used (3DES) or the private key is available in the X509Store
envelopedCms.Decrypt(scollection);
byte[] decryptedData = envelopedCms.ContentInfo.Content;
Console.WriteLine("Message decrypted!");
Console.WriteLine("Decrypted message: " + System.Text.Encoding.ASCII.GetString(decryptedData));
Console.WriteLine("Press any key to exit.");
Console.ReadKey(true);
}
}
}
虽然我的回答可能会导致一些不完整的切线,但我相信它会让您得到与我相同的断言。事实上,我使用 X509Store 允许我找到我的机器拥有的证书。然后我将集合传递到 CmsReceipientCollection 中,其中包含从我的 store.Certificates 中找到的 X509Certificate2Collection。这个方法需要 128ms 来执行。 HTH!
[TestMethod]
public void TestEnvelopedCMS()
{
X509Store store = new X509Store("MY", StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
X509Certificate2Collection collection = (X509Certificate2Collection)store.Certificates;
X509Certificate2Collection fcollection = (X509Certificate2Collection)collection.Find(X509FindType.FindByTimeValid, DateTime.Now, false);
byte[] data = new byte[256];
//lets change data before we encrypt
data[2] = 1;
ContentInfo contentInfo = new ContentInfo(data);
EnvelopedCms envelopedCms = new EnvelopedCms(contentInfo, new AlgorithmIdentifier(new System.Security.Cryptography.Oid("2.16.840.1.101.3.4.1.42")));
CmsRecipientCollection recipients = new CmsRecipientCollection(SubjectIdentifierType.IssuerAndSerialNumber, fcollection);
envelopedCms.Encrypt(recipients);
byte[] encryptedData = envelopedCms.Encode();
//lets decrypt now
envelopedCms.Decode(encryptedData);
envelopedCms.Decrypt(fcollection);
byte[] decryptedData = envelopedCms.ContentInfo.Content;
//grab index from byte[]
var item = decryptedData.Skip(2).Take(1).FirstOrDefault();
var item2 = data.Skip(2).Take(1).FirstOrDefault();
Assert.IsTrue(item == item2);
}
好吧,我终于找到了这不起作用的原因。这真的取决于我使用的 SC (Yubikey 4)。在我的例子中,我使用 openssl 创建了我的 RSA 密钥,然后使用官方的 Yubico PIV 管理器/PIV 工具将它们传输到 SC。 Yubico 的官方 SC 驱动程序(YubiKey Smart Card Minidriver (YKMD))似乎还不支持这一点。然而,官方驱动程序似乎是唯一支持 Yubikey 所有高级功能的驱动程序,目前如果您想使用 AES 作为加密算法,似乎需要它。我之前使用的是 OpenSC 驱动程序,它对 3DES 工作得很好,但对更高级的功能会失败。因此,如果有人使用 Yubikey 遇到这个问题:
- 确保您使用的是官方驱动程序(YubiKey 智能卡微型驱动程序 (YKMD))而不是 Windows 基本驱动程序或 OpenSC 驱动程序
- 要使官方驱动程序正常工作,您必须在 Windows、like shown in this article. 上使用 certutil 导入您的证书
- 如果在尝试使用 certutil 导入时出现 "NTE_BAD_KEYSET" 行错误,这可能是因为您使用 Yubico 工具(PIV 工具 and/or PIV 管理器)初始化了 PIV 函数。在这种情况下也不支持,因此,您必须先重置 Yubikey PIV 配置(基本上输入错误的 PIN x 次,然后输入错误的 PUK x 次,然后您可以重置 PIV 配置 - 所有这些都是使用 Yubico 的 PIV 工具完成 as shown here at the bottom of the page)
- 现在您可以使用 Yubico 工具设置自定义 PIN、PUK、管理密钥等。似乎 "only" 不允许使用此工具完成 PIV 配置的初始化。另请注意,您会发现更多详细信息,例如 "how to set the touch policy"(默认情况下关闭,有点 su***)in the SC deployment guide from Yubico.