X509Certificate2.GetECDsaPrivateKey错误keyHandle空值

Question

我使用以下命令生成了一个 pfx 文件

openssl ec -in apple-private-key.pem -pubout -out apple-public-key.pem
openssl req -new -key apple-private-key.pem -x509 -nodes -subj "/CN=apple.my.com" -out certificat.pem
openssl pkcs12 -in certificat.pem -inkey apple-private-key.pem -export -out certificate.pfx

当我尝试仅使用标志 X509KeyStorageFlags.MachineKeySet 加载它时这个标志对我来说是必需的，用于在带有 IIS

的 windows 服务器上执行

// only if add MachineKeySet flag
var certificate = new X509Certificate2("apple-certificate.pfx", "password", X509KeyStorageFlags.MachineKeySet); 
var ecDsa = certificate.GetECDsaPrivateKey(); // <<   Error keyHandle Null ?
var key = new ECDsaSecurityKey(ecDsa) { KeyId = _keyId };
var signingCredentials = new SigningCredentials(key, "ES256", _keyId);

错误

System.ArgumentNullException
  HResult=0x80004003
  Message=La valeur ne peut pas être null.
Nom du paramètre : keyHandle
  Source=System.Core
  Arborescence des appels de procédure :
   à System.Security.Cryptography.CngKey.Open(SafeNCryptKeyHandle keyHandle, CngKeyHandleOpenOptions keyHandleOpenOptions)
   à System.Security.Cryptography.X509Certificates.ECDsaCertificateExtensions.GetECDsaPrivateKey(X509Certificate2 certificate)

Answer 1

它必须运行使用本地管理员帐户才能正常工作。

谢谢，Crypt32，jdweng

https://paulstovell.com/x509certificate2/

X509Certificate2.GetECDsaPrivateKey错误keyHandle空值

X509Certificate2.GetECDsaPrivateKey error keyHandle null value

.net

c#

cryptography

x509certificate2

x509certificate