"Key not valid for use in specified state" 正在尝试签署 Xml
"Key not valid for use in specified state" while trying to Sign a Xml
我的历史:
在上传到政府机构之前,我需要签署我所有的 Xml's
。
为了签名,我使用从 X509Store
:
加载的客户端证书
var repo = new X509Store("My", StoreLocation.CurrentUser);
repo.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
foreach (X509Certificate2 certCurrent in repo.Certificates)
{
if (!certCurrent.Subject.Equals(subject)) continue;
if (certCurrent.NotAfter > DateTime.Now)
{
repo.Close();
return certCurrent;
}
}
repo.Close();
return null;
和SignedXml
(XmlDocument xmlDoc, string id, X509Certificate2 certificate)
:
var refer = new Reference();
refer.Uri = "#" + id;
refer.AddTransform(new XmlDsigEnvelopedSignatureTransform());
refer.AddTransform(new XmlDsigC14NTransform());
var signedXml = new SignedXml(xmlDoc);
signedXml.SigningKey = certificate.PrivateKey;
signedXml.AddReference(refer);
signedXml.ComputeSignature();
var key = new KeyInfo();
key.AddClause(new KeyInfoX509Data(certificate));
signedXml.KeyInfo = key;
//Final signature xml block.
XmlElement signedBlock = signedXml.GetXml();
问题:
我的一个客户更改了他的 PC 密码,第二个代码块无中生有地抛出了这个错误:
Message -
Key not valid for use in specified state.
Type -
CryptographicException
Source -
mscorlib
TargetSite -
System.Security.Cryptography.SafeProvHandle CreateProvHandle(System.Security.Cryptography.CspParameters, Boolean)
StackTrace -
at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer)
at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle)
at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair()
at System.Security.Cryptography.RSACryptoServiceProvider..ctor(Int32 dwKeySize, CspParameters parameters, Boolean useDefaultKeySize)
at System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey()
at Util.SignXml.Sign(XmlDocument xmlDoc, String id, X509Certificate2 certificate, String& error)
它说 PrivateKey
的 getter
正在抛出该异常。
稍后,我将尝试再次安装该证书,并选中 Exportable
。
PS: Windows Server 2003
由于我的客户更改了密码,certificate
需要重新安装。
就是这样。
我的历史:
在上传到政府机构之前,我需要签署我所有的 Xml's
。
为了签名,我使用从 X509Store
:
var repo = new X509Store("My", StoreLocation.CurrentUser);
repo.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
foreach (X509Certificate2 certCurrent in repo.Certificates)
{
if (!certCurrent.Subject.Equals(subject)) continue;
if (certCurrent.NotAfter > DateTime.Now)
{
repo.Close();
return certCurrent;
}
}
repo.Close();
return null;
和SignedXml
(XmlDocument xmlDoc, string id, X509Certificate2 certificate)
:
var refer = new Reference();
refer.Uri = "#" + id;
refer.AddTransform(new XmlDsigEnvelopedSignatureTransform());
refer.AddTransform(new XmlDsigC14NTransform());
var signedXml = new SignedXml(xmlDoc);
signedXml.SigningKey = certificate.PrivateKey;
signedXml.AddReference(refer);
signedXml.ComputeSignature();
var key = new KeyInfo();
key.AddClause(new KeyInfoX509Data(certificate));
signedXml.KeyInfo = key;
//Final signature xml block.
XmlElement signedBlock = signedXml.GetXml();
问题:
我的一个客户更改了他的 PC 密码,第二个代码块无中生有地抛出了这个错误:
Message -
Key not valid for use in specified state.
Type -
CryptographicException
Source -
mscorlib
TargetSite -
System.Security.Cryptography.SafeProvHandle CreateProvHandle(System.Security.Cryptography.CspParameters, Boolean)
StackTrace -
at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer)
at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle)
at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair()
at System.Security.Cryptography.RSACryptoServiceProvider..ctor(Int32 dwKeySize, CspParameters parameters, Boolean useDefaultKeySize)
at System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey()
at Util.SignXml.Sign(XmlDocument xmlDoc, String id, X509Certificate2 certificate, String& error)
它说 PrivateKey
的 getter
正在抛出该异常。
稍后,我将尝试再次安装该证书,并选中 Exportable
。
PS: Windows Server 2003
由于我的客户更改了密码,certificate
需要重新安装。
就是这样。