Очевидно, CngKey.Open
не работает для ключей CAPI RSA в слоте Signature
(поскольку он жестко кодирует значение dwLegacyKeySpec
в 0
). Самый простой способ - использовать слот Exchange
; но если вам нужно работать с ключами слота Signature, вы можете:
[DllImport("ncrypt.dll", CharSet = CharSet.Unicode)]
private static extern int NCryptOpenStorageProvider(
out SafeNCryptProviderHandle phProvider,
string pszProviderName,
int dwFlags);
[DllImport("ncrypt.dll", CharSet = CharSet.Unicode)]
private static extern int NCryptOpenKey(
SafeNCryptProviderHandle hProvider,
out SafeNCryptKeyHandle phKey,
string pszKeyName,
int dwLegacyKeySpec,
CngKeyOpenOptions dwFlags);
private static void Test61275795()
{
const string KeyId = "test-982375";
CspParameters cspParams = new CspParameters(24)
{
ProviderName = "Microsoft Enhanced RSA and AES Cryptographic Provider",
KeyContainerName = KeyId,
KeyNumber = (int)KeyNumber.Signature,
Flags = CspProviderFlags.UseNonExportableKey,
};
using (RSACryptoServiceProvider rsaCsp = new RSACryptoServiceProvider(2048, cspParams))
{
// Because this is a test, delete the key on Dispose.
rsaCsp.PersistKeyInCsp = false;
SafeNCryptKeyHandle hKey;
int dwError = NCryptOpenStorageProvider(out var hProv, cspParams.ProviderName, 0);
using (hProv)
{
if (dwError != 0)
{
throw new CryptographicException(
$"{nameof(NCryptOpenStorageProvider)}: 0x{dwError:X8}");
}
dwError = NCryptOpenKey(hProv, out hKey, KeyId, cspParams.KeyNumber, 0);
if (dwError != 0)
{
hKey.Dispose();
throw new CryptographicException($"{nameof(NCryptOpenKey)}: 0x{dwError:X8}");
}
}
using (hKey)
using (CngKey cngKey = CngKey.Open(hKey, 0))
using (RSACng rsaCng = new RSACng(cngKey))
{
byte[] sig = rsaCng.SignData(
Array.Empty<byte>(),
HashAlgorithmName.SHA256,
RSASignaturePadding.Pss);
Console.WriteLine(BitConverter.ToString(sig));
}
}
}