c# – 具有X509证书的多个收件人的XML加密和解密

概述我已经设法使用MSDN上的示例加密和解密xml文档. http://msdn.microsoft.com/en-us/library/ms229744.aspx和 http://msdn.microsoft.com/en-us/library/ms229943.aspx 这都是根据W3C XML加密标准(XML Enc)完成的. 这一切都很好.我的问题是一个xml文档适用于2或3个收件人.我想用多 我已经设法使用MSDN上的示例加密和解密xml文档.
http://msdn.microsoft.com/en-us/library/ms229744.aspx和
http://msdn.microsoft.com/en-us/library/ms229943.aspx

这都是根据W3C XML加密标准(XML Enc)完成的.

这一切都很好.我的问题是一个xml文档适用于2或3个收件人.我想用多个密钥(X509证书公钥)加密相同的xml,以便多个收件人可以解密文档.

根据W3C XML加密标准,通过使用包含加密对称会话密钥的多个EncryptionKey元素,这一切都是可能的.

我找不到任何关于如何使用标准加密类在.Net中实现此目的的示例.

这必须在.NET C#中实现.

有没有办法在某处做这个或代码示例？

解决方法 EncryptedElement类可以根据需要使用尽可能多的EncryptedKeys.只要对方能够正确识别他们的EncryptedKey(使用RecipIEnt或KeyInfoname元素),就不应该有任何问题：

// example xmlXmldocument xdoc = new Xmldocument();xdoc.PreserveWhitespace = true;xdoc.LoadXml(@"<root><encryptme>hello world</encryptme></root>");var elementToEncrypt = (XmlElement)xdoc.GetElementsByTagname("encryptme")[0];// keys// rsa keys would normally be pulled from a storeRSA rsaKey1 = new RSACryptoServiceProvIDer();RSA rsaKey2 = new RSACryptoServiceProvIDer();var publicKeys = new[] { rsaKey1,rsaKey2 };string sessKeyname = "helloworldkey";var sessKey = new RijndaelManaged() { KeySize = 256 };// encryptvar encXml = new EncryptedXml();var encryptedElement = new EncryptedData(){    Type = EncryptedXml.XmlEncElementUrl,EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES256Url),KeyInfo = new KeyInfo()};encryptedElement.CipherData.CipherValue = encXml.EncryptData(elementToEncrypt,sessKey,false);encryptedElement.KeyInfo.AddClause(new KeyInfoname(sessKeyname));// encrypt the session key and add keyinfo'sint keyID = 0;foreach (var pk in publicKeys){    var encKey = new EncryptedKey()    {        CipherData = new CipherData(EncryptedXml.EncryptKey(sessKey.Key,pk,false)),EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncRSA15Url),RecipIEnt = string.Format("recipIEnt{0}@foobar.com",++keyID),CarrIEdKeyname = sessKeyname,};    encKey.KeyInfo.AddClause(new KeyInfoname(encKey.RecipIEnt));    encryptedElement.KeyInfo.AddClause(new KeyInfoEncryptedKey(encKey));}// update the xmlEncryptedXml.ReplaceElement(elementToEncrypt,encryptedElement,false);// show the resultConsole.Write(xdoc.InnerXml);Console.Readline();Console.Writeline(new string('-',80));

产生

<root>    <EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns="http://www.w3.org/2001/04/xmlenc#">        <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />        <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">            <Keyname>helloworldkey</Keyname>            <EncryptedKey RecipIEnt="recipIEnt1@foobar.com" xmlns="http://www.w3.org/2001/04/xmlenc#">                <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />                <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">                    <Keyname>recipIEnt1@foobar.com</Keyname>                </KeyInfo>                <CipherData>                    <CipherValue>bmVT4SuAgWto6NJoTnUhrwaQ5/bWx39WKfs8y/QEQbaEBqdvl2Wa3woQGZxfigZ2wsWZQJFW0YGMII0W6AATnsqGOOVEbdGxmnvXRISiRdhcyNHkHot0kDK987y446ws5CZQQuz8inGq/SNrhiK6RyVnBE4ykWjrJyIS5wScwqA=</CipherValue>                </CipherData>                <CarrIEdKeyname>helloworldkey</CarrIEdKeyname>            </EncryptedKey>            <EncryptedKey RecipIEnt="recipIEnt2@foobar.com" xmlns="http://www.w3.org/2001/04/xmlenc#">                <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />                <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">                    <Keyname>recipIEnt2@foobar.com</Keyname>                </KeyInfo>                <CipherData>                    <CipherValue>oR8NPTm1NasWeDXBjayLk+p9/5RTWOZwNJHUMTQpZB9v1Aasi75oSjGqSqN0HMTiviw6NWz8AvHB9+i08L4Hw8JRdlxZgjaKqTGu31wXmM3Vc0CoYQ15AWMZN4q4tSxDhwuT8fp9SN+WFBm+M3w3bcPoooAazzDHK3ErzfXzYiU=</CipherValue>                </CipherData>                <CarrIEdKeyname>helloworldkey</CarrIEdKeyname>            </EncryptedKey>        </KeyInfo>        <CipherData>            <CipherValue>ohjWIEFf2WO6v/CC+ugd7uxEKGJlxgdT9N+t3MhoTIyXHqT5VlknWs0XlAhcgajkxKFjwVO3p413eRSMTLXKCg==</CipherValue>        </CipherData>    </EncryptedData></root>

要解密文档,您必须提供密钥名称和证书私钥之间的映射：

// Decryptstring myKeyname = "recipIEnt1@foobar.com";// specify we want to use the key for recipIEnt1var encryptedDoc = new EncryptedXml(xdoc);encryptedDoc.AddKeynameMapPing(myKeyname,rsaKey1);encryptedDoc.RecipIEnt = myKeyname;// Decrypt the element.encryptedDoc.Decryptdocument();// show the resultConsole.Write(xdoc.InnerXml);Console.Readline();

结果：

<root><encryptme>hello world</encryptme></root>

总结

以上是内存溢出为你收集整理的c# – 具有X509证书的多个收件人的XML加密和解密全部内容，希望文章能够帮你解决c# – 具有X509证书的多个收件人的XML加密和解密所遇到的程序开发问题。

如果觉得内存溢出网站内容还不错，欢迎将内存溢出网站推荐给程序员好友。