如何在一个应用程序中加密数据，并在不同的Windows应用程序中使用与本地系统绑定的RSA密钥对其进行解密？

using System;
using System.IO;
using System.Security.Cryptography;
namespace TPMCrypto
    class Program
        static byte[] data = { 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20 };
        static byte[] privateKey;
        private static byte[] encrypted;
        private static byte[] decrypted;
        static void Main(string[] args)
            const string MyKey = "MyRSAKey";
            CngKey cngKey = null;
            string cmd = args.Length > 0 ? args[0] : "";
                CngKeyCreationParameters cng = new CngKeyCreationParameters
                    KeyUsage = CngKeyUsages.AllUsages,
                    KeyCreationOptions = CngKeyCreationOptions.MachineKey,
                    Provider = CngProvider.MicrosoftSoftwareKeyStorageProvider
                if (!CngKey.Exists(MyKey, CngProvider.MicrosoftSoftwareKeyStorageProvider, CngKeyOpenOptions.MachineKey))
                    Console.WriteLine("Creating rsaKey");
                    cngKey = CngKey.Create(CngAlgorithm.Rsa, MyKey, cng);
                    Console.WriteLine("Opening rsaKey");
                    cngKey = CngKey.Open(MyKey, CngProvider.MicrosoftSoftwareKeyStorageProvider, CngKeyOpenOptions.MachineKey);
                RSACng rsaKey = new RSACng(cngKey)
                    KeySize = 2048
                privateKey = rsaKey.Key.Export(CngKeyBlobFormat.GenericPrivateBlob);
                string prvResult = ByteArrayToHexString(privateKey, 0, privateKey.Length);
                Console.WriteLine("\nPrivate key - length = " + privateKey.Length + "\n" + prvResult + "\n");
                const string FILE_PATH = @"\temp\tpmtests\encryptedblob.dat";
                // Encrypt / decrypt
                if (cmd == "readfromfile")
                    Directory.CreateDirectory(Path.GetDirectoryName(FILE_PATH));
                    encrypted = File.ReadAllBytes(FILE_PATH);
                else if (cmd == "deletekey")
                    cngKey.Delete();
                    return;
                    encrypted = Encrypt(rsaKey, data);
                    Console.WriteLine("The encrypted blob: ");
                    Console.WriteLine(ByteArrayToHexString(encrypted, 0, encrypted.Length));
                    File.WriteAllBytes(FILE_PATH, encrypted);
                decrypted = Decrypt(rsaKey, encrypted);
                bool result = ByteArrayCompare(data, decrypted);
                if (result)
                    Console.WriteLine("Encrypt / decrypt works");
                    Console.WriteLine("Encrypt / decrypt fails");
            catch (Exception e)
                Console.WriteLine("Exception " + e.Message);
            finally
                if (cngKey != null)
                    cngKey.Dispose();
            Console.ReadLine();
        static bool ByteArrayCompare(byte[] a1, byte[] a2)
            if (a1.Length != a2.Length)
                return false;
            for (int i = 0; i < a1.Length; i++)
                if (a1[i] != a2[i])
                    return false;
            return true;
        public static string ByteArrayToHexString(byte[] bytes, int start, int length)
            string delimitedStringValue = BitConverter.ToString(bytes, start, length);
            return delimitedStringValue.Replace("-", "");
        public static byte[] Sign512(byte[] data, byte[] privateKey)
            CngKey key = CngKey.Import(privateKey, CngKeyBlobFormat.GenericPrivateBlob);
            RSACng crypto = new RSACng(key);
            return crypto.SignData(data, HashAlgorithmName.SHA512, RSASignaturePadding.Pkcs1);
        public static bool VerifySignature512(byte[] data, byte[] signature, byte[] publicKey)
            CngKey key = CngKey.Import(publicKey, CngKeyBlobFormat.GenericPublicBlob);
            RSACng crypto = new RSACng(key);
            return crypto.VerifyData(data, signature, HashAlgorithmName.SHA512, RSASignaturePadding.Pkcs1);
        public static byte[] Encrypt(byte[] publicKey, byte[] data)
            CngKey key = CngKey.Import(publicKey, CngKeyBlobFormat.GenericPublicBlob);
            RSACng crypto = new RSACng(key);
            var result = Encrypt(crypto, data);
            return result;
        public static byte[] Encrypt(RSACng crypto, byte[] data)
            if (null == crypto)
                return null;
            var result = crypto.Encrypt(data, RSAEncryptionPadding.OaepSHA512);
            return result;
        public static byte[] Decrypt(byte[] privateKey, byte[] data)
            CngKey key = CngKey.Import(privateKey, CngKeyBlobFormat.GenericPrivateBlob);
            RSACng crypto = new RSACng(key);
            var result = Decrypt(crypto, data);
            return result;
        public static byte[] Decrypt(RSACng aKey, byte[] data)
            if (null == aKey)
                return null;
            var result = aKey.Decrypt(data, RSAEncryptionPadding.OaepSHA512);
            return result;
}

RSACng rsaKey = new RSACng(cngKey)
    KeySize = 2048
};

CngKeyCreationParameters cng = new CngKeyCreationParameters
    KeyUsage = CngKeyUsages.AllUsages,
    KeyCreationOptions = CngKeyCreationOptions.MachineKey,

如何在一个应用程序中加密数据，并在不同的Windows应用程序中使用与本地系统绑定的RSA密钥对其进行解密？

1 个回答