问题描述
我想读取EFS证书(例如从pfx文件中读取),并临时使用它来读取/写入一些文件。 (我希望它在程序退出后不再保留在任何存储中。)看来SetUserFileEncryptionKey可以提供此功能,但是在尝试时会得到一个奇怪的返回码(0x80092004)。这是我的代码:
var x509Cert = new X509Certificate2(@"C:\Users\Public\Downloads\key.pfx","<mypass>");
var certContext = Marshal.PtrToStructure<CertContext>(x509Cert.Handle);
var blob = new EfsCertificateBlob
{
dwCertEncodingType = certContext.dwCertEncodingType,cbData = certContext.cbCertEncoded,pbData = certContext.pbCertEncoded,};
var pCertBlob = Marshal.AllocHGlobal(Marshal.SizeOf(blob));
Marshal.StructureToPtr(blob,pCertBlob,false);
var id = WindowsIdentity.GetCurrent();
var curStringSid = id.User?.Value;
Console.WriteLine(curStringSid);
ConvertStringSidToSid(curStringSid,out var sidPtr);
var certStruct = new EncryptionCertificate
{
cbTotalLength = (uint) Marshal.SizeOf(typeof(EncryptionCertificate)),pUserSid = sidPtr,pCertBlob = pCertBlob,};
var res = SetUserFileEncryptionKey(certStruct);
Console.WriteLine($"Result: 0x{res:X}"); // Result: 0x80092004
这也是我的互操作代码:
[StructLayout(LayoutKind.Sequential)]
public class CertContext
{
public uint dwCertEncodingType;
public IntPtr pbCertEncoded;
public uint cbCertEncoded;
public IntPtr pCertInfo;
public IntPtr hCertStore;
}
[StructLayout(LayoutKind.Sequential)]
public class EfsCertificateBlob
{
public uint dwCertEncodingType;
public uint cbData;
public IntPtr pbData;
}
[StructLayout(LayoutKind.Sequential)]
public class EncryptionCertificate
{
public uint cbTotalLength;
public IntPtr pUserSid;
public IntPtr pCertBlob;
}
[DllImport("Advapi32.dll")]
public static extern uint SetUserFileEncryptionKey(EncryptionCertificate pEncryptionCertificate);
SetUserFileEncryptionKey可以做我希望做的吗?那我在做什么错了?
(我的用例是处理不希望用户以后再读取或重新分发的敏感数据。因此,我希望这些文件在过程终止后立即不可访问。)
解决方法
看来0x80092004是CRYPT_E_NOT_FOUND,而SetUserFileEncryptionKey仅适用于已经属于用户证书存储的证书。当我导入相关证书时,上面的代码返回ERROR_SUCCESS。看来此功能无法满足我希望的用例。
依赖报错 idea导入项目后依赖报错,解决方案:https://blog....
错误1:gradle项目控制台输出为乱码 # 解决方案:https://bl...