2017-04-03 68 views
1

我正在根據RFC4716(或者至少我認爲是這樣)使用C#和標準密碼庫生成一個4096位的RSA KEY,但是git hub說我擁有一個鍵的大小錯誤,當我嘗試將其添加到與我的帳戶關聯的鍵時返回以下錯誤。Github上的弱密鑰錯誤,用C#生成的4096 RSAkey

Key is weak. GitHub recommends using ssh-keygen to generate a RSA key of at least 2048 bits.

這是生成代碼的關鍵是:

public static void GenerateKeys() 
    { 
     // Create the CspParameters object and set the key container 
     // name used to store the RSA key pair. 
     CspParameters cp = new CspParameters(); 
     //cp.KeyContainerName = ContainerName; 

     CspKeyContainerInfo info = new CspKeyContainerInfo(cp); 
     //string filename = info.UniqueKeyContainerName; 

     // Create a new instance of RSACryptoServiceProvider that accesses 
     // the key container MyKeyContainerName. 
     RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(4096, cp); 
     var test = rsa.KeySize; 

     using (StreamWriter privateKeyWriter = new StreamWriter(GitStandard.PrivateSSHKeyPath)) 
     { 
      ExportPrivateKey(rsa, privateKeyWriter); 
     } 

     using (StreamWriter publicKeyWriter = new StreamWriter(GitStandard.PublicSSHKeyPath)) 
     { 

      ExportPublicKeyOpenSSH(rsa, publicKeyWriter); 
     } 
    } 

方法ExportPublicKeyOpenSSH是代碼的小改在this thread with answers on how to convert the key to RFC4716發現,我做不同的唯一的事情就是增加一個零(0)在模數轉換之前。

private static void ExportPublicKeyOpenSSH(RSACryptoServiceProvider csp, TextWriter outputStream) 
     { 
      var parameters = csp.ExportParameters(false); 


      byte[] sshrsa_bytes = Encoding.Default.GetBytes("ssh-rsa"); 
      //initializing modulus array 
      byte[] n = new Byte[parameters.Modulus.Length + 1]; 
      //adding initial zero before modulus to conform with OpenSSH 
      n[0] = 0; 
      System.Buffer.BlockCopy(parameters.Modulus, 0, n, 1, parameters.Modulus.Length); 
      //byte[] n = parameters.Modulus; 
      byte[] e = parameters.Exponent; 
      System.Array.Resize<Byte>(ref n, n.Length + 1); 
      string base64; 
      using (var stream = new MemoryStream()) 
      { 
       stream.Write(ToBytes(sshrsa_bytes.Length), 0, 4); 
       stream.Write(sshrsa_bytes, 0, sshrsa_bytes.Length); 
       stream.Write(ToBytes(e.Length), 0, 4); 
       stream.Write(e, 0, e.Length); 
       stream.Write(ToBytes(n.Length), 0, 4); 
       stream.Write(n, 0, n.Length); 
       stream.Flush(); 
       base64 = Convert.ToBase64String(stream.ToArray()); 
      } 
      var result = string.Format("ssh-rsa {0}", base64); 
      outputStream.Write(result); 
     } 

產生什麼關鍵的模樣

支持SSH-RSA AAAAB3NzaC1yc2EAAAADAQABAAACAgD171Y9VeinRALRfU8adS2K0vYHGfKkQwqs8SOQbhURFNtazupsocmpW96dYF346UVVCiKQCYrCW6t0QpGE3ch7onqTvXBszA9mfcuLX9hlhesJqFyUTHxDUopCc2tc5fWYuZ4MeySKuOetBEmPfN3Eu + SWC8j3VS9YzIDjwhkBPcJoxOnv3l7pSxEzGBGQXwdGmL8TFxxsBhue1ajralYPXgJo1nra70ChHcr8PfJvIXigBYCkwnb0KuofbPyhHETo4fNJqCPa1rLjnKoz5iTpyak2SWnhD5FX0/t4juaL/OKNE4YSaAqpWwA9VS1i + y7doeSRc22tm5LHgSLmlxg6h5lPKm5emB840eMLOPvZLS/4uODzFPMo4NFC2ZwNwdlXhcQE9EVtz9EZox1isKpJgShqJPh0sHVH9RnCuBSxW5N79KtsvcXI2zAiLBczKukqU2rTkvYdV1Wkx4zHSvLe42PQuJvSwhwW1tlgyFemd2aRwGDltQyGT PNOZ28E6SGgvxYtB4nvcu8gLyxob4Hz3ysohDB0Z9ZEismSK/8eSeMrBPosTBO77tsjUk1L8v2lHXQ + p1raLpd3ETeae7vZjt6zMFCIhNKDvdJL9b0mIKLB26PMhWG4DzSTJGeIANjiNryWK7y0gdgdPs5953H1EJVRQ0wd2ceFFg2 + kpqlrQA =

使用命令ssh-keygen -l -f custom_rsa.pub測試密鑰的有效性。

$ ssh-keygen -l -f custom_rsa.pub 
4104 SHA256:uGO4sHOXXuX1waf+8jrdsWr3/57npF5AuUKUgYVWbCI no comment (RSA) 
+2

您調整'n'以在左側添加0(通過從索引1開始手動複製)並在右側添加0(Array.Resize)。後者可能會讓你陷入困境。此外,不要使用Encoding.Default,而是使用任何你想要的編碼。'Encoding.ASCII',可能。 – bartonjs

+0

@bartonjs你完全正確。我應該注意到這一點,謝謝。你能發表答覆嗎? – Anika

回答

1

您調整n既左邊增加一個0(通過手動複製到它開始於索引1)和到右側增加一個0(經由Array.Resize)。後者可能會讓你陷入困境。

此外,(無關)你可能不應該使用Encoding.Default,而是你想要的任何編碼。大概是。