【发布时间】:2015-09-02 16:27:02
【问题描述】:
我无法创建 SQL CLR 来从证书存储区执行解密函数和加密函数,并从证书中获取结果字符串。
'System.Security.SecurityException:请求'System.Security.Permissions.StorePermission,System,Version=4.0.0.0,Culture=neutral,PublicKeyToken=blahblahblahblah'类型的权限失败。 System.Security.SecurityException:'
有没有办法让 SQL CLR 可以访问您可以更改的系统配置或其他信任设置中的证书存储?我是否需要加载依赖的 System.Security.Cryptography 依赖库?我最终也想在 Azure SQL Server 上进行设置,所以这也可能是一个障碍。我知道我的解密和加密在硬编码从模式所需的证书获得的结果数据时工作正常。但是访问证书会更好:
fDecrypt('mythumbprintstringtofinditlocally', 'DLQUOUIEWLKCJLAKJA=!@#$'(一些使用本地证书加密的数据)
而不是硬编码数据。因为此证书可能会因环境而变化。
private void SetEncryptionDirectlyFromThumbprint(string certThumbprint)
{
var cert = GetCertificateByThumbprint(certThumbprint, StoreLocation.LocalMachine, StoreName.My);
}
//needs System.Security.Cryptography library.
private X509Certificate2 GetCertificateByThumbprint(string thumbprint, StoreLocation storeLocation, StoreName storeName, bool requirePrivateKey = false)
{
if (string.IsNullOrEmpty(thumbprint))
{
throw new ArgumentNullException("thumbprint");
}
var cleanedThumbprint = thumbprint.Replace(" ", "").ToUpperInvariant();
var store = new X509Store(storeName, storeLocation);
try
{
store.Open(OpenFlags.OpenExistingOnly | OpenFlags.ReadOnly);
var foundCerts = store.Certificates.Find(X509FindType.FindByThumbprint, cleanedThumbprint, false);
foreach (var cert in foundCerts)
{
if (!requirePrivateKey || cert.HasPrivateKey)
{
return cert;
}
}
}
finally
{
store.Close();
}
return null;
}
【问题讨论】:
标签: c# encryption sql-server-2012 cryptography sqlclr