You should avoid using RSACryptoServiceProviderif you can. It only works on Windows (and it's the less good RSA implementation on Windows). Stick to the RSAbase class, and create new instances via RSA.Create()

RSACryptoServiceProvider如果可以，您应该避免使用。它只适用于 Windows（它是 Windows 上不太好的 RSA 实现）。坚持RSA基类，并通过创建新实例RSA.Create()

Ephemeral Keys (Creation)

临时密钥（创建）

.NET Core

.NET 核心

using (RSA rsa = RSA.Create())
{
    rsa.KeySize = desiredKeySizeInBits;

    // when the key next gets used it will be created at that keysize.
    DoStuffWithThePrivateKey(rsa);
}

.NET Framework

.NET 框架

Unfortunately, the default for RSA.Create() on .NET Framework is RSACryptoServiceProvider, which doesn't respect set_KeySize. So if you need ephemeral keys you'll need to use different code on .NET Framework vs .NET Core:

不幸的是，.NET Framework 上 RSA.Create() 的默认值是 RSACryptoServiceProvider，它不考虑 set_KeySize。因此，如果您需要临时密钥，则需要在 .NET Framework 和 .NET Core 上使用不同的代码：

using (RSA rsa = new RSACng())
{
    rsa.KeySize = desiredKeySizeInBits;

    DoStuffWithThePrivateKey(rsa);
}

Or, if you need to support versions earlier than 4.6 (where RSACng didn't exist) / 4.6.2 (where most of the .NET Framework worked happily with RSACng objects instead of RSACryptoServiceProvider objects) you can continue to use the older implementation:

或者，如果您需要支持早于 4.6（其中 RSACng 不存在）/4.6.2（其中大多数 .NET Framework 与 RSACng 对象而不是 RSACryptoServiceProvider 对象一起愉快地工作）的版本，您可以继续使用旧的实现：

using (RSA rsa = new RSACryptoServiceProvider(desiredKeySizeInBits))
{
    // Since before net46 the Encrypt/Decrypt, SignData/VerifyData, SignHash/VerifyHash
    // methods were not defined at the RSA base class, you might need to keep this strongly
    // typed as RSACryptoServiceProvider.
    DoStuffWithThePrivateKey(rsa);
}

Ephemeral Keys (Import)

临时密钥（导入）

Even though RSACng, in general, is easier to work with than RSACryptoServiceProvider, RSACryptoServiceProvider should work fine in this context, so RSA.Create() is good on all platforms:

尽管 RSACng 通常比 RSACryptoServiceProvider 更容易使用，但 RSACryptoServiceProvider 在这种情况下应该可以正常工作，因此 RSA.Create() 在所有平台上都很好：

using (RSA rsa = RSA.Create())
{
    rsa.ImportParameters(rsaParameters);

    DoStuffWithWhateverKindOfKeyYouImported(rsa);
}

From a certificate:

从证书：

.NET Core 1.0+, .NET Framework 4.6+

.NET Core 1.0+、.NET Framework 4.6+

using (RSA rsa = cert.GetRSAPublicKey())
{
    DoStuffWithThePublicKey(rsa);
}

or

或者

using (RSA rsa = cert.GetRSAPrivateKey())
{
    DoStuffWithThePrivateKey(rsa);
}

.NET Framework < 4.6

.NET 框架 < 4.6

// Do NOT put this in a using block, since the object is shared by all callers:
RSA rsaPrivate = (RSA)cert.PrivateKey;
DoStuffWithThePrivateKey(rsaPrivate);

// Do NOT put this in a using block, since the object is shared by all callers:
RSA rsaPublicOnly = (RSA)cert.PublicKey.Key;
DoStuffWithThePublicKey(rsaPublic);

Using Named/Persisted Keys (Windows-only)

使用命名/持久键（仅限 Windows）

I was going to include some samples about RSACryptoServiceProvider (WinXP+/CAPI) and RSACng (Win7+/CNG) creating/opening named keys, but that's not a very common scenario in .NET; and it certainly isn't portable (portability to other OSes being one of the more compelling arguments for .NET Core).

我打算包含一些关于 RSACryptoServiceProvider (WinXP+/CAPI) 和 RSACng (Win7+/CNG) 创建/打开命名密钥的示例，但这在 .NET 中并不是很常见的场景；它当然不可移植（可移植到其他操作系统是 .NET Core 更引人注目的论据之一）。

Referencing things.

参考事物。

For .NET Core 1.0 and 1.1, you get access to the RSA base class from the System.Security.Cryptography.Algorithmspackage. In .NET Core 2.0 it will be included in the netstandardpackage reference.

对于 .NET Core 1.0 和 1.1，您可以从System.Security.Cryptography.Algorithms包中访问 RSA 基类。在 .NET Core 2.0 中，它将包含在netstandard包参考中。

If you needto do complex interop with the OS you can reference System.Security.Cryptography.Cng(Windows CNG), System.Security.Cryptography.Csp(Windows CAPI/CryptoServiceProvider), or System.Security.Cryptography.OpenSsl(Linux OpenSSL, macOS OpenSSL) and get access to the interop-enabled classes (RSACng, RSACryptoServiceProvider, RSAOpenSsl). But, really, you shouldn't do that.

如果您需要与操作系统进行复杂的互操作，您可以参考System.Security.Cryptography.Cng(Windows CNG)、System.Security.Cryptography.Csp(Windows CAPI/CryptoServiceProvider) 或System.Security.Cryptography.OpenSsl(Linux OpenSSL、macOS OpenSSL) 并访问启用互操作的类（RSACng、RSACryptoServiceProvider、RSAOpenSsl）。但是，真的，你不应该那样做。

What does RSA.Create() return?

RSA.Create() 返回什么？

• .NET Framework: RSACryptoServiceProvider, unless changed by CryptoConfig.
• .NET Core (Windows): A private class which implements RSA via CNG, you can't cast it to any more specific type.
• .NET Core (Linux): A private class which implements RSA via OpenSSL, you can't cast it to any more specific type.
• .NET Core (macOS): A private class which implements RSA via OpenSSL, you can't cast it to any more specific type. (This should be via SecureTransforms in the next release of .NET Core)

• .NET Framework：RSACryptoServiceProvider，除非被 CryptoConfig 更改。
• .NET Core (Windows)：通过 CNG 实现 RSA 的私有类，您不能将其转换为任何更具体的类型。
• .NET Core (Linux)：通过 OpenSSL 实现 RSA 的私有类，您不能将其转换为任何更具体的类型。
• .NET Core (macOS)：通过 OpenSSL 实现 RSA 的私有类，您不能将其转换为任何更具体的类型。（这应该通过 .NET Core 下一版本中的 SecureTransforms 实现）

You will need to use the dotnetcore library instead. Add the System.Security.Cryptography.AlgorithmsNuget package to your project. You can find it here: System.Security.Cryptography.Algorithms

您将需要改用 dotnetcore 库。将System.Security.Cryptography.AlgorithmsNuget 包添加到您的项目中。你可以在这里找到它：System.Security.Cryptography.Algorithms

It provides all the common Algorithms for your project.

它为您的项目提供了所有常见的算法。

Here is the RSACryptoServiceProvider classthat you would use for the Encrypt() and Decrypt() methods.

这是您将用于 Encrypt() 和 Decrypt() 方法的RSACryptoServiceProvider 类。