{"ID":"20250923121609-0wylfl2","Spec":"2","Type":"NodeDocument","Properties":{"id":"20250923121609-0wylfl2","title":"windows创建自定义证书导入YubiKey开启BitLocker (Conflicted 2025-09-23 12:16:09)","type":"doc","updated":"20250912065519"},"Children":[{"ID":"20250923121609-2v78i8l","Type":"NodeHeading","HeadingLevel":1,"Properties":{"id":"20250923121609-2v78i8l","updated":"20250912145511"},"Children":[{"Type":"NodeText","Data":"windows创建自定义证书导入YubiKey开启BitLocker"}]},{"ID":"20250923121609-5ym7slo","Type":"NodeParagraph","Properties":{"id":"20250923121609-5ym7slo","updated":"20250912145511"},"Children":[{"Type":"NodeTextMark","TextMarkType":"a","TextMarkAHref":"https://www.jianshu.com/p/481dab626d68","TextMarkTextContent":"www.jianshu.com"}]},{"ID":"20250923121609-gp10nop","Type":"NodeHeading","HeadingLevel":2,"Properties":{"id":"20250923121609-gp10nop","updated":"20250912145511"},"Children":[{"Type":"NodeText","Data":"一、创建证书"}]},{"ID":"20250923121609-536wd49","Type":"NodeParagraph","Properties":{"id":"20250923121609-536wd49","updated":"20250912145511"},"Children":[{"Type":"NodeText","Data":"window证书是X.509 数字证书，遵守RFC 3280。 PowerShell中的New-SelfSignedCertificate命令可创建自定义证书。"}]},{"ID":"20250923121609-vfdd9qs","Type":"NodeParagraph","Properties":{"id":"20250923121609-vfdd9qs","updated":"20250912145511"},"Children":[{"Type":"NodeText","Data":"证书用途由OID决定，下面列出常见的OID.如果一个证书有多个用途，不同OID之间用英文的逗号链接\",\""}]},{"ID":"20250923121609-sfyjo4n","Type":"NodeParagraph","Properties":{"id":"20250923121609-sfyjo4n","updated":"20250912145511"},"Children":[{"Type":"NodeText","Data":"    2.5.29.32.0 所有颁发的策略\n    1.3.6.1.5.5.7.3.1 服务器身份验证\n    1.3.6.1.5.5.7.3.2 客户端身份验证\n    1.3.6.1.4.1.311.67.1.1 BitLocker驱动器加密\n    1.3.6.1.4.1.311.10.3.4 加密文件系统\n    1.3.6.1.4.1.311.10.3.12 文档签名\n    1.3.6.1.5.5.7.3.4 安全电子邮件"}]},{"ID":"20250923121609-96b8u6e","Type":"NodeParagraph","Properties":{"id":"20250923121609-96b8u6e","updated":"20250912145511"},"Children":[{"Type":"NodeText","Data":"创建密钥"}]},{"ID":"20250923121609-ma9ho8h","Type":"NodeParagraph","Properties":{"id":"20250923121609-ma9ho8h","updated":"20250912145511"},"Children":[{"Type":"NodeText","Data":"    New-SelfSignedCertificate -Type Custom -Subject \"CN=jcl,E=im.jcl@live.com\" -TextExtension @(\"2.5.29.37={text}1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.2,1.3.6.1.4.1.311.67.1.1,1.3.6.1.4.1.311.10.3.4,1.3.6.1.4.1.311.10.3.12,1.3.6.1.5.5.7.3.4\",\"2.5.29.17={text}upn=im.jcl@live.com\u0026email=im.jcl@live.com\") -KeyUsage KeyEncipherment -KeyAlgorithm RSA -KeyLength 2048 -HashAlgorithm sha256  -CurveExport CurveName -CertStoreLocation  \"Cert:\\CurrentUser\\My\" -NotAfter (Get-Date).AddMonths(1200)"}]},{"ID":"20250923121609-vn5131i","Type":"NodeParagraph","Properties":{"id":"20250923121609-vn5131i","updated":"20250912145511"},"Children":[{"Type":"NodeText","Data":"命令中的参数含义"}]},{"ID":"20250923121609-lw9a54h","Type":"NodeParagraph","Properties":{"id":"20250923121609-lw9a54h","updated":"20250912145511"},"Children":[{"Type":"NodeText","Data":"    CN 通用名称\n    E 颁发者电子邮箱？\n    upn 户主体名称\n    email 安全电子邮箱的地址\n    AddMonths(1200) 120个月后过期"}]},{"ID":"20250923121609-k6kvciq","Type":"NodeParagraph","Properties":{"id":"20250923121609-k6kvciq","updated":"20250912145511"},"Children":[{"Type":"NodeText","Data":"​"},{"Type":"NodeImage","Data":"span","Children":[{"Type":"NodeBang"},{"Type":"NodeOpenBracket"},{"Type":"NodeLinkText"},{"Type":"NodeCloseBracket"},{"Type":"NodeOpenParen"},{"Type":"NodeLinkDest","Data":"https://cubox.pro/c/filters:no_upscale()?imageUrl=https%3A%2F%2Fupload-images.jianshu.io%2Fupload_images%2F26353574-f9fde75382917f40.png%3FimageMogr2%2Fauto-orient%2Fstrip%7CimageView2%2F2%2Fw%2F1112%2Fformat%2Fwebp\u0026valid=false"},{"Type":"NodeCloseParen"}]},{"Type":"NodeText","Data":"​"}]},{"ID":"20250923121609-r2vuq0b","Type":"NodeParagraph","Properties":{"id":"20250923121609-r2vuq0b","updated":"20250912145511"},"Children":[{"Type":"NodeText","Data":"image-20220513211748530.png"}]},{"ID":"20250923121609-sa1k5wo","Type":"NodeHeading","HeadingLevel":2,"Properties":{"id":"20250923121609-sa1k5wo","updated":"20250912145511"},"Children":[{"Type":"NodeText","Data":"二、从系统中导出证书"}]},{"ID":"20250923121609-l2whgo7","Type":"NodeHeading","HeadingLevel":3,"Properties":{"id":"20250923121609-l2whgo7","updated":"20250912145511"},"Children":[{"Type":"NodeText","Data":"1、打开证书"}]},{"ID":"20250923121609-jj6fn9c","Type":"NodeParagraph","Properties":{"id":"20250923121609-jj6fn9c","updated":"20250912145511"},"Children":[{"Type":"NodeText","Data":"开运行中输入\"certmgr.msc\"打开证书管理。"}]},{"ID":"20250923121609-q48obja","Type":"NodeParagraph","Properties":{"id":"20250923121609-q48obja","updated":"20250912145511"},"Children":[{"Type":"NodeText","Data":"​"},{"Type":"NodeImage","Data":"span","Children":[{"Type":"NodeBang"},{"Type":"NodeOpenBracket"},{"Type":"NodeLinkText"},{"Type":"NodeCloseBracket"},{"Type":"NodeOpenParen"},{"Type":"NodeLinkDest","Data":"https://cubox.pro/c/filters:no_upscale()?imageUrl=https%3A%2F%2Fupload-images.jianshu.io%2Fupload_images%2F26353574-c8d97d74f91a46cb.png%3FimageMogr2%2Fauto-orient%2Fstrip%7CimageView2%2F2%2Fw%2F801%2Fformat%2Fwebp\u0026valid=false"},{"Type":"NodeCloseParen"}]},{"Type":"NodeText","Data":"​"}]},{"ID":"20250923121609-nmzg96v","Type":"NodeParagraph","Properties":{"id":"20250923121609-nmzg96v","updated":"20250912145511"},"Children":[{"Type":"NodeText","Data":"image-20220513212255905.png"}]},{"ID":"20250923121609-zogt810","Type":"NodeParagraph","Properties":{"id":"20250923121609-zogt810","updated":"20250912145511"},"Children":[{"Type":"NodeText","Data":"在证书管理中能看见我们创建的证书。注意创建的证书在\"个人"},{"Type":"NodeBackslash","Data":"span","Children":[{"Type":"NodeText","Data":"\\"}]},{"Type":"NodeText","Data":"证书\"和\"中间证书颁发机构"},{"Type":"NodeBackslash","Data":"span","Children":[{"Type":"NodeText","Data":"\\"}]},{"Type":"NodeText","Data":"证书\"中都有保存，删除证书时，必须同时删除。"}]},{"ID":"20250923121609-e6oqilf","Type":"NodeHeading","HeadingLevel":3,"Properties":{"id":"20250923121609-e6oqilf","updated":"20250912145511"},"Children":[{"Type":"NodeText","Data":"2、查看证书用途"}]},{"ID":"20250923121609-858lc6w","Type":"NodeParagraph","Properties":{"id":"20250923121609-858lc6w","updated":"20250912145511"},"Children":[{"Type":"NodeText","Data":"鼠标放在证书上，右键点击属性，能看该证书用途。"}]},{"ID":"20250923121609-2gfzptr","Type":"NodeParagraph","Properties":{"id":"20250923121609-2gfzptr","updated":"20250912145511"},"Children":[{"Type":"NodeText","Data":"​"},{"Type":"NodeImage","Data":"span","Children":[{"Type":"NodeBang"},{"Type":"NodeOpenBracket"},{"Type":"NodeLinkText"},{"Type":"NodeCloseBracket"},{"Type":"NodeOpenParen"},{"Type":"NodeLinkDest","Data":"https://cubox.pro/c/filters:no_upscale()?imageUrl=https%3A%2F%2Fupload-images.jianshu.io%2Fupload_images%2F26353574-918a585fda849fe6.png%3FimageMogr2%2Fauto-orient%2Fstrip%7CimageView2%2F2%2Fw%2F461%2Fformat%2Fwebp\u0026valid=false"},{"Type":"NodeCloseParen"}]},{"Type":"NodeText","Data":"​"}]},{"ID":"20250923121609-9ihpw0m","Type":"NodeParagraph","Properties":{"id":"20250923121609-9ihpw0m","updated":"20250912145511"},"Children":[{"Type":"NodeText","Data":"image-20220513212546880.png"}]},{"ID":"20250923121609-1yo0s2h","Type":"NodeHeading","HeadingLevel":3,"Properties":{"id":"20250923121609-1yo0s2h","updated":"20250912145511"},"Children":[{"Type":"NodeText","Data":"3、导出证书"}]},{"ID":"20250923121609-g7dw7hr","Type":"NodeParagraph","Properties":{"id":"20250923121609-g7dw7hr","updated":"20250912145511"},"Children":[{"Type":"NodeText","Data":"鼠标放在证书上，右键点所有任务"},{"Type":"NodeBackslash","Data":"span","Children":[{"Type":"NodeText","Data":"\\"}]},{"Type":"NodeText","Data":"导出。"}]},{"ID":"20250923121609-5udz06m","Type":"NodeParagraph","Properties":{"id":"20250923121609-5udz06m","updated":"20250912145511"},"Children":[{"Type":"NodeText","Data":"打开证书导出对话框，按提示操作即可。注意这里必须选择导出私钥，同时为了保证私钥安全必须设置密码。"}]},{"ID":"20250923121609-jzsmxgs","Type":"NodeParagraph","Properties":{"id":"20250923121609-jzsmxgs","updated":"20250912145511"},"Children":[{"Type":"NodeText","Data":"​"},{"Type":"NodeImage","Data":"span","Children":[{"Type":"NodeBang"},{"Type":"NodeOpenBracket"},{"Type":"NodeLinkText"},{"Type":"NodeCloseBracket"},{"Type":"NodeOpenParen"},{"Type":"NodeLinkDest","Data":"https://cubox.pro/c/filters:no_upscale()?imageUrl=https%3A%2F%2Fupload-images.jianshu.io%2Fupload_images%2F26353574-c6193682f290a677.png\u0026valid=false"},{"Type":"NodeCloseParen"}]},{"Type":"NodeText","Data":"​"}]},{"ID":"20250923121609-f8cfn3p","Type":"NodeParagraph","Properties":{"id":"20250923121609-f8cfn3p","updated":"20250912145511"},"Children":[{"Type":"NodeText","Data":"image-20220513213000476.png"}]},{"ID":"20250923121609-ms0sdbe","Type":"NodeParagraph","Properties":{"id":"20250923121609-ms0sdbe","updated":"20250912145511"},"Children":[{"Type":"NodeText","Data":"注意：导出的证书一定要设置强密码，创建多个副本分开保存。"}]},{"ID":"20250923121609-uzfdl3t","Type":"NodeHeading","HeadingLevel":3,"Properties":{"id":"20250923121609-uzfdl3t","updated":"20250912145511"},"Children":[{"Type":"NodeText","Data":"4、删除证书"}]},{"ID":"20250923121609-mjqzt9o","Type":"NodeParagraph","Properties":{"id":"20250923121609-mjqzt9o","updated":"20250912145511"},"Children":[{"Type":"NodeText","Data":"在证书管理中删除已经备份的证书。"}]},{"ID":"20250923121609-r04bgy6","Type":"NodeParagraph","Properties":{"id":"20250923121609-r04bgy6","updated":"20250912145511"},"Children":[{"Type":"NodeText","Data":"怕漏删，可以直接搜索证书名称，再把搜索出的证书，再删除。"}]},{"ID":"20250923121609-4dt0wrq","Type":"NodeHeading","HeadingLevel":2,"Properties":{"id":"20250923121609-4dt0wrq","updated":"20250912145511"},"Children":[{"Type":"NodeText","Data":"三、初始化YubiKey 5 NFC"}]},{"ID":"20250923121609-r2ihf88","Type":"NodeHeading","HeadingLevel":3,"Properties":{"id":"20250923121609-r2ihf88","updated":"20250912145511"},"Children":[{"Type":"NodeText","Data":"1、下载YubiKey Manager"}]},{"ID":"20250923121609-dcjm74m","Type":"NodeParagraph","Properties":{"id":"20250923121609-dcjm74m","updated":"20250912145511"},"Children":[{"Type":"NodeText","Data":"到官网下载或群共享下载YubiKey Manager并安装。"}]},{"ID":"20250923121609-5d5eyqc","Type":"NodeHeading","HeadingLevel":3,"Properties":{"id":"20250923121609-5d5eyqc","updated":"20250912145511"},"Children":[{"Type":"NodeText","Data":"2、设置PIN和PUK"}]},{"ID":"20250923121609-goo6076","Type":"NodeParagraph","Properties":{"id":"20250923121609-goo6076","updated":"20250912145511"},"Children":[{"Type":"NodeText","Data":"把YubiKey 5 NFC插入电脑USB接口，并运行YubiKey Manager。"}]},{"ID":"20250923121609-63fabdi","Type":"NodeParagraph","Properties":{"id":"20250923121609-63fabdi","updated":"20250912145511"},"Children":[{"Type":"NodeText","Data":"运行YubiKey Manager，点击Applications "},{"Type":"NodeBackslash","Data":"span","Children":[{"Type":"NodeText","Data":"\\"}]},{"Type":"NodeText","Data":" PIV。"}]},{"ID":"20250923121609-seodwgj","Type":"NodeParagraph","Properties":{"id":"20250923121609-seodwgj","updated":"20250912145511"},"Children":[{"Type":"NodeText","Data":"​"},{"Type":"NodeImage","Data":"span","Children":[{"Type":"NodeBang"},{"Type":"NodeOpenBracket"},{"Type":"NodeLinkText"},{"Type":"NodeCloseBracket"},{"Type":"NodeOpenParen"},{"Type":"NodeLinkDest","Data":"https://cubox.pro/c/filters:no_upscale()?imageUrl=https%3A%2F%2Fupload-images.jianshu.io%2Fupload_images%2F26353574-52c86c2dd4f1d6b4.png\u0026valid=false"},{"Type":"NodeCloseParen"}]},{"Type":"NodeText","Data":"​"}]},{"ID":"20250923121609-jes0fzx","Type":"NodeParagraph","Properties":{"id":"20250923121609-jes0fzx","updated":"20250912145511"},"Children":[{"Type":"NodeText","Data":"image-20220513213653667.png"}]},{"ID":"20250923121609-mczhuyo","Type":"NodeParagraph","Properties":{"id":"20250923121609-mczhuyo","updated":"20250912145511"},"Children":[{"Type":"NodeText","Data":"点击PIN Management 管理PIN码，建议修改PIN和PUK。这里注意和证书保护密码区分。"}]},{"ID":"20250923121609-34hyoos","Type":"NodeParagraph","Properties":{"id":"20250923121609-34hyoos","updated":"20250912145511"},"Children":[{"Type":"NodeText","Data":"​"},{"Type":"NodeImage","Data":"span","Children":[{"Type":"NodeBang"},{"Type":"NodeOpenBracket"},{"Type":"NodeLinkText"},{"Type":"NodeCloseBracket"},{"Type":"NodeOpenParen"},{"Type":"NodeLinkDest","Data":"https://cubox.pro/c/filters:no_upscale()?imageUrl=https%3A%2F%2Fupload-images.jianshu.io%2Fupload_images%2F26353574-2ad3777509b537c6.png\u0026valid=false"},{"Type":"NodeCloseParen"}]},{"Type":"NodeText","Data":"​"}]},{"ID":"20250923121609-ao82n7a","Type":"NodeParagraph","Properties":{"id":"20250923121609-ao82n7a","updated":"20250912145511"},"Children":[{"Type":"NodeText","Data":"image-20220513213938633.png"}]},{"ID":"20250923121609-1mfianb","Type":"NodeHeading","HeadingLevel":3,"Properties":{"id":"20250923121609-1mfianb","updated":"20250912145511"},"Children":[{"Type":"NodeText","Data":"3、导入证书"}]},{"ID":"20250923121609-ktakovc","Type":"NodeParagraph","Properties":{"id":"20250923121609-ktakovc","updated":"20250912145511"},"Children":[{"Type":"NodeText","Data":"点击Certificates进入证书管理。"}]},{"ID":"20250923121609-l1mnpkj","Type":"NodeParagraph","Properties":{"id":"20250923121609-l1mnpkj","updated":"20250912145511"},"Children":[{"Type":"NodeText","Data":"选择9a插槽，并点击Import。"}]},{"ID":"20250923121609-o4qeknv","Type":"NodeParagraph","Properties":{"id":"20250923121609-o4qeknv","updated":"20250912145511"},"Children":[{"Type":"NodeText","Data":"​"},{"Type":"NodeImage","Data":"span","Children":[{"Type":"NodeBang"},{"Type":"NodeOpenBracket"},{"Type":"NodeLinkText"},{"Type":"NodeCloseBracket"},{"Type":"NodeOpenParen"},{"Type":"NodeLinkDest","Data":"https://cubox.pro/c/filters:no_upscale()?imageUrl=https%3A%2F%2Fupload-images.jianshu.io%2Fupload_images%2F26353574-ff8b9b9826f175b8.png\u0026valid=false"},{"Type":"NodeCloseParen"}]},{"Type":"NodeText","Data":"​"}]},{"ID":"20250923121609-fhsqpgl","Type":"NodeParagraph","Properties":{"id":"20250923121609-fhsqpgl","updated":"20250912145511"},"Children":[{"Type":"NodeText","Data":"image-20220513214403780.png"}]},{"ID":"20250923121609-zh3rmhb","Type":"NodeParagraph","Properties":{"id":"20250923121609-zh3rmhb","updated":"20250912145511"},"Children":[{"Type":"NodeText","Data":"点击后按提示操作就可以。注意第一个对话框是输入证书保护密码，第二个对话框是输入刚创建的PIN码。"}]},{"ID":"20250923121609-gnrt92t","Type":"NodeHeading","HeadingLevel":2,"Properties":{"id":"20250923121609-gnrt92t","updated":"20250912145511"},"Children":[{"Type":"NodeText","Data":"四、给驱动器启用BitLocker"}]},{"ID":"20250923121609-p99fgcb","Type":"NodeParagraph","Properties":{"id":"20250923121609-p99fgcb","updated":"20250912145511"},"Children":[{"Type":"NodeText","Data":"选择磁盘分区右键点击\"启用BitLocker加密。按提示操作下去。"}]},{"ID":"20250923121609-klw6n40","Type":"NodeParagraph","Properties":{"id":"20250923121609-klw6n40","updated":"20250912145511"},"Children":[{"Type":"NodeText","Data":"​"},{"Type":"NodeImage","Data":"span","Children":[{"Type":"NodeBang"},{"Type":"NodeOpenBracket"},{"Type":"NodeLinkText"},{"Type":"NodeCloseBracket"},{"Type":"NodeOpenParen"},{"Type":"NodeLinkDest","Data":"https://cubox.pro/c/filters:no_upscale()?imageUrl=https%3A%2F%2Fupload-images.jianshu.io%2Fupload_images%2F26353574-95c0650e2e3cdf86.png\u0026valid=false"},{"Type":"NodeCloseParen"}]},{"Type":"NodeText","Data":"​"}]},{"ID":"20250923121609-6ccinys","Type":"NodeParagraph","Properties":{"id":"20250923121609-6ccinys","updated":"20250912145511"},"Children":[{"Type":"NodeText","Data":"image-20220513221048112.png"}]},{"ID":"20250923121609-p0zchm9","Type":"NodeParagraph","Properties":{"id":"20250923121609-p0zchm9","updated":"20250912145511"},"Children":[{"Type":"NodeText","Data":"一定要备份恢复密钥，建议保存Mircosoft账户或者U盘中。"}]},{"ID":"20250923121609-fqwqklh","Type":"NodeParagraph","Properties":{"id":"20250923121609-fqwqklh","updated":"20250912145511"},"Children":[{"Type":"NodeText","Data":"​"},{"Type":"NodeImage","Data":"span","Children":[{"Type":"NodeBang"},{"Type":"NodeOpenBracket"},{"Type":"NodeLinkText"},{"Type":"NodeCloseBracket"},{"Type":"NodeOpenParen"},{"Type":"NodeLinkDest","Data":"https://cubox.pro/c/filters:no_upscale()?imageUrl=https%3A%2F%2Fupload-images.jianshu.io%2Fupload_images%2F26353574-b40175811835b6ce.png\u0026valid=false"},{"Type":"NodeCloseParen"}]},{"Type":"NodeText","Data":"​"}]},{"ID":"20250923121609-e6bc2j5","Type":"NodeParagraph","Properties":{"id":"20250923121609-e6bc2j5","updated":"20250912145511"},"Children":[{"Type":"NodeText","Data":"image-20220513221238774.png"}]},{"ID":"20250923121609-el53ejl","Type":"NodeParagraph","Properties":{"id":"20250923121609-el53ejl","updated":"20250912145511"},"Children":[{"Type":"NodeText","Data":"注意看每步的提示，根据需要选择。"}]},{"ID":"20250923121609-59yyjo5","Type":"NodeHeading","HeadingLevel":2,"Properties":{"id":"20250923121609-59yyjo5","updated":"20250912145511"},"Children":[{"Type":"NodeText","Data":"五、解锁驱动器"}]},{"ID":"20250923121609-pbed42j","Type":"NodeParagraph","Properties":{"id":"20250923121609-pbed42j","updated":"20250912145511"},"Children":[{"Type":"NodeText","Data":"双击加密驱动器，选择使用智能卡解锁驱动器。"}]},{"ID":"20250923121609-vuqu1cq","Type":"NodeParagraph","Properties":{"id":"20250923121609-vuqu1cq","updated":"20250912145511"},"Children":[{"Type":"NodeText","Data":"​"},{"Type":"NodeImage","Data":"span","Children":[{"Type":"NodeBang"},{"Type":"NodeOpenBracket"},{"Type":"NodeLinkText"},{"Type":"NodeCloseBracket"},{"Type":"NodeOpenParen"},{"Type":"NodeLinkDest","Data":"https://cubox.pro/c/filters:no_upscale()?imageUrl=https%3A%2F%2Fupload-images.jianshu.io%2Fupload_images%2F26353574-99cc2494b02e7fc8.png\u0026valid=false"},{"Type":"NodeCloseParen"}]},{"Type":"NodeText","Data":"​"}]},{"ID":"20250923121609-qnz97ic","Type":"NodeParagraph","Properties":{"id":"20250923121609-qnz97ic","updated":"20250912145511"},"Children":[{"Type":"NodeText","Data":"image-20220513221620831.png"}]},{"ID":"20250923121609-ypukpuz","Type":"NodeParagraph","Properties":{"id":"20250923121609-ypukpuz","updated":"20250912145511"},"Children":[{"Type":"NodeText","Data":"按提示输入只能卡的PIN，即可正常解锁驱动器。"}]},{"ID":"20250923121609-rb6rsiw","Type":"NodeHeading","HeadingLevel":2,"Properties":{"id":"20250923121609-rb6rsiw","updated":"20250912145511"},"Children":[{"Type":"NodeText","Data":"六、管理BitLocker"}]},{"ID":"20250923121609-qf0juuo","Type":"NodeParagraph","Properties":{"id":"20250923121609-qf0juuo","updated":"20250912145511"},"Children":[{"Type":"NodeText","Data":"在驱动器上右键选择\"管理BitLocker\"，可以对驱动器进行管理。"}]},{"ID":"20250923121609-mufdn66","Type":"NodeParagraph","Properties":{"id":"20250923121609-mufdn66","updated":"20250912145511"},"Children":[{"Type":"NodeText","Data":"​"},{"Type":"NodeImage","Data":"span","Children":[{"Type":"NodeBang"},{"Type":"NodeOpenBracket"},{"Type":"NodeLinkText"},{"Type":"NodeCloseBracket"},{"Type":"NodeOpenParen"},{"Type":"NodeLinkDest","Data":"https://cubox.pro/c/filters:no_upscale()?imageUrl=https%3A%2F%2Fupload-images.jianshu.io%2Fupload_images%2F26353574-1ee7f7bac4b8d648.png\u0026valid=false"},{"Type":"NodeCloseParen"}]},{"Type":"NodeText","Data":"​"}]},{"ID":"20250923121609-9b2hch7","Type":"NodeParagraph","Properties":{"id":"20250923121609-9b2hch7","updated":"20250912145511"},"Children":[{"Type":"NodeText","Data":"image-20220513221837186.png"}]},{"ID":"20250923121609-9cyyyyg","Type":"NodeHeading","HeadingLevel":2,"Properties":{"id":"20250923121609-9cyyyyg","updated":"20250912145511"},"Children":[{"Type":"NodeText","Data":"七、未成功开启的补充操作"}]},{"ID":"20250923121609-0ocmiq6","Type":"NodeHeading","HeadingLevel":3,"Properties":{"id":"20250923121609-0ocmiq6","updated":"20250912145511"},"Children":[{"Type":"NodeText","Data":"1、在注册表中添加OID。"}]},{"ID":"20250923121609-qrb7vo5","Type":"NodeParagraph","Properties":{"id":"20250923121609-qrb7vo5","updated":"20250912145511"},"Children":[{"Type":"NodeText","Data":"把以下内容保存oid.reg 并双击导入系统。注意修改\"CertificateOID\"为证书中有的oid."}]},{"ID":"20250923121609-n0d3qm0","Type":"NodeParagraph","Properties":{"id":"20250923121609-n0d3qm0","updated":"20250912145511"},"Children":[{"Type":"NodeText","Data":"    Windows Registry Editor Version 5.00"}]},{"ID":"20250923121609-c5usoz5","Type":"NodeParagraph","Properties":{"id":"20250923121609-c5usoz5","updated":"20250912145511"},"Children":[{"Type":"NodeText","Data":"    [HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE]\n    \"SelfSignedCertificates\"=dword:00000001\n    \"CertificateOID\"=\"1.3.6.1.4.1.311.10.3.4\""}]},{"ID":"20250923121609-mkdurqj","Type":"NodeHeading","HeadingLevel":3,"Properties":{"id":"20250923121609-mkdurqj","updated":"20250912145511"},"Children":[{"Type":"NodeText","Data":"2、组策略中添加例外"}]},{"ID":"20250923121609-529uz26","Type":"NodeParagraph","Properties":{"id":"20250923121609-529uz26","updated":"20250912145511"},"Children":[{"Type":"NodeText","Data":"运行\"gpedit.msc\"依次打开：计算机配置"},{"Type":"NodeBackslash","Data":"span","Children":[{"Type":"NodeText","Data":"\\"}]},{"Type":"NodeText","Data":"管理模版"},{"Type":"NodeBackslash","Data":"span","Children":[{"Type":"NodeText","Data":"\\"}]},{"Type":"NodeText","Data":"Windows组件"},{"Type":"NodeBackslash","Data":"span","Children":[{"Type":"NodeText","Data":"\\"}]},{"Type":"NodeText","Data":"BitLocker 驱动器加密"}]},{"ID":"20250923121609-hw727n6","Type":"NodeParagraph","Properties":{"id":"20250923121609-hw727n6","updated":"20250912145511"},"Children":[{"Type":"NodeText","Data":"双击\"验证智能卡证书使用合规性\"，点击启用(E),并在对象标识符下面添加\"1.3.6.1.4.1.311.10.3.4\""}]},{"ID":"20250923121609-dnlol28","Type":"NodeParagraph","Properties":{"id":"20250923121609-dnlol28","updated":"20250912145511"},"Children":[{"Type":"NodeText","Data":"​"},{"Type":"NodeImage","Data":"span","Children":[{"Type":"NodeBang"},{"Type":"NodeOpenBracket"},{"Type":"NodeLinkText"},{"Type":"NodeCloseBracket"},{"Type":"NodeOpenParen"},{"Type":"NodeLinkDest","Data":"https://cubox.pro/c/filters:no_upscale()?imageUrl=https%3A%2F%2Fupload-images.jianshu.io%2Fupload_images%2F26353574-1d40e9e0baab30ae.png\u0026valid=false"},{"Type":"NodeCloseParen"}]},{"Type":"NodeText","Data":"​"}]},{"ID":"20250923121609-cn22d62","Type":"NodeParagraph","Properties":{"id":"20250923121609-cn22d62","updated":"20250912145511"},"Children":[{"Type":"NodeText","Data":"image-20220513224344102.png"}]},{"ID":"20250923121609-8scfx2f","Type":"NodeParagraph","Properties":{"id":"20250923121609-8scfx2f","updated":"20250912145511"},"Children":[{"Type":"NodeText","Data":"根据这里的提示如果证书中有\"1.3.6.1.4.1.311.67.1.1 \"OID，上面两步可能不需要。"}]},{"ID":"20250923121609-w1oe1sz","Type":"NodeHeading","HeadingLevel":2,"Properties":{"id":"20250923121609-w1oe1sz","updated":"20250912145511"},"Children":[{"Type":"NodeText","Data":"八、一些疑问"}]},{"ID":"20250923121609-lfgylg5","Type":"NodeParagraph","Properties":{"id":"20250923121609-lfgylg5","updated":"20250912145511"},"Children":[{"Type":"NodeText","Data":"多长尝试，描述不一定准确。"}]},{"ID":"20250923121609-p29f6mb","Type":"NodeParagraph","Properties":{"id":"20250923121609-p29f6mb","updated":"20250912145511"},"Children":[{"Type":"NodeText","Data":"1、目前只成功用RSA 2048成功加密和解锁驱动器。RSA 4096 在YubiKey Manager导入证书不成功，尚未尝试用其它工具导入。RSA 3072未尝试。"}]},{"ID":"20250923121609-594glky","Type":"NodeParagraph","Properties":{"id":"20250923121609-594glky","updated":"20250912145511"},"Children":[{"Type":"NodeText","Data":"2、在注册表中开启ECC后，ECDSA_secP256r1和ECDSA_nistP256两种加密方式，能开启BitLocker，但解锁时会提示找不到智能卡中的证书。"}]},{"ID":"20250923121609-k7eawgo","Type":"NodeParagraph","Properties":{"id":"20250923121609-k7eawgo","updated":"20250912145511"},"Children":[{"Type":"NodeText","Data":"​"},{"Type":"NodeImage","Data":"span","Children":[{"Type":"NodeBang"},{"Type":"NodeOpenBracket"},{"Type":"NodeLinkText"},{"Type":"NodeCloseBracket"},{"Type":"NodeOpenParen"},{"Type":"NodeLinkDest","Data":"https://cubox.pro/c/filters:no_upscale()?imageUrl=https%3A%2F%2Fupload-images.jianshu.io%2Fupload_images%2F26353574-5c9be536c15262dd.png\u0026valid=false"},{"Type":"NodeCloseParen"}]},{"Type":"NodeText","Data":"​"}]},{"ID":"20250923121609-8rmpuas","Type":"NodeParagraph","Properties":{"id":"20250923121609-8rmpuas","updated":"20250912145511"},"Children":[{"Type":"NodeText","Data":"image-20220513223354498.png"}]},{"ID":"20250923121609-dcs1r8r","Type":"NodeParagraph","Properties":{"id":"20250923121609-dcs1r8r","updated":"20250912145511"},"Children":[{"Type":"NodeText","Data":"3、有尝试把证书导入9b插槽，不能解锁驱动。"}]},{"ID":"20250923121609-ff63w3r","Type":"NodeHeading","HeadingLevel":2,"Properties":{"id":"20250923121609-ff63w3r","updated":"20250912145511"},"Children":[{"Type":"NodeText","Data":"九、参考"}]},{"ID":"20250923121609-0bqd210","Type":"NodeParagraph","Properties":{"id":"20250923121609-0bqd210","updated":"20250912145511"},"Children":[{"Type":"NodeText","Data":"证书管理系统开发 "},{"Type":"NodeTextMark","TextMarkType":"a","TextMarkAHref":"https://www.jianshu.com/p/0e6cac6d934d","TextMarkTextContent":"https://www.jianshu.com/p/0e6cac6d934d"}]},{"ID":"20250923121609-0e4xsja","Type":"NodeParagraph","Properties":{"id":"20250923121609-0e4xsja","updated":"20250912145511"},"Children":[{"Type":"NodeText","Data":"New-SelfSignedCertificate "},{"Type":"NodeTextMark","TextMarkType":"a","TextMarkAHref":"https://links.jianshu.com/go?to=https%3A%2F%2Fdocs.microsoft.com%2Fzh-cn%2Fprevious-versions%2Fwindows%2Fpowershell-scripting%2Fhh848633%28v%3Dwps.640%29","TextMarkTextContent":"https://docs.microsoft.com/zh-cn/previous-versions/windows/powershell-scripting/hh848633(v=wps.640)"}]},{"ID":"20250923121609-m0orova","Type":"NodeParagraph","Properties":{"id":"20250923121609-m0orova","updated":"20250912145511"},"Children":[{"Type":"NodeText","Data":"以上有lasttears原创，转载请保留。"}]},{"ID":"20250923121609-s0nnka3","Type":"NodeParagraph","Properties":{"id":"20250923121609-s0nnka3","updated":"20250912145511"},"Children":[{"Type":"NodeTextMark","TextMarkType":"a","TextMarkAHref":"https://cubox.pro/my/card?id=7343375768539366021","TextMarkTextContent":"Read in Cubox"}]}]}