如何解决BouncyCastle专用密钥到X509Certificate2专用密钥
| 我使用BouncyCastle创建证书 var keypairgen = new RsaKeyPairGenerator();
keypairgen.Init(new KeyGenerationParameters(new SecureRandom(new CryptoApiRandomGenerator()),1024));
var keypair = keypairgen.GenerateKeyPair();
var gen = new X509V3CertificateGenerator();
var CN = new X509Name(\"CN=\" + certName);
var SN = BigInteger.ProbablePrime(120,new Random());
gen.SetSerialNumber(SN);
gen.SetSubjectDN(CN);
gen.SetIssuerDN(CN);
gen.SetNotAfter(DateTime.Now.AddYears(1));
gen.SetNotBefore(DateTime.Now.Subtract(new TimeSpan(7,0)));
gen.SetSignatureAlgorithm(\"MD5WithRSA\");
gen.SetPublicKey(keypair.Public);
gen.AddExtension(
X509Extensions.AuthorityKeyIdentifier.Id,false,new AuthorityKeyIdentifier(
SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(keypair.Public),new GeneralNames(new GeneralName(CN)),SN
));
gen.AddExtension(
X509Extensions.ExtendedKeyUsage.Id,new ExtendedKeyUsage(new ArrayList()
{
new DerObjectIdentifier(\"1.3.6.1.5.5.7.3.1\")
}));
var newCert = gen.Generate(keypair.Private);
结束于
X509Certificate2 certificate = new X509Certificate2(DotNetUtilities.ToX509Certificate((Org.BouncyCastle.X509.X509Certificate)newCert));
现在,因为我的任务告诉我将证书和私钥都存储在X509Certificate2对象中,所以我需要一种将密钥对.Private转换为X509Certificate2.Private的方法。有任何想法吗?
谢谢。
解决方法
如果您查看此问题的链接,则应该可以使用类似于
DotNetUtilities.ToRSA(...)
的值并将其返回值放入X509Certificate2
\的PrivateKey
中。
,只是冗长,这是创建X509Certificate2证书后要添加的完整代码:
RSA rsaPriv = DotNetUtilities.ToRSA(keypair.Private as RsaPrivateCrtKeyParameters);
certificate.PrivateKey = rsaPriv;
(当然可以将其优化为一行。)
,对于尝试将X509Certificate2导出到PKCS12并保留私钥的任何人。这是我要做的:
// Convert BouncyCastle X509 Certificate to .NET\'s X509Certificate
var cert = DotNetUtilities.ToX509Certificate(certificate);
var certBytes = cert.Export(X509ContentType.Pkcs12,\"password\");
// Convert X509Certificate to X509Certificate2
var cert2 = new X509Certificate2(certBytes,\"password\");
// Convert BouncyCastle Private Key to RSA
var rsaPriv = DotNetUtilities.ToRSA(issuerKeyPair.Private as RsaPrivateCrtKeyParameters);
// Setup RSACryptoServiceProvider with \"KeyContainerName\" set
var csp = new CspParameters();
csp.KeyContainerName = \"KeyContainer\";
var rsaPrivate = new RSACryptoServiceProvider(csp);
// Import private key from BouncyCastle\'s rsa
rsaPrivate.ImportParameters(rsaPriv.ExportParameters(true));
// Set private key on our X509Certificate2
cert2.PrivateKey = rsaPrivate;
// Export Certificate with private key
File.WriteAllBytes(@\"C:\\Temp\\cert.pfx\",cert2.Export(X509ContentType.Pkcs12,\"password\"));
,我想分享一下我的方法:
pfx使用充气城堡到System.Security.Cryptography.X509Certificates.X509Certificate2。
public static X509Certificate2 OpenCertificate(string pfxPath,string contrasenia)
{
System.Security.Cryptography.X509Certificates.X509Certificate2 x509 = default(System.Security.Cryptography.X509Certificates.X509Certificate2);
MemoryStream ms = new MemoryStream(File.ReadAllBytes(pfxPath));
Org.BouncyCastle.Pkcs.Pkcs12Store st = new Org.BouncyCastle.Pkcs.Pkcs12Store(ms,contrasenia.ToCharArray());
var alias = st.Aliases.Cast<string>().FirstOrDefault(p => st.IsCertificateEntry(p));
Org.BouncyCastle.Pkcs.X509CertificateEntry keyEntryX = st.GetCertificate(alias);
x509 = new System.Security.Cryptography.X509Certificates.X509Certificate2(DotNetUtilities.ToX509Certificate(keyEntryX.Certificate));
alias = st.Aliases.Cast<string>().FirstOrDefault(p => st.IsKeyEntry(p));
Org.BouncyCastle.Pkcs.AsymmetricKeyEntry keyEntry = st.GetKey(alias);
System.Security.Cryptography.RSACryptoServiceProvider intermediateProvider = (System.Security.Cryptography.RSACryptoServiceProvider)Org.BouncyCastle.Security.DotNetUtilities.ToRSA((Org.BouncyCastle.Crypto.Parameters.RsaPrivateCrtKeyParameters)keyEntry.Key);
x509.PrivateKey = intermediateProvider;
return x509;
}
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。