1. 首页
  2. 问答
  3. BouncyCastle的专用密钥要X509Certificate2专用密钥

BouncyCastle的专用密钥要X509Certificate2专用密钥

2011-05-25 98 views
13

我创建使用BouncyCastle的BouncyCastle的专用密钥要X509Certificate2专用密钥

 var keypairgen = new RsaKeyPairGenerator(); 
     keypairgen.Init(new KeyGenerationParameters(new SecureRandom(new CryptoApiRandomGenerator()), 1024)); 

     var keypair = keypairgen.GenerateKeyPair(); 

     var gen = new X509V3CertificateGenerator(); 

     var CN = new X509Name("CN=" + certName); 
     var SN = BigInteger.ProbablePrime(120, new Random()); 

     gen.SetSerialNumber(SN); 
     gen.SetSubjectDN(CN); 
     gen.SetIssuerDN(CN); 
     gen.SetNotAfter(DateTime.Now.AddYears(1)); 
     gen.SetNotBefore(DateTime.Now.Subtract(new TimeSpan(7,0,0,0))); 
     gen.SetSignatureAlgorithm("MD5WithRSA"); 
     gen.SetPublicKey(keypair.Public); 

     gen.AddExtension( 
      X509Extensions.AuthorityKeyIdentifier.Id, 
      false, 
      new AuthorityKeyIdentifier( 
       SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(keypair.Public), 
       new GeneralNames(new GeneralName(CN)), 
       SN 
      )); 

     gen.AddExtension( 
      X509Extensions.ExtendedKeyUsage.Id, 
      false, 
      new ExtendedKeyUsage(new ArrayList() 
      { 
       new DerObjectIdentifier("1.3.6.1.5.5.7.3.1") 
      })); 

     var newCert = gen.Generate(keypair.Private);

这一端的证书与

X509Certificate2 certificate = new X509Certificate2(DotNetUtilities.ToX509Certificate((Org.BouncyCastle.X509.X509Certificate)newCert));

现在,因为我的任务告诉我,来存储证书和专用密钥在X509Certificate2对象我需要一种方法将keypair.Private转换为X509Certificate2.Private。有任何想法吗?

谢谢。

来源

2011-05-25 barjed

+1

什么类型是keypair.private?你看过AsymmetricAlgorithm.Create()吗? – 2011-05-25 20:34:54

+0

编辑:嗯,.Create()可以工作,但在keypair.private上使用时会返回null。它的类型为AsymmetricKeyParameter – barjed 2011-05-25 20:38:51

+0

嘿。感谢您提供有关如何创建X509Certificate2的可用代码!这非常有帮助! – 2012-02-12 15:33:23

回答

4

如果你从this question的链接,你应该能够使用类似DotNetUtilities.ToRSA(...)的东西,并把它的返回值到X509Certificate2PrivateKey

来源

2011-05-29 11:20:11 Bruno

6

只是要成为冗长,这是完整的代码创建X509Certificate2证书后添加:

RSA rsaPriv = DotNetUtilities.ToRSA(keypair.Private as RsaPrivateCrtKeyParameters); 
certificate.PrivateKey = rsaPriv;

(这当然可以被优化成一条线)

来源

2013-07-01 16:26:50 Ben

3

对于任何试图出口将X509Certificate2转换为PKCS12并保留私钥。这是我必须做的:

 // Convert BouncyCastle X509 Certificate to .NET's X509Certificate 
     var cert = DotNetUtilities.ToX509Certificate(certificate); 
     var certBytes = cert.Export(X509ContentType.Pkcs12, "password"); 

     // Convert X509Certificate to X509Certificate2 
     var cert2 = new X509Certificate2(certBytes, "password"); 

     // Convert BouncyCastle Private Key to RSA 
     var rsaPriv = DotNetUtilities.ToRSA(issuerKeyPair.Private as RsaPrivateCrtKeyParameters); 

     // Setup RSACryptoServiceProvider with "KeyContainerName" set 
     var csp = new CspParameters(); 
     csp.KeyContainerName = "KeyContainer"; 

     var rsaPrivate = new RSACryptoServiceProvider(csp); 

     // Import private key from BouncyCastle's rsa 
     rsaPrivate.ImportParameters(rsaPriv.ExportParameters(true)); 

     // Set private key on our X509Certificate2 
     cert2.PrivateKey = rsaPrivate; 

     // Export Certificate with private key 
     File.WriteAllBytes(@"C:\Temp\cert.pfx", cert2.Export(X509ContentType.Pkcs12, "password"));

来源

2015-06-26 13:09:22 KTrace

+0

这是我发现真正获得附加到我的机器存储中的证书的私钥并实际能够稍后检索它的唯一方法。 – 2015-08-20 20:48:54

+0

向你致敬!谢谢 ! – SeyoS 2016-08-25 08:04:59

0

我想和大家分享我的方法:

PFX到System.Security.Cryptography.X509Certificates.X509Certificate2使用充气城堡。

 public static X509Certificate2 OpenCertificate(string pfxPath, string contrasenia) 
    { 
     System.Security.Cryptography.X509Certificates.X509Certificate2 x509 = default(System.Security.Cryptography.X509Certificates.X509Certificate2); 

     MemoryStream ms = new MemoryStream(File.ReadAllBytes(pfxPath)); 

     Org.BouncyCastle.Pkcs.Pkcs12Store st = new Org.BouncyCastle.Pkcs.Pkcs12Store(ms, contrasenia.ToCharArray()); 

     var alias = st.Aliases.Cast<string>().FirstOrDefault(p => st.IsCertificateEntry(p)); 
     Org.BouncyCastle.Pkcs.X509CertificateEntry keyEntryX = st.GetCertificate(alias); 

     x509 = new System.Security.Cryptography.X509Certificates.X509Certificate2(DotNetUtilities.ToX509Certificate(keyEntryX.Certificate)); 

     alias = st.Aliases.Cast<string>().FirstOrDefault(p => st.IsKeyEntry(p)); 
     Org.BouncyCastle.Pkcs.AsymmetricKeyEntry keyEntry = st.GetKey(alias); 
     System.Security.Cryptography.RSACryptoServiceProvider intermediateProvider = (System.Security.Cryptography.RSACryptoServiceProvider)Org.BouncyCastle.Security.DotNetUtilities.ToRSA((Org.BouncyCastle.Crypto.Parameters.RsaPrivateCrtKeyParameters)keyEntry.Key); 

     x509.PrivateKey = intermediateProvider; 

     return x509; 
    }

来源

2017-05-15 17:21:25 Xtremexploit

相关问题

 相关问题