设置X509Certificate2 PrivateKey错误
设置X509Certificate2 PrivateKey错误
提问于 2019-02-18 17:52:28
我正在将.NetFramework 4.6.1库迁移到.NetCore 2.2。但是,我无法设置x509certificate.PrivateKey,如下所示。
我读过这可能是由于RSAServiceProvider,但我不知道如何设置这个属性。甚至实例化:
x509certificate.PrivateKey =新的RSACryptoServiceProvider();
抛出PlatformNotSupportedException。
// selfsign certificate
Org.BouncyCastle.X509.X509Certificate certificate =
certificateGenerator.Generate(signatureFactory);
// correponding private key
PrivateKeyInfo info =
PrivateKeyInfoFactory.CreatePrivateKeyInfo(subjectKeyPair.Private);
// merge into X509Certificate2
var x509certificate = new X509Certificate2(certificate.GetEncoded());
Asn1Sequence seq = (Asn1Sequence)
Asn1Object.FromByteArray(info.ParsePrivateKey().GetDerEncoded()
);
RsaPrivateKeyStructure rsa = RsaPrivateKeyStructure.GetInstance(seq);
RsaPrivateCrtKeyParameters rsaParams = new
RsaPrivateCrtKeyParameters(
rsa.Modulus,
rsa.PublicExponent,
rsa.PrivateExponent,
rsa.Prime1,
rsa.Prime2,
rsa.Exponent1,
rsa.Exponent2,
rsa.Coefficient);
x509certificate.PrivateKey = DotNetUtilities.ToRSA(rsaParams);在.NetCore库中,使用RSAFfromDotNetUtilities.ToRSA(RsaParams)设置x509certificate.PrivateKey抛出一个PlatformNotSupportedException。
System.PlatformNotSupportedException
HResult=0x80131539
Message=Operation is not supported on this platform.
Source=System.Security.Cryptography.X509Certificates
StackTrace:
at System.Security.Cryptography.X509Certificates.X509Certificate2.set_PrivateKey(AsymmetricAlgorithm value)回答 2
Stack Overflow用户
回答已采纳
发布于 2019-02-19 15:56:36
正如LexLi所说,在现有证书上设置私钥是不可能的,因为在.net内核中设计是不可能的。
按照描述的here,您可以做的是使用RSACertificateExtensions.CopyWithPrivateKey方法。
而不是
x509certificate.PrivateKey = DotNetUtilities.ToRSA(rsaParams);你本可以
var rsa = DotNetUtilities.ToRSA(rsaParams);
var cert = x509certificate.CopyWithPrivateKey(rsa);
return cert;若要访问"CopyWithPrivateKey“扩展方法,请使用以下方法添加:
using System.Security.Cryptography.X509Certificates; /* for getting access to extension methods in RSACertificateExtensions */"(CopyWithPrivateKey)将私钥与RSA证书的公钥组合,生成新的RSA证书。“
Stack Overflow用户
发布于 2019-02-25 13:32:36
所提供的解决方案对我没有帮助,所以我将把这个解决方案留在这里,希望它能帮助下一个有这个问题的人。
使用CertBuilder().ConvertBouncyCert,可以通过嵌入公钥/私钥将BouncyCastle X509Certificate转换为X509Certificate2。
X509Certificate2 _x509certificate2 = new CertBuilder().ConvertBouncyCert(_bouncyCertificate, subjectKeyPair);以及我正在使用的完整示例(基于这里提供的答案:Bouncy Castle's X509V3CertificateGenerator.SetSignatureAlgorithm marked obsolete. What do I do?)。
public static X509Certificate2 CreateSelfSignedCertificateBasedOnCertificateAuthorityPrivateKey(string ipAddress, string issuerName, AsymmetricKeyParameter issuerPrivKey)
{
const int keyStrength = 4096;
// Generating Random Numbers
CryptoApiRandomGenerator randomGenerator = new CryptoApiRandomGenerator();
SecureRandom random = new SecureRandom(randomGenerator);
ISignatureFactory signatureFactory = new Asn1SignatureFactory("SHA512WITHRSA", issuerPrivKey, random);
// The Certificate Generator
X509V3CertificateGenerator certificateGenerator = new X509V3CertificateGenerator();
certificateGenerator.AddExtension(X509Extensions.ExtendedKeyUsage, true, new ExtendedKeyUsage((new List<DerObjectIdentifier>() { new DerObjectIdentifier("1.3.6.1.5.5.7.3.1"), new DerObjectIdentifier("1.3.6.1.5.5.7.3.2") })));
// Serial Number
BigInteger serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(Int64.MaxValue), random);
certificateGenerator.SetSerialNumber(serialNumber);
// Issuer and Subject Name
X509Name subjectDN = new X509Name("CN=" + ipAddress);
X509Name issuerDN = new X509Name(issuerName);
certificateGenerator.SetIssuerDN(issuerDN);
certificateGenerator.SetSubjectDN(subjectDN);
// Valid For
DateTime notBefore = DateTime.UtcNow.Date;
DateTime notAfter = notBefore.AddYears(2);
certificateGenerator.SetNotBefore(notBefore);
certificateGenerator.SetNotAfter(notAfter);
// Subject Public Key
AsymmetricCipherKeyPair subjectKeyPair;
var keyGenerationParameters = new KeyGenerationParameters(random, keyStrength);
var keyPairGenerator = new RsaKeyPairGenerator();
keyPairGenerator.Init(keyGenerationParameters);
subjectKeyPair = keyPairGenerator.GenerateKeyPair();
certificateGenerator.SetPublicKey(subjectKeyPair.Public);
GeneralNames subjectAltName = new GeneralNames(new GeneralName(GeneralName.IPAddress, ipAddress));
certificateGenerator.AddExtension(X509Extensions.SubjectAlternativeName, false, subjectAltName);
// self sign certificate
Org.BouncyCastle.X509.X509Certificate certificate = certificateGenerator.Generate(signatureFactory);
X509Certificate2 certificate2 = new CertBuilder().ConvertBouncyCert(certificate, subjectKeyPair);
return certificate2;
}使用过的nuget软件包:
- Portable.BouncyCastle由Oren Novotny版本1.8.5
- CryptLink.CertBuilder由Jermy版本1.1.0
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/54752834
复制相关文章
相似问题
腾讯云开发者
