文章/答案/技术大牛

发布

社区首页 >问答首页 >BouncyCastle PrivateKey To X509Certificate2 PrivateKey (ECC)

问BouncyCastle PrivateKey To X509Certificate2 PrivateKey (ECC)
EN

Stack Overflow用户

提问于 2020-11-26 18:59:58

回答 1查看 126关注 0票数 0

使用.NET Core3.1和BouncyCastle

我有一个来自Pkcs12的私有ECC密钥。请告诉我如何将其存储在X509Certificate2私钥中？我尝试这样做的原因是，当我将Pkcs12作为X509Certificate2加载时，X509Certificate2.PrivateKey方法会抛出一个“未实现/算法不支持的异常”。

这就是我到目前为止所知道的：

        using var stream = new MemoryStream(myPkcs12);

        Pkcs12Store pstore = new Pkcs12Store(stream, password.ToCharArray());
        
        var name = "";
        foreach (string alias in store.Aliases)
        {
            if (pstore.IsKeyEntry(alias))
            {
                name = alias;
            }
        }

        var key = pstore.GetKey(name);

            var cert = new X509Certificate2(myPkcs12, "mypassword", X509KeyStorageFlags.EphemeralKeySet | X509KeyStorageFlags.Exportable);
          
                cert.PrivateKey = // key? I imagine it is incorrect to use  DotNetUtilities.ToRSA()?

谢谢!

更新：

这篇文章的原因是这个问题：

private const string EccTestCert = "MIINbQIBAzCCDSkGCSqGSIb3DQEHAaCCDRoEgg0WMIIN.... 9wQUpQgYbgB7yknIW7Oaz3hogAVihJoCAgfQ";
var cert = new X509Certificate2(Convert.FromBase64String(EccTestCert), "1");

//  If you inspect it, the PrivateKey throws an exception.  Whilst with an RSA cert, it will not.

.net

cryptography

certificate

bouncycastle

回答 1

Stack Overflow用户

回答已采纳

发布于 2020-11-27 01:20:52

源代码显示，根据您运行的平台，异常会被抛出。

                    switch (GetKeyAlgorithm())
                    {
                        case Oids.Rsa:
                            _lazyPrivateKey = Pal.GetRSAPrivateKey();
                            break;
                        case Oids.Dsa:
                            _lazyPrivateKey = Pal.GetDSAPrivateKey();
                            break;
                        default:
                            // This includes ECDSA, because an Oids.EcPublicKey key can be
                            // many different algorithm kinds, not necessarily with mutual exclusion.
                            //
                            // Plus, .NET Framework only supports RSA and DSA in this property.
                            throw new NotSupportedException(SR.NotSupported_KeyAlgorithm);
                    }

私钥是AsymmetricAlgorithm类型的，无论如何都需要转换为RSA或ECDsa。我记得@bartonjs说过应该使用GetXXXPrivateKey()方法。所以你可以自己去做：

string EccTestCert = "{base64-pkcs-12-here}";
var cert = new X509Certificate2(Convert.FromBase64String(EccTestCert), "1");

if (cert.HasPrivateKey) {
  var key =
    (AsymmetricAlgorithm) cert.GetRSAPrivateKey()
      ?? cert.GetECDsaPrivateKey()
        ?? throw new NotSupportedException("Who still uses DSA?");

  if (key is ECDsa ecdsa) {
    var ecdsaSignature = ecdsa.SignData(new byte[]{ 0x00}, HashAlgorithmName.SHA256);
  } else if (key is RSA rsa) {
    var rsaSignature = rsa.SignData(new byte[]{ 0x00}, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
  } else {
    throw new NotSupportedException("Who still uses DSA?");
  }
}

票数 2

页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持

原文链接：

https://stackoverflow.com/questions/65020712

复制

相似问题

问BouncyCastle PrivateKey To X509Certificate2 PrivateKey (ECC)
EN

回答 1

Stack Overflow用户

社区

活动

圈层

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问BouncyCastle PrivateKey To X509Certificate2 PrivateKey (ECC)EN

回答 1

Stack Overflow用户

社区

活动

圈层

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问BouncyCastle PrivateKey To X509Certificate2 PrivateKey (ECC)
EN