1. 首頁
  2. 問答
  3. BouncyCastle的專用密鑰要X509Certificate2專用密鑰

BouncyCastle的專用密鑰要X509Certificate2專用密鑰

2011-05-25 97 views
13

我創建使用BouncyCastle的BouncyCastle的專用密鑰要X509Certificate2專用密鑰

 var keypairgen = new RsaKeyPairGenerator(); 
     keypairgen.Init(new KeyGenerationParameters(new SecureRandom(new CryptoApiRandomGenerator()), 1024)); 

     var keypair = keypairgen.GenerateKeyPair(); 

     var gen = new X509V3CertificateGenerator(); 

     var CN = new X509Name("CN=" + certName); 
     var SN = BigInteger.ProbablePrime(120, new Random()); 

     gen.SetSerialNumber(SN); 
     gen.SetSubjectDN(CN); 
     gen.SetIssuerDN(CN); 
     gen.SetNotAfter(DateTime.Now.AddYears(1)); 
     gen.SetNotBefore(DateTime.Now.Subtract(new TimeSpan(7,0,0,0))); 
     gen.SetSignatureAlgorithm("MD5WithRSA"); 
     gen.SetPublicKey(keypair.Public); 

     gen.AddExtension( 
      X509Extensions.AuthorityKeyIdentifier.Id, 
      false, 
      new AuthorityKeyIdentifier( 
       SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(keypair.Public), 
       new GeneralNames(new GeneralName(CN)), 
       SN 
      )); 

     gen.AddExtension( 
      X509Extensions.ExtendedKeyUsage.Id, 
      false, 
      new ExtendedKeyUsage(new ArrayList() 
      { 
       new DerObjectIdentifier("1.3.6.1.5.5.7.3.1") 
      })); 

     var newCert = gen.Generate(keypair.Private);

這一端的證書與

X509Certificate2 certificate = new X509Certificate2(DotNetUtilities.ToX509Certificate((Org.BouncyCastle.X509.X509Certificate)newCert));

現在,因爲我的任務告訴我,來存儲證書和專用密鑰在X509Certificate2對象我需要一種方法將keypair.Private轉換爲X509Certificate2.Private。有任何想法嗎?

謝謝。

來源

2011-05-25 barjed

+1

什麼類型是keypair.private?你看過AsymmetricAlgorithm.Create()嗎? – 2011-05-25 20:34:54

+0

編輯:嗯,.Create()可以工作,但在keypair.private上使用時會返回null。它的類型爲AsymmetricKeyParameter – barjed 2011-05-25 20:38:51

+0

嘿。感謝您提供有關如何創建X509Certificate2的可用代碼!這非常有幫助! – 2012-02-12 15:33:23

回答

4

如果你從this question的鏈接,你應該能夠使用類似DotNetUtilities.ToRSA(...)的東西,並把它的返回值到X509Certificate2PrivateKey

來源

2011-05-29 11:20:11 Bruno

6

只是要成爲冗長,這是完整的代碼創建X509Certificate2證書後添加:

RSA rsaPriv = DotNetUtilities.ToRSA(keypair.Private as RsaPrivateCrtKeyParameters); 
certificate.PrivateKey = rsaPriv;

(這當然可以被優化成一條線)

來源

2013-07-01 16:26:50 Ben

3

對於任何試圖出口將X509Certificate2轉換爲PKCS12並保留私鑰。這是我必須做的:

 // Convert BouncyCastle X509 Certificate to .NET's X509Certificate 
     var cert = DotNetUtilities.ToX509Certificate(certificate); 
     var certBytes = cert.Export(X509ContentType.Pkcs12, "password"); 

     // Convert X509Certificate to X509Certificate2 
     var cert2 = new X509Certificate2(certBytes, "password"); 

     // Convert BouncyCastle Private Key to RSA 
     var rsaPriv = DotNetUtilities.ToRSA(issuerKeyPair.Private as RsaPrivateCrtKeyParameters); 

     // Setup RSACryptoServiceProvider with "KeyContainerName" set 
     var csp = new CspParameters(); 
     csp.KeyContainerName = "KeyContainer"; 

     var rsaPrivate = new RSACryptoServiceProvider(csp); 

     // Import private key from BouncyCastle's rsa 
     rsaPrivate.ImportParameters(rsaPriv.ExportParameters(true)); 

     // Set private key on our X509Certificate2 
     cert2.PrivateKey = rsaPrivate; 

     // Export Certificate with private key 
     File.WriteAllBytes(@"C:\Temp\cert.pfx", cert2.Export(X509ContentType.Pkcs12, "password"));

來源

2015-06-26 13:09:22 KTrace

+0

這是我發現真正獲得附加到我的機器存儲中的證書的私鑰並實際能夠稍後檢索它的唯一方法。 – 2015-08-20 20:48:54

+0

向你致敬!謝謝 ! – SeyoS 2016-08-25 08:04:59

0

我想和大家分享我的方法:

PFX到System.Security.Cryptography.X509Certificates.X509Certificate2使用充氣城堡。

 public static X509Certificate2 OpenCertificate(string pfxPath, string contrasenia) 
    { 
     System.Security.Cryptography.X509Certificates.X509Certificate2 x509 = default(System.Security.Cryptography.X509Certificates.X509Certificate2); 

     MemoryStream ms = new MemoryStream(File.ReadAllBytes(pfxPath)); 

     Org.BouncyCastle.Pkcs.Pkcs12Store st = new Org.BouncyCastle.Pkcs.Pkcs12Store(ms, contrasenia.ToCharArray()); 

     var alias = st.Aliases.Cast<string>().FirstOrDefault(p => st.IsCertificateEntry(p)); 
     Org.BouncyCastle.Pkcs.X509CertificateEntry keyEntryX = st.GetCertificate(alias); 

     x509 = new System.Security.Cryptography.X509Certificates.X509Certificate2(DotNetUtilities.ToX509Certificate(keyEntryX.Certificate)); 

     alias = st.Aliases.Cast<string>().FirstOrDefault(p => st.IsKeyEntry(p)); 
     Org.BouncyCastle.Pkcs.AsymmetricKeyEntry keyEntry = st.GetKey(alias); 
     System.Security.Cryptography.RSACryptoServiceProvider intermediateProvider = (System.Security.Cryptography.RSACryptoServiceProvider)Org.BouncyCastle.Security.DotNetUtilities.ToRSA((Org.BouncyCastle.Crypto.Parameters.RsaPrivateCrtKeyParameters)keyEntry.Key); 

     x509.PrivateKey = intermediateProvider; 

     return x509; 
    }

來源

2017-05-15 17:21:25 Xtremexploit

相關問題

 相關問題