[英]How to convert BouncyCastle X509Certificate to .NET Standard X509Certificate2 while retaining the private key?
I need to convert a generated BouncyCastle X509Certificate
to X509Certificate2
with the private key getting loaded in the resulting .NET Standard X509Certificate2
object.我需要将生成的 BouncyCastle
X509Certificate
转换为X509Certificate2
,并将私钥加载到生成的.NET Standard X509Certificate2
对象中。 Is that possible?这可能吗?
There is an answer for a similar question https://stackoverflow.com/a/8150799/5048935 , but after generating a BouncyCastle certificate and converting it to .NET X509Certificate2
the resulting object has its HasPrivateKey
property set to "false".有一个类似问题的答案https://stackoverflow.com/a/8150799/5048935 ,但在生成 BouncyCastle 证书并将其转换为 .NET
X509Certificate2
,结果对象的HasPrivateKey
属性设置为“false”。
I need to load a certificate and a private key (separate Base64 strings without headers and footers) to a X509Certificate2
object to pass it on to the app from a .NET Standard 1.6 library.我需要将证书和私钥(没有页眉和页脚的单独 Base64 字符串)加载到
X509Certificate2
对象,以将其从 .NET Standard 1.6 库传递给应用程序。 The problem is, there is no PrivateKey
property in the X509Certificate2
class in .NET Standard !问题是, .NET Standard 中的
X509Certificate2
类中没有PrivateKey
属性! So the only way for me to actually load the private key in a X509Certificate2
object is to combine it with the certificate itself in a .pfx file and load it like that in a constructor.因此,我在
X509Certificate2
对象中实际加载私钥的唯一方法是将它与证书本身结合在一个 .pfx 文件中,并像在构造函数中那样加载它。
I've got suggestions to use BouncyCastle for that ( https://stackoverflow.com/a/44465965/5048935 ), so I first generate a BouncyCastle X509Certificate
from the Base64 strings and then try to convert it to X509Certificate2
while retaining the private key.我有使用 BouncyCastle 的建议( https://stackoverflow.com/a/44465965/5048935 ),所以我首先从 Base64 字符串生成一个 BouncyCastle
X509Certificate
,然后尝试将其转换为X509Certificate2
同时保留私钥.
The best way I've found is to go through an in-memory PFX stream.我发现的最好方法是通过内存中的 PFX 流。 Assuming you've already loaded your Bouncy Castle cert in
bcCert
.假设您已经在
bcCert
加载了 Bouncy Castle 证书。 Note: If you are going to be saving the .NET X509Certificate2
anywhere, the "alias" is what it's going to be called in the UI later, otherwise it's irrelevant (other than it needs to be the same for both calls).注意:如果您要将 .NET
X509Certificate2
保存在任何地方,则“别名”是稍后将在 UI 中调用的内容,否则它无关紧要(除了两个调用都需要相同之外)。
using Org.BouncyCastle.Pkcs;
using Org.BouncyCastle.Security;
using System.IO;
using System.Security.Cryptography.X509Certificates
var pkcs12Store = new Pkcs12Store();
var certEntry = new X509CertificateEntry(bcCert);
pkcs12Store.SetCertificateEntry(alias, certEntry);
pkcs12Store.SetKeyEntry(alias, new AsymmetricKeyEntry(certKey.Private), new[] { certEntry });
X509Certificate2 keyedCert;
using (MemoryStream pfxStream = new MemoryStream())
{
pkcs12Store.Save(pfxStream, null, new SecureRandom());
pfxStream.Seek(0, SeekOrigin.Begin);
keyedCert = new X509Certificate2(pfxStream.ToArray());
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.