如何在保留私钥的同时将 BouncyCastle X509Certificate 转换为 .NET Standard X509Certificate2?
[英]How to convert BouncyCastle X509Certificate to .NET Standard X509Certificate2 while retaining the private key?
问题描述
I need to convert a generated BouncyCastle X509Certificate to X509Certificate2 with the private key getting loaded in the resulting .NET Standard X509Certificate2 object.
我需要将生成的 BouncyCastle X509Certificate转换为X509Certificate2 ,并将私钥加载到生成的.NET Standard X509Certificate2对象中。 Is that possible?这可能吗?
There is an answer for a similar question https://stackoverflow.com/a/8150799/5048935 , but after generating a BouncyCastle certificate and converting it to .NET X509Certificate2 the resulting object has its HasPrivateKey property set to "false".有一个类似问题的答案https://stackoverflow.com/a/8150799/5048935 ,但在生成 BouncyCastle 证书并将其转换为 .NET X509Certificate2 ,结果对象的HasPrivateKey属性设置为“false”。
Context上下文
I need to load a certificate and a private key (separate Base64 strings without headers and footers) to a X509Certificate2 object to pass it on to the app from a .NET Standard 1.6 library.我需要将证书和私钥(没有页眉和页脚的单独 Base64 字符串)加载到X509Certificate2对象,以将其从 .NET Standard 1.6 库传递给应用程序。 The problem is, there is no PrivateKey property in the X509Certificate2 class in .NET Standard !问题是, .NET Standard 中的X509Certificate2类中没有PrivateKey属性! So the only way for me to actually load the private key in a X509Certificate2 object is to combine it with the certificate itself in a .pfx file and load it like that in a constructor.因此,我在X509Certificate2对象中实际加载私钥的唯一方法是将它与证书本身结合在一个 .pfx 文件中,并像在构造函数中那样加载它。
I've got suggestions to use BouncyCastle for that ( https://stackoverflow.com/a/44465965/5048935 ), so I first generate a BouncyCastle X509Certificate from the Base64 strings and then try to convert it to X509Certificate2 while retaining the private key.我有使用 BouncyCastle 的建议( https://stackoverflow.com/a/44465965/5048935 ),所以我首先从 Base64 字符串生成一个 BouncyCastle X509Certificate ,然后尝试将其转换为X509Certificate2同时保留私钥.
1 个解决方案
解决方案1
7 已采纳
The best way I've found is to go through an in-memory PFX stream.我发现的最好方法是通过内存中的 PFX 流。 Assuming you've already loaded your Bouncy Castle cert in bcCert .假设您已经在bcCert加载了 Bouncy Castle 证书。 Note: If you are going to be saving the .NET X509Certificate2 anywhere, the "alias" is what it's going to be called in the UI later, otherwise it's irrelevant (other than it needs to be the same for both calls).注意:如果您要将 .NET X509Certificate2保存在任何地方,则“别名”是稍后将在 UI 中调用的内容,否则它无关紧要(除了两个调用都需要相同之外)。
using Org.BouncyCastle.Pkcs;
using Org.BouncyCastle.Security;
using System.IO;
using System.Security.Cryptography.X509Certificates
var pkcs12Store = new Pkcs12Store();
var certEntry = new X509CertificateEntry(bcCert);
pkcs12Store.SetCertificateEntry(alias, certEntry);
pkcs12Store.SetKeyEntry(alias, new AsymmetricKeyEntry(certKey.Private), new[] { certEntry });
X509Certificate2 keyedCert;
using (MemoryStream pfxStream = new MemoryStream())
{
pkcs12Store.Save(pfxStream, null, new SecureRandom());
pfxStream.Seek(0, SeekOrigin.Begin);
keyedCert = new X509Certificate2(pfxStream.ToArray());
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.