Create certificate from public key
Question
There is a method: GetPublicKeyString from X509Certificate, if we pass the output which is hex base 64, can we create a public key certificate?
1 answers
solution1
0 2022-07-28 15:34:27
The X509Certificate instance is already a "public key certificate", in that it's an X.509 certificate that isn't an "attribute certificate" (a much, much less commonly used type of certificate from the X.509 specification)
Certificates in .NET can have an associated private key, but they're really not part of the certificate. So, if you meant that you want to create a certificate instance that is guaranteed to not know about a private key, then you want to do
X509Certificate2 publicOnly = new X509Certificate2(cert.RawData);
(Or, if you're really using X509Certificate and can't access RawData, you can also get it from cert.Export(X509ContentType.Cert) .
The output of cert.GetPublicKeyString() is of a format that depends on cert.GetKeyAlgorithm() . For RSA keys (1.2.840.113549.1.1.1) GetPublicKeyString produces an RSAPublicKey value, which is sufficient to hydrate a key object (eg the ImportRSAPublicKey method on the RSA class). For DSA keys, it's not, and you also need to interpret cert.GetKeyAlgorithmParameters() . Though, for any built-in algorithm there's no need to use these values at all. cert.GetRSAPublicKey() and friends will do that work for you.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.