![](/img/trans.png)
[英]BouncyCastle PrivateKey To X509Certificate2 PrivateKey
[英]BouncyCastle PrivateKey To X509Certificate2 PrivateKey (ECC)
使用 .NET Core 3.1 和 BouncyCastle
我有一個來自 Pkcs12 的私有 ECC 密鑰。 請問如何將其存儲在 X509Certificate2 私鑰中? 我這樣嘗試的原因是,當我將 Pkcs12 加載為 X509Certificate2 時, X509Certificate2.PrivateKey
方法會引發“未實現/算法不支持異常”。
這是我到目前為止所擁有的:
using var stream = new MemoryStream(myPkcs12);
Pkcs12Store pstore = new Pkcs12Store(stream, password.ToCharArray());
var name = "";
foreach (string alias in store.Aliases)
{
if (pstore.IsKeyEntry(alias))
{
name = alias;
}
}
var key = pstore.GetKey(name);
var cert = new X509Certificate2(myPkcs12, "mypassword", X509KeyStorageFlags.EphemeralKeySet | X509KeyStorageFlags.Exportable);
cert.PrivateKey = // key? I imagine it is incorrect to use DotNetUtilities.ToRSA()?
謝謝!
更新:
這個帖子的原因是由於這個問題:
private const string EccTestCert = "MIINbQIBAzCCDSkGCSqGSIb3DQEHAaCCDRoEgg0WMIIN.... 9wQUpQgYbgB7yknIW7Oaz3hogAVihJoCAgfQ";
var cert = new X509Certificate2(Convert.FromBase64String(EccTestCert), "1");
// If you inspect it, the PrivateKey throws an exception. Whilst with an RSA cert, it will not.
源代碼顯示,根據您運行的平台,拋出異常。
switch (GetKeyAlgorithm())
{
case Oids.Rsa:
_lazyPrivateKey = Pal.GetRSAPrivateKey();
break;
case Oids.Dsa:
_lazyPrivateKey = Pal.GetDSAPrivateKey();
break;
default:
// This includes ECDSA, because an Oids.EcPublicKey key can be
// many different algorithm kinds, not necessarily with mutual exclusion.
//
// Plus, .NET Framework only supports RSA and DSA in this property.
throw new NotSupportedException(SR.NotSupported_KeyAlgorithm);
}
私鑰是AsymmetricAlgorithm
類型,無論如何都需要轉換為 RSA 或 ECDsa。 我記得@bartonjs 說應該使用GetXXXPrivateKey()
方法。 所以你可以自己做:
string EccTestCert = "{base64-pkcs-12-here}";
var cert = new X509Certificate2(Convert.FromBase64String(EccTestCert), "1");
if (cert.HasPrivateKey) {
var key =
(AsymmetricAlgorithm) cert.GetRSAPrivateKey()
?? cert.GetECDsaPrivateKey()
?? throw new NotSupportedException("Who still uses DSA?");
if (key is ECDsa ecdsa) {
var ecdsaSignature = ecdsa.SignData(new byte[]{ 0x00}, HashAlgorithmName.SHA256);
} else if (key is RSA rsa) {
var rsaSignature = rsa.SignData(new byte[]{ 0x00}, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
} else {
throw new NotSupportedException("Who still uses DSA?");
}
}
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.