logo标签列表

从BouncyCastle X509证书中获取私钥?C#

c#x509certificatebouncycastleprivate-key
16

通常情况下,当我从密钥库中获取一个X509Certificate2时,我可以调用.PrivateKey来检索证书的私钥作为AsymmetricAlgorithm。然而,我决定使用Bouncy Castle及其实例的X509Certificate,它仅具有getPublicKey();方法,我无法找到从证书中获取私钥的方法。有什么想法吗?

我从我的Windows-MY密钥库中获取一个X509Certificate2,然后使用:

//mycert is an X509Certificate2 retrieved from Windows-MY Keystore
X509CertificateParser certParser = new X509CertificateParser();
X509Certificate privateCertBouncy = certParser.ReadCertificate(mycert.GetRawCertData());
AsymmetricKeyParameter pubKey = privateCertBouncy.GetPublicKey();
//how do i now get the private key to make a keypair?

有没有办法将 AsymmetricAlgorithm(C# 私钥)转换为 AsymmetricKeyParameter(bouncycastle 私钥)?

3个回答
34
Akp = Org.BouncyCastle.Security.DotNetUtilities.GetKeyPair(this.Certificate.PrivateKey).Private;
7
这应该是答案吗? - Sushant
2
我只是得到了Internal.Cryptography.CryptoThrowHelper.WindowsCryptographicException: 'The requested operation is not supported.' - gakera
23

我对BouncyCastle不是很了解,但在我看来,简单的做法是根据密钥参数重新创建密钥。

public static AsymmetricKeyParameter TransformRSAPrivateKey(
    AsymmetricAlgorithm privateKey)
{
    RSACryptoServiceProvider prov = privateKey as RSACryptoServiceProvider;
    RSAParameters parameters = prov.ExportParameters(true);
    
    return new RsaPrivateCrtKeyParameters(
        new BigInteger(1,parameters.Modulus),
        new BigInteger(1,parameters.Exponent),
        new BigInteger(1,parameters.D),
        new BigInteger(1,parameters.P),
        new BigInteger(1,parameters.Q),
        new BigInteger(1,parameters.DP),
        new BigInteger(1,parameters.DQ),
        new BigInteger(1,parameters.InverseQ));
}
你可以使用以下方式调用代码
AsymmetricKeyParameter bouncyCastlePrivateKey = 
    TransformRSAPrivateKey(mycert.PrivateKey);

显然,这假设证书包含RSA密钥,但是对于DSA,可以通过DSACryptoServiceProviderDSAParameters实现相同的结果。

3

查找.NET X509Certificate2:

X509Certificate2 cert = this.FindCertificate(certificateFriendlyName);

将其解析为BouncyCastle证书并使用X509Certificate2Signature获取签名:
var parser = new X509CertificateParser();
var bouncyCertificate = parser.ReadCertificate(cert.RawData);
var algorithm = DigestAlgorithms.GetDigest(bouncyCertificate.SigAlgOid);
var signature = new X509Certificate2Signature(cert, algorithm);
1
这对于 EC 椭圆曲线私钥无效。 - Freeedy
网页内容由stack overflow 提供, 点击上面的
可以查看英文原文,
原文链接