Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
994 views
in Technique[技术] by (71.8m points)

c# - Error setting X509Certificate2 PrivateKey

I am migrating a .NetFramework 4.6.1 library to a .NetCore 2.2. But i am unable to set x509certificate.PrivateKey as shown below.

I have read that may be due to the RSAServiceProvider but i am unaware how to set this property. Even instantiating:
x509certificate.PrivateKey = new RSACryptoServiceProvider();
throws the PlatformNotSupportedException.

// selfsign certificate
Org.BouncyCastle.X509.X509Certificate certificate = 
certificateGenerator.Generate(signatureFactory);

// correponding private key
PrivateKeyInfo info = 
PrivateKeyInfoFactory.CreatePrivateKeyInfo(subjectKeyPair.Private);

// merge into X509Certificate2
var x509certificate = new X509Certificate2(certificate.GetEncoded());

Asn1Sequence seq = (Asn1Sequence)
Asn1Object.FromByteArray(info.ParsePrivateKey().GetDerEncoded() 
);

RsaPrivateKeyStructure rsa = RsaPrivateKeyStructure.GetInstance(seq);
RsaPrivateCrtKeyParameters rsaParams = new 
RsaPrivateCrtKeyParameters(
rsa.Modulus,
rsa.PublicExponent,
rsa.PrivateExponent,
rsa.Prime1,
rsa.Prime2,
rsa.Exponent1,
rsa.Exponent2,
rsa.Coefficient);

x509certificate.PrivateKey = DotNetUtilities.ToRSA(rsaParams);

In the .NetCore library setting x509certificate.PrivateKey with the RSA from DotNetUtilities.ToRSA(rsaParams) throws an PlatformNotSupportedException.

System.PlatformNotSupportedException
  HResult=0x80131539
  Message=Operation is not supported on this platform.
  Source=System.Security.Cryptography.X509Certificates
  StackTrace:
   at System.Security.Cryptography.X509Certificates.X509Certificate2.set_PrivateKey(AsymmetricAlgorithm value)
See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

As LexLi said, setting the private key on an existing certificate is not possible by design in .net core.

Following what is described here, what you can do is use the method RSACertificateExtensions.CopyWithPrivateKey.

Instead of

x509certificate.PrivateKey = DotNetUtilities.ToRSA(rsaParams);

you could have

var rsa = DotNetUtilities.ToRSA(rsaParams);
var cert = x509certificate.CopyWithPrivateKey(rsa);
return cert;

To get access to the "CopyWithPrivateKey" extension method, add this using :

using System.Security.Cryptography.X509Certificates; /* for getting access to extension methods in RSACertificateExtensions */

"(CopyWithPrivateKey) Combines a private key with the public key of an RSA certificate to generate a new RSA certificate."

https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography.x509certificates.rsacertificateextensions.copywithprivatekey?view=netcore-3.0


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...