Geek Answers Handbook

Get a secret key for a BouncyCastle X509 certificate? FROM#

Usually, when I retrieve X509Certificate2 from my keystore, I can call .PrivateKey to get the private key of the certificate as AsymmetricAlgorithm . However, I decided to use Bouncy Castle, and its X509Certificate instance has only getPublicKey(); . I see no way to get the private key from the certificate. Any ideas?

I get X509Certificate2 from my Windows-MY keystore, and then use:

 //mycert is an X509Certificate2 retrieved from Windows-MY Keystore X509CertificateParser certParser = new X509CertificateParser(); X509Certificate privateCertBouncy = certParser.ReadCertificate(mycert.GetRawCertData()); AsymmetricKeyParameter pubKey = privateCertBouncy.GetPublicKey(); //how do i now get the private key to make a keypair?

Is it possible to convert AsymmetricAlgorithm (C # private key) to AsymmetricKeyParameter (bouncycastle private key)?

+7
c # x509certificate bouncycastle private-key
source share
3 answers

I don’t know that there are so many BouncyCastle, but it seems to me that a simple matter is to recreate the key based on key parameters.

 public static AsymmetricKeyParameter TransformRSAPrivateKey(AsymmetricAlgorithm privateKey) { RSACryptoServiceProvider prov = privateKey as RSACryptoServiceProvider; RSAParameters parameters = prov.ExportParameters(true); return new RsaPrivateCrtKeyParameters( new BigInteger(1,parameters.Modulus), new BigInteger(1,parameters.Exponent), new BigInteger(1,parameters.D), new BigInteger(1,parameters.P), new BigInteger(1,parameters.Q), new BigInteger(1,parameters.DP), new BigInteger(1,parameters.DQ), new BigInteger(1,parameters.InverseQ)); }
public static AsymmetricKeyParameter TransformRSAPrivateKey(AsymmetricAlgorithm privateKey) { RSACryptoServiceProvider prov = privateKey as RSACryptoServiceProvider; RSAParameters parameters = prov.ExportParameters(true); return new RsaPrivateCrtKeyParameters( new BigInteger(1,parameters.Modulus), new BigInteger(1,parameters.Exponent), new BigInteger(1,parameters.D), new BigInteger(1,parameters.P), new BigInteger(1,parameters.Q), new BigInteger(1,parameters.DP), new BigInteger(1,parameters.DQ), new BigInteger(1,parameters.InverseQ)); }

You can call the code using

 AsymmetricKeyParameter bouncyCastlePrivateKey = TransformRSAPrivateKey(mycert.PrivateKey);
AsymmetricKeyParameter bouncyCastlePrivateKey = TransformRSAPrivateKey(mycert.PrivateKey);

Obviously, this assumes that the certificate includes an RSA key, but the same result can be achieved for DSACryptoServiceProvider with DSACryptoServiceProvider and DSAParameters

+12
source share
 Akp = Org.BouncyCastle.Security.DotNetUtilities.GetKeyPair(this.Certificate.PrivateKey).Private;
+19
source share

Find .NET X509Certificate2:

 X509Certificate2 cert = this.FindCertificate(certificateFriendlyName);

Divide it into a BouncyCastle certificate and use X509Certificate2Signature to get your signature:

 var parser = new X509CertificateParser(); var bouncyCertificate = parser.ReadCertificate(cert.RawData); var algorithm = DigestAlgorithms.GetDigest(bouncyCertificate.SigAlgOid); var signature = new X509Certificate2Signature(cert, algorithm);
+1
source share

More articles:


All Articles