我目前能够提取使用OpenSSL使用以下命令PFX文件的私有密钥:提取私钥字节
openssl pkcs12 -in filename.pfx -nocerts -out privateKey.pem
openssl.exe rsa -in privateKey.pem -out private.pem
的private.pem文件开始---BEGIN RSA PRIVATE KEY---与---END RSA PRIVATE KEY---
我想在C#中使用.NET库或Bouncy Castle库来做同样的事情。
我该怎么做?
这是为我工作。还应该为你工作:
using System;
using System.IO;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using System.Text;
using Org.BouncyCastle.Crypto;
using Org.BouncyCastle.OpenSsl;
using Org.BouncyCastle.Security;
namespace SO6258771
{
class Program
{
static void Main()
{
// Load your certificate from file
X509Certificate2 certificate = new X509Certificate2("filename.pfx", "password", X509KeyStorageFlags.Exportable | X509KeyStorageFlags.PersistKeySet);
// Now you have your private key in binary form as you wanted
// You can use rsa.ExportParameters() or rsa.ExportCspBlob() to get you bytes
// depending on format you need them in
RSACryptoServiceProvider rsa = (RSACryptoServiceProvider)certificate.PrivateKey;
// Just for lulz, let's write out the PEM representation of the private key
// using Bouncy Castle, so that we are 100% sure that the result is exaclty the same as:
// openssl pkcs12 -in filename.pfx -nocerts -out privateKey.pem
// openssl.exe rsa -in privateKey.pem -out private.pem
// You should of course dispose of/close the streams properly. I'm skipping this part for brevity
MemoryStream memoryStream = new MemoryStream();
TextWriter streamWriter = new StreamWriter(memoryStream);
PemWriter pemWriter = new PemWriter(streamWriter);
AsymmetricCipherKeyPair keyPair = DotNetUtilities.GetRsaKeyPair(rsa);
pemWriter.WriteObject(keyPair.Private);
streamWriter.Flush();
// Here is the output with ---BEGIN RSA PRIVATE KEY---
// that should be exactly the same as in private.pem
Console.Write(Encoding.ASCII.GetString(memoryStream.GetBuffer()));
}
}
}
我的编译环境中的WriteObject方法在我的vs2008编辑器中以红色下划线。错误说:错误'Org.BouncyCastle.Utilities.IO.Pem.PemWriter.WriteObject(Org.BouncyCastle.Utilities.IO.Pem.PemObjectGenerator)'的最佳重载方法匹配有一些无效的参数。这里有什么问题? – Subbu 2011-06-07 16:46:38
包含'RsaPrivateCrtKeyParameters'而不是'Org.BouncyCastle.Utilities.IO.Pem'这是至关重要的这就是为什么@Subbu在编译期间有一个无效的参数。 – CodeMonkeyKing 2013-01-16 22:51:42
@CodeMonkeyKing谢谢。我有一个错误的'使用',并且一直在打我的头。 '..IO.Pem'似乎是这样一个似是而非的名字空间。 – Basic 2015-04-13 09:33:33
System.Security.Cryptography.X509.x509certificate2类具有专用密钥属性
你可以从一个物体的X509Store
得到x509certificate2对象如果您有权利对私钥那么这将是在X509Certificate2对象(所以这个对象并不真正代表只是一个证书)
我发现PEMwriter只适用于VS2005中的.NET 2.0。 .NET 3.5 SDK环境强调pemWriter.WriteObject(keyPair.Private);是由于投射问题导致的错误。如果您尝试将其转换为PEMObjectGenerator并最终构建和调试代码,则在调试器获取到此代码行时会引发InvalidCastException。我也会在充气城堡论坛上发布这一点。
我站在这纠正。它适用于.NET 3.5和.NET 2.0。由于使用了我已经添加的命名空间而导致投射问题。 – Subbu 2011-06-07 18:41:24
你可以编辑这个问题到你的问题,而不是把它留作答案/评论?谢谢。 – 2011-06-07 19:33:08
@Bill:当我读到它时,这是一个答案 - 这恰好是个坏消息。 – 2011-06-07 20:07:30
Similar questions:http://stackoverflow.com/questions/3826321/how-can-constructing-an-x509certificate2-from-a-pkcs12-byte-array-throw-cryptogr http://stackoverflow.com/questions/5471716 /如何获取私钥从pkcs12-p12-file-using-c – 2011-06-06 22:48:35