使用C＃中的RSA私钥文件创建RSACryptoServiceProvider对象 [英] Create RSACryptoServiceProvider object using RSA private key file in C#

问题描述

如何使用RSA私钥文件正确创建 RSACryptoServiceProvider 对象？我生成了RSA私钥，并使用以下方法将其导出到OSX上的p12文件中：

How can I properly create the RSACryptoServiceProvider object using an RSA private key file? I generated an RSA private key and exported it to a p12 file on OSX using the methods:

openssl genrsa -out rsakey.pem 2048
openssl pkcs12 -export -out rsakey.p12 -inkey rsakey.pem -nocerts

在Windows笔记本电脑上运行的C＃代码中，尝试实例化 X509Certificate2 对象时遇到错误，以便我可以将私钥作为<$ c $来获取。 c> RSACryptoServiceProvider 对象：

In my C# code, which runs on a Windows laptop, I am getting an error trying to instantiate the X509Certificate2 object so that I can grab the private key as an RSACryptoServiceProvider object out of it:

var privateKey = new X509Certificate2(p12_file, "pass", X509KeyStorageFlags.Exportable | X509KeyStorageFlags.MachineKeySet).PrivateKey as RSACryptoServiceProvider;

CryptographicException：参数不正确。

CryptographicException: The parameter is incorrect.

下面是完整的C＃代码供参考。请注意，我只是通过遵循 X509Certificate2 类。

Below is the entire C# code for reference. Note that I am just trying to get the private key as an RSACryptoServiceProvider object by following the docs for the X509Certificate2 class.

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.IO;
using System.Net;
using System.Security;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using System.Globalization;
using Jose;
using Newtonsoft.Json;
using Newtonsoft.Json.Linq;

namespace ConsoleApplication1
{
    class Program
    {
        static void Main(string[] args)
        {
            string p12_file = @"C:\Root\rsakey.p12";

            DateTime issued = DateTime.Now;
            DateTime expire = DateTime.Now.AddHours(10);

            var payload = new Dictionary<string, object>()
            {
                { "iss", "auth0_user"},
                { "exp", ToUnixTime(expire).ToString() }
            };

            var privateKey = new X509Certificate2(p12_file, "pass", X509KeyStorageFlags.Exportable | X509KeyStorageFlags.MachineKeySet).PrivateKey as RSACryptoServiceProvider;

            string token = Jose.JWT.Encode(payload, privateKey, JwsAlgorithm.RS256);

            Console.WriteLine(token);

        }

        static long ToUnixTime(DateTime dateTime)
        {
            return (int)(dateTime.ToUniversalTime().Subtract(new DateTime(1970, 1, 1))).TotalSeconds;
        }

    }
}

更新：我尝试使用

openssl req -key rsakey.pem -new -out domain.crt

然后将其包装为p12：

and then wrapping it into a p12:

openssl pkcs12 -export -out rsakey.p12 -in rsakey.pem -certfile domain.crt

，但是该命令永远挂起，直到我将其杀死为止。

but the command just hangs forever until I kill it.

推荐答案

.NET没有内置功能

.NET has no built-in functionality for reading private keys (or public keys, for that matter) which are not associated with certificates.

最简单的解决方法是将新的RSA密钥包装在自签名证书，然后将证书和私钥都放入.p12文件中。

Your easiest fix is to wrap the new RSA key in a self-signed cert, and then put both the cert and the private key into the .p12 file.

替代方法是手动解析私钥文件/ blob并构建RSAParameters结构体;或使用可以为您做到的第三方库。

The alternatives are to manually parse the private key file/blob and build an RSAParameters structure; or to use a 3rd party library which can do that for you.

这篇关于使用C＃中的RSA私钥文件创建RSACryptoServiceProvider对象的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！