设置 X509Certificate2 PrivateKey 时出错 [英] Error setting X509Certificate2 PrivateKey

问题描述

我正在将 .NetFramework 4.6.1 库迁移到 .NetCore 2.2.但我无法设置 x509certificate.PrivateKey 如下所示.

我读过这可能是由于 RSAServiceProvider 但我不知道如何设置此属性.甚至实例化:
x509certificate.PrivateKey = new RSACryptoServiceProvider();
抛出 PlatformNotSupportedException.

//自签名证书Org.BouncyCastle.X509.X509Certificate 证书 =certificateGenerator.Generate(signatureFactory);//对应的私钥私钥信息信息 =PrivateKeyInfoFactory.CreatePrivateKeyInfo(subjectKeyPair.Private);//合并到 X509Certificate2var x509certificate = new X509Certificate2(certificate.GetEncoded());Asn1Sequence seq = (Asn1Sequence)Asn1Object.FromByteArray(info.ParsePrivateKey().GetDerEncoded());RsaPrivateKeyStructure rsa = RsaPrivateKeyStructure.GetInstance(seq);RsaPrivateCrtKeyParameters rsaParams = 新RsaPrivateCrtKeyParameters(rsa.Modulus，rsa.PublicExponent,rsa.PrivateExponent,rsa.Prime1,rsa.Prime2，rsa.Exponent1,rsa.Exponent2,rsa.系数);x509certificate.PrivateKey = DotNetUtilities.ToRSA(rsaParams);

在带有来自 DotNetUtilities.ToRSA(rsaParams) 的 RSA 的 .NetCore 库设置 x509certificate.PrivateKey 中抛出 PlatformNotSupportedException.

System.PlatformNotSupportedExceptionHResult=0x80131539Message=Operation 在此平台上不受支持.来源=System.Security.Cryptography.X509Certificates堆栈跟踪:在 System.Security.Cryptography.X509Certificates.X509Certificate2.set_PrivateKey(非对称算法值)

解决方案

正如 LexLi 所说，在 .net core 中的设计无法在现有证书上设置私钥.

按照此处的描述，您可以使用 RSACertificateExtensions.CopyWithPrivateKey 方法.

代替

x509certificate.PrivateKey = DotNetUtilities.ToRSA(rsaParams);

你本来可以

var rsa = DotNetUtilities.ToRSA(rsaParams);var cert = x509certificate.CopyWithPrivateKey(rsa);返还证书；

要访问CopyWithPrivateKey"扩展方法，请使用:

使用 System.Security.Cryptography.X509Certificates；/* 用于访问 RSACertificateExtensions 中的扩展方法 */

<块引用>

"(CopyWithPrivateKey) 将私钥与 RSA 证书的公钥组合在一起生成新的 RSA 证书."

https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography.x509certificates.rsacertificateextensions.copywithprivatekey?view=netcore-3.0

I am migrating a .NetFramework 4.6.1 library to a .NetCore 2.2. But i am unable to set x509certificate.PrivateKey as shown below.

I have read that may be due to the RSAServiceProvider but i am unaware how to set this property. Even instantiating:
x509certificate.PrivateKey = new RSACryptoServiceProvider();
throws the PlatformNotSupportedException.

// selfsign certificate
Org.BouncyCastle.X509.X509Certificate certificate = 
certificateGenerator.Generate(signatureFactory);

// correponding private key
PrivateKeyInfo info = 
PrivateKeyInfoFactory.CreatePrivateKeyInfo(subjectKeyPair.Private);

// merge into X509Certificate2
var x509certificate = new X509Certificate2(certificate.GetEncoded());

Asn1Sequence seq = (Asn1Sequence)
Asn1Object.FromByteArray(info.ParsePrivateKey().GetDerEncoded() 
);

RsaPrivateKeyStructure rsa = RsaPrivateKeyStructure.GetInstance(seq);
RsaPrivateCrtKeyParameters rsaParams = new 
RsaPrivateCrtKeyParameters(
rsa.Modulus,
rsa.PublicExponent,
rsa.PrivateExponent,
rsa.Prime1,
rsa.Prime2,
rsa.Exponent1,
rsa.Exponent2,
rsa.Coefficient);

x509certificate.PrivateKey = DotNetUtilities.ToRSA(rsaParams);

In the .NetCore library setting x509certificate.PrivateKey with the RSA from DotNetUtilities.ToRSA(rsaParams) throws an PlatformNotSupportedException.

System.PlatformNotSupportedException
  HResult=0x80131539
  Message=Operation is not supported on this platform.
  Source=System.Security.Cryptography.X509Certificates
  StackTrace:
   at System.Security.Cryptography.X509Certificates.X509Certificate2.set_PrivateKey(AsymmetricAlgorithm value)

解决方案

As LexLi said, setting the private key on an existing certificate is not possible by design in .net core.

Following what is described here, what you can do is use the method RSACertificateExtensions.CopyWithPrivateKey.

Instead of

x509certificate.PrivateKey = DotNetUtilities.ToRSA(rsaParams);

you could have

var rsa = DotNetUtilities.ToRSA(rsaParams);
var cert = x509certificate.CopyWithPrivateKey(rsa);
return cert;

To get access to the "CopyWithPrivateKey" extension method, add this using :

using System.Security.Cryptography.X509Certificates; /* for getting access to extension methods in RSACertificateExtensions */

"(CopyWithPrivateKey) Combines a private key with the public key of an RSA certificate to generate a new RSA certificate."

https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography.x509certificates.rsacertificateextensions.copywithprivatekey?view=netcore-3.0

这篇关于设置 X509Certificate2 PrivateKey 时出错的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！