将私钥与 .net 中的 X509Certificate2 类关联 [英] Associate a private key with the X509Certificate2 class in .net

问题描述

我正在编写一些用于创建 X509 证书和公钥/私钥对的代码.公钥被添加到证书中，并被发送到对其进行签名的 CA.

I'm working on some code that creates a X509certificate and a public/private key pair. The public key is added to the certificate and it is sent to an CA which signs it.

然后通过 System.Security.Cryptography.X509Certificates.X509Certificate2 类访问返回的证书.现在我想使用这个证书来启动与其他客户端的安全连接.因此我使用 SslStream 类.要启动 SSL 握手，我使用以下方法:

The returned certificate is then accessed through the System.Security.Cryptography.X509Certificates.X509Certificate2 class. Now I want to use this certificate to initiate a secure connection with other clients. Therefore I use the SslStream class. To start the SSL Handshake I use this method:

server.AssociatedSslStream.AuthenticateAsServer(
                        MyCertificate,                      // Client Certificate
                        true,                               // Require Certificate from connecting Peer
                        SslProtocols.Tls,                   // Use TLS 1.0
                        false                               // check Certificate revocation
                    );

此方法要求私钥与证书相关联.当然，CA 返回的证书不包含私钥.但它作为 .key 文件存储在硬盘上.X509Certificate2 类有一个名为 PrivateKey 的属性，我猜它会将私钥与证书相关联，但我找不到设置此属性的方法.

This method requires that the private key is associated with the certificate. Of course the certificate returned by the CA does not contain a private key. But it is stored as .key file on the harddrive. The X509Certificate2 class has a property called PrivateKey which I guess will associate a private key with the certificate, but I can't find a way to set this property.

有什么办法可以将私钥与 .net X509 类相关联吗?

Is there any way I can associate the private key with the .net X509 class?

推荐答案

对于其他有同样问题的人，我找到了一小段简洁的代码，可以让您完全做到这一点:

For everyone else with the same problem, I found a neat little piece of code that let's you do exactly that:

http://www.codeproject.com/Articles/162194/证书到数据库和返回

byte[] certBuffer = Helpers.GetBytesFromPEM(publicCert, PemStringType.Certificate);
byte[] keyBuffer  = Helpers.GetBytesFromPEM(privateKey, PemStringType.RsaPrivateKey);

X509Certificate2 certificate = new X509Certificate2(certBuffer, password);

RSACryptoServiceProvider prov = Crypto.DecodeRsaPrivateKey(keyBuffer);
certificate.PrivateKey = prov;

Helper方法的代码(否则需要codeproject登录)如下:

The code for the Helper method (which otherwise requires a codeproject login) is as follows:

public static byte[] GetBytesFromPEM(string pemString, PemStringType type)
{
    string header; string footer;
    switch (type)
    {
        case PemStringType.Certificate:
            header = "-----BEGIN CERTIFICATE-----";
            footer = "-----END CERTIFICATE-----";
            break;
        case PemStringType.RsaPrivateKey:
            header = "-----BEGIN RSA PRIVATE KEY-----";
            footer = "-----END RSA PRIVATE KEY-----";
            break;
        default:
            return null;
    }

    int start = pemString.IndexOf(header) + header.Length;
    int end = pemString.IndexOf(footer, start) - start;
    return Convert.FromBase64String(pemString.Substring(start, end));
}

这篇关于将私钥与 .net 中的 X509Certificate2 类关联的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！