在没有私钥的情况下导出X.509证书 [英] Exporting X.509 certificate WITHOUT private key
问题描述
我认为这很简单,但事实并非如此。我安装了具有私钥且可导出的证书,我想以编程方式仅使用公钥导出它。换句话说,我想要一个等于通过certmgr导出并导出到.CER时选择不导出私钥的结果。
I thought this would be straightforward but apparently it isn't. I have a certificate installed that has a private key, exportable, and I want to programmatically export it with the public key ONLY. In other words, I want a result equivalent to selecting "Do not export the private key" when exporting through certmgr and exporting to .CER.
似乎所有X509Certificate2.Export方法将导出私钥(如果存在),如PKCS#12,这与我想要的相反。
It seems that all of the X509Certificate2.Export methods will export the private key if it exists, as PKCS #12, which is the opposite of what I want.
是否可以使用C#来完成还是我需要开始研究CAPICOM?
Is there any way using C# to accomplish this, or do I need to start digging into CAPICOM?
推荐答案
对于其他可能偶然发现过此问题的人,我知道了出来。如果将 X509ContentType.Cert 指定为 X509Certificate.Export 的第一个(也是唯一)参数,则它仅导出公共键。另一方面,指定 X509ContentType.Pfx 包含私钥(如果存在的话)。
For anyone else who might have stumbled on this, I figured it out. If you specify X509ContentType.Cert as the first (and only) parameter to X509Certificate.Export, it only exports the public key. On the other hand, specifying X509ContentType.Pfx includes the private key if one exists.
我可能会发誓上周我看到了不同的行为,但是我在测试时必须已经安装了私钥。今天,当我删除该证书并从头开始时,我发现导出的证书中没有私钥。
I could have sworn that I was seeing different behaviour last week, but I must have already had the private key installed when I was testing. When I deleted that certificate today and started again from scratch, I saw that there was no private key in the exported cert.
这篇关于在没有私钥的情况下导出X.509证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
