在没有私钥的情况下导出X.509证书 [英] Exporting X.509 certificate WITHOUT private key
问题描述
我认为这很简单,但事实并非如此。我安装了具有私钥且可导出的证书,我想以编程方式仅使用公钥导出它。换句话说,我想要一个等于通过certmgr导出并导出到.CER时选择不导出私钥的结果。
I thought this would be straightforward but apparently it isn't. I have a certificate installed that has a private key, exportable, and I want to programmatically export it with the public key ONLY. In other words, I want a result equivalent to selecting "Do not export the private key" when exporting through certmgr and exporting to .CER.
似乎所有X509Certificate2.Export方法将导出私钥(如果存在),如PKCS#12,这与我想要的相反。
It seems that all of the X509Certificate2.Export methods will export the private key if it exists, as PKCS #12, which is the opposite of what I want.
是否可以使用C#来完成还是我需要开始研究CAPICOM?
Is there any way using C# to accomplish this, or do I need to start digging into CAPICOM?
推荐答案
对于其他可能偶然发现过此问题的人,我知道了出来。如果将 X509ContentType.Cert
指定为 X509Certificate.Export
的第一个(也是唯一)参数,则它仅导出公共键。另一方面,指定 X509ContentType.Pfx
包含私钥(如果存在的话)。
For anyone else who might have stumbled on this, I figured it out. If you specify X509ContentType.Cert
as the first (and only) parameter to X509Certificate.Export
, it only exports the public key. On the other hand, specifying X509ContentType.Pfx
includes the private key if one exists.
我可能会发誓上周我看到了不同的行为,但是我在测试时必须已经安装了私钥。今天,当我删除该证书并从头开始时,我发现导出的证书中没有私钥。
I could have sworn that I was seeing different behaviour last week, but I must have already had the private key installed when I was testing. When I deleted that certificate today and started again from scratch, I saw that there was no private key in the exported cert.
这篇关于在没有私钥的情况下导出X.509证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!