设置X509Certificate2私钥时出错 [英] Error setting X509Certificate2 PrivateKey
问题描述
我正在将.NetFramework 4.6.1库迁移到.NetCore 2.2。
但是我无法设置x509certificate.PrivateKey,如下所示。
I am migrating a .NetFramework 4.6.1 library to a .NetCore 2.2. But i am unable to set x509certificate.PrivateKey as shown below.
我读到这可能是由于RSAServiceProvider引起的,但是我不知道如何设置属性。甚至实例化:
x509certificate.PrivateKey = new RSACryptoServiceProvider();
引发PlatformNotSupportedException。
I have read that may be due to the RSAServiceProvider but i am unaware how to set this property. Even instantiating:
x509certificate.PrivateKey = new RSACryptoServiceProvider();
throws the PlatformNotSupportedException.
// selfsign certificate
Org.BouncyCastle.X509.X509Certificate certificate =
certificateGenerator.Generate(signatureFactory);
// correponding private key
PrivateKeyInfo info =
PrivateKeyInfoFactory.CreatePrivateKeyInfo(subjectKeyPair.Private);
// merge into X509Certificate2
var x509certificate = new X509Certificate2(certificate.GetEncoded());
Asn1Sequence seq = (Asn1Sequence)
Asn1Object.FromByteArray(info.ParsePrivateKey().GetDerEncoded()
);
RsaPrivateKeyStructure rsa = RsaPrivateKeyStructure.GetInstance(seq);
RsaPrivateCrtKeyParameters rsaParams = new
RsaPrivateCrtKeyParameters(
rsa.Modulus,
rsa.PublicExponent,
rsa.PrivateExponent,
rsa.Prime1,
rsa.Prime2,
rsa.Exponent1,
rsa.Exponent2,
rsa.Coefficient);
x509certificate.PrivateKey = DotNetUtilities.ToRSA(rsaParams);
在.NetCore库中,将x509certificate.PrivateKey与DotNetUtilities.ToRSA(rsaParams)中的RSA一起设置PlatformNotSupportedException。
In the .NetCore library setting x509certificate.PrivateKey with the RSA from DotNetUtilities.ToRSA(rsaParams) throws an PlatformNotSupportedException.
System.PlatformNotSupportedException
HResult=0x80131539
Message=Operation is not supported on this platform.
Source=System.Security.Cryptography.X509Certificates
StackTrace:
at System.Security.Cryptography.X509Certificates.X509Certificate2.set_PrivateKey(AsymmetricAlgorithm value)
推荐答案
正如LexLi所说,.net内核中的设计无法在现有证书上设置私钥。
As LexLi said, setting the private key on an existing certificate is not possible by design in .net core.
按照此处所述,您可以做的是使用方法RSACertificateExtensions.CopyWithPrivateKey。
Following what is described here, what you can do is use the method RSACertificateExtensions.CopyWithPrivateKey.
而不是
x509certificate.PrivateKey = DotNetUtilities.ToRSA(rsaParams);
您可以拥有
var rsa = DotNetUtilities.ToRSA(rsaParams);
var cert = x509certificate.CopyWithPrivateKey(rsa);
return cert;
要访问 CopyWithPrivateKey扩展方法,请使用:
To get access to the "CopyWithPrivateKey" extension method, add this using :
using System.Security.Cryptography.X509Certificates; /* for getting access to extension methods in RSACertificateExtensions */
( CopyWithPrivateKey)将RSA证书的私钥和公钥组合在一起,以生成
新的RSA证书。
"(CopyWithPrivateKey) Combines a private key with the public key of an RSA certificate to generate a new RSA certificate."
< a href = https://docs.microsoft.com/zh-cn/dotnet/api/system.security.cryptography.x509certificates.rsacertificateextensions.copywithprivatekey?view=netcore-3.0 rel = noreferrer> https:// docs.microsoft.com/zh-CN/dotnet/api/system.security.cryptography.x509certificates.rsacertificateextensions.copywithprivatekey?view=netcore-3.0
这篇关于设置X509Certificate2私钥时出错的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!