设置X509Certificate2私钥时出错 [英] Error setting X509Certificate2 PrivateKey

问题描述

我正在将.NetFramework 4.6.1库迁移到.NetCore 2.2。
但是我无法设置x509certificate.PrivateKey，如下所示。

I am migrating a .NetFramework 4.6.1 library to a .NetCore 2.2. But i am unable to set x509certificate.PrivateKey as shown below.

我读到这可能是由于RSAServiceProvider引起的，但是我不知道如何设置属性。甚至实例化：
x509certificate.PrivateKey = new RSACryptoServiceProvider（）;
引发PlatformNotSupportedException。

I have read that may be due to the RSAServiceProvider but i am unaware how to set this property. Even instantiating:
x509certificate.PrivateKey = new RSACryptoServiceProvider();
throws the PlatformNotSupportedException.

// selfsign certificate
Org.BouncyCastle.X509.X509Certificate certificate = 
certificateGenerator.Generate(signatureFactory);

// correponding private key
PrivateKeyInfo info = 
PrivateKeyInfoFactory.CreatePrivateKeyInfo(subjectKeyPair.Private);

// merge into X509Certificate2
var x509certificate = new X509Certificate2(certificate.GetEncoded());

Asn1Sequence seq = (Asn1Sequence)
Asn1Object.FromByteArray(info.ParsePrivateKey().GetDerEncoded() 
);

RsaPrivateKeyStructure rsa = RsaPrivateKeyStructure.GetInstance(seq);
RsaPrivateCrtKeyParameters rsaParams = new 
RsaPrivateCrtKeyParameters(
rsa.Modulus,
rsa.PublicExponent,
rsa.PrivateExponent,
rsa.Prime1,
rsa.Prime2,
rsa.Exponent1,
rsa.Exponent2,
rsa.Coefficient);

x509certificate.PrivateKey = DotNetUtilities.ToRSA(rsaParams);

在.NetCore库中，将x509certificate.PrivateKey与DotNetUtilities.ToRSA（rsaParams）中的RSA一起设置PlatformNotSupportedException。

In the .NetCore library setting x509certificate.PrivateKey with the RSA from DotNetUtilities.ToRSA(rsaParams) throws an PlatformNotSupportedException.

System.PlatformNotSupportedException
  HResult=0x80131539
  Message=Operation is not supported on this platform.
  Source=System.Security.Cryptography.X509Certificates
  StackTrace:
   at System.Security.Cryptography.X509Certificates.X509Certificate2.set_PrivateKey(AsymmetricAlgorithm value)

推荐答案

正如LexLi所说，.net内核中的设计无法在现有证书上设置私钥。

As LexLi said, setting the private key on an existing certificate is not possible by design in .net core.

按照此处所述，您可以做的是使用方法RSACertificateExtensions.CopyWithPrivateKey。

Following what is described here, what you can do is use the method RSACertificateExtensions.CopyWithPrivateKey.

而不是

x509certificate.PrivateKey = DotNetUtilities.ToRSA(rsaParams);

您可以拥有

var rsa = DotNetUtilities.ToRSA(rsaParams);
var cert = x509certificate.CopyWithPrivateKey(rsa);
return cert;

要访问 CopyWithPrivateKey扩展方法，请使用：

To get access to the "CopyWithPrivateKey" extension method, add this using :

using System.Security.Cryptography.X509Certificates; /* for getting access to extension methods in RSACertificateExtensions */

（ CopyWithPrivateKey）将RSA证书的私钥和公钥组合在一起，以生成
新的RSA证书。

"(CopyWithPrivateKey) Combines a private key with the public key of an RSA certificate to generate a new RSA certificate."

< a href = https://docs.microsoft.com/zh-cn/dotnet/api/system.security.cryptography.x509certificates.rsacertificateextensions.copywithprivatekey?view=netcore-3.0 rel = noreferrer> https：// docs.microsoft.com/zh-CN/dotnet/api/system.security.cryptography.x509certificates.rsacertificateextensions.copywithprivatekey?view=netcore-3.0

这篇关于设置X509Certificate2私钥时出错的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！