.NET Standard-以编程方式将证书和私钥合并到.pfx文件中 [英] .NET Standard - Merge a certificate and a private key into a .pfx file programmatically

问题描述

是否可以使用C＃/。NET Standard 以编程方式将证书和密钥（两者均作为从服务中作为Base64字符串单独接收的）组合到.pfx文件中？使用工具不是一种选择，因为我需要使它自动化。

Is there any way to combine a certificate and a key (both received separately as Base64 strings from a service) into a .pfx file using C#/.NET Standard programmatically? Using a tool is not an option, since I need to automate it.

上下文：我需要加载证书和私钥（不带标头和页脚）到 X509Certificate2 对象，以将其从.NET Standard 1.6库传递到应用程序。
问题是，.NET Standard中的 X509Certificate2 类中没有 PrivateKey 属性！因此，我实际将私钥加载到 X509Certificate2 对象中的唯一方法是将其与证书本身组合到.pfx文件中，然后像在构造函数中那样加载

The context: I need to load a certificate and a private key (separate Base64 strings without headers and footers) to a X509Certificate2 object to pass it on to the app from a .NET Standard 1.6 library. The problem is, there is no PrivateKey property in the X509Certificate2 class in .NET Standard! So the only way for me to actually load the private key in a X509Certificate2 object is to combine it with the certificate itself in a .pfx file and load it like that in a constructor.

推荐答案

无法使用框架类型执行此操作。

There's not a way to do this with framework types. It may be possible with BouncyCastle, or other libraries.

.NET Core 2.0增加了将证书和密钥对象合并到一起的功能（到新的X509Certificate2对象中）。通过扩展方法：

.NET Core 2.0 has added the ability to merge a certificate and a key object together (into a new X509Certificate2 object) via extension methods:

X509Certificate2 mergedCert = cert.CopyWithPrivateKey(rsaPrivateKey);
X509Certificate2 mergedCert = cert.CopyWithPrivateKey(dsaPrivateKey);
X509Certificate2 mergedCert = cert.CopyWithPrivateKey(ecdsaPrivateKey);

但这需要专门针对netcoreapp20（而不是netstandard20）进行编译。

But that requires compiling specifically for netcoreapp20 (not netstandard20).

框架类型也没有从二进制表示中加载关键对象的方法（ CngKey.Import 除外，但这仅适用于Windows），仅来自预先解析的结构（ RSAParameters ， DSAParameters ， ECParameters ）。

The framework types also don't have a way of loading key objects from binary representations (with the exception of CngKey.Import, but that only works on Windows), only from the pre-parsed structures (RSAParameters, DSAParameters, ECParameters).

在Linux上实现此目标的最简单方法（如果BouncyCastle无法帮助您）是使用 System.Process 产生类似于 openssl pkcs12 -export -out tmp.pfx -in tmp.cer -inkey tmp.key -password pass的呼叫： 。

The easiest way to accomplish this goal on Linux (if BouncyCastle can't help you out) is to use System.Process to spawn a call similar to openssl pkcs12 -export -out tmp.pfx -in tmp.cer -inkey tmp.key -password pass:"".

在Windows上，您可以使用CngKey.Import和P / Invoke CertSetCertificateContextProperty （用于CERT_NCRYPT_KEY_HANDLE_PROP_ID（78）），然后调用 cert.Export 变异的证书。

On Windows you could maybe use CngKey.Import and P/Invoke CertSetCertificateContextProperty (for CERT_NCRYPT_KEY_HANDLE_PROP_ID (78)) to then call cert.Export on the mutated certificate.

这篇关于.NET Standard-以编程方式将证书和私钥合并到.pfx文件中的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！