如何在保留私钥的同时将BouncyCastle X509Certificate转换为.NET Standard X509Certificate2？ [英] How to convert BouncyCastle X509Certificate to .NET Standard X509Certificate2 while retaining the private key?

问题描述

我需要将生成的BouncyCastle X509Certificate 转换为 X509Certificate2 ，并将私钥加载到生成的 .NET Standard X509Certificate2 对象。那可能吗？

I need to convert a generated BouncyCastle X509Certificate to X509Certificate2 with the private key getting loaded in the resulting .NET Standard X509Certificate2 object. Is that possible?

有一个类似问题的答案 https://stackoverflow.com / a / 8150799/5048935 ，但是在生成BouncyCastle证书并将其转换为.NET X509Certificate2 之后，生成的对象将具有其 HasPrivateKey 属性设置为 false。

There is an answer for a similar question https://stackoverflow.com/a/8150799/5048935 , but after generating a BouncyCastle certificate and converting it to .NET X509Certificate2 the resulting object has its HasPrivateKey property set to "false".

我需要加载证书和一个私钥（没有标题和页脚的单独Base64字符串）到 X509Certificate2 对象，以将其从.NET Standard 1.6库传递到应用程序。问题是，.NET Standard中的 X509Certificate2 类中的没有 PrivateKey 属性 ！因此，我实际将私钥加载到 X509Certificate2 对象中的唯一方法是将其与证书本身组合到.pfx文件中，然后像在构造函数中那样加载。

I need to load a certificate and a private key (separate Base64 strings without headers and footers) to a X509Certificate2 object to pass it on to the app from a .NET Standard 1.6 library. The problem is, there is no PrivateKey property in the X509Certificate2 class in .NET Standard! So the only way for me to actually load the private key in a X509Certificate2 object is to combine it with the certificate itself in a .pfx file and load it like that in a constructor.

为此，我建议使用BouncyCastle（ https：// stackoverflow.com/a/44465965/5048935 ），因此我首先从Base64字符串生成BouncyCastle X509Certificate ，然后尝试将其转换为 X509Certificate2 ，同时保留私钥。

I've got suggestions to use BouncyCastle for that ( https://stackoverflow.com/a/44465965/5048935 ), so I first generate a BouncyCastle X509Certificate from the Base64 strings and then try to convert it to X509Certificate2 while retaining the private key.

推荐答案

我发现的最好方法是通过内存中的PFX流。假设您已经在 bcCert 中加载了Bouncy Castle证书。注意：如果要在任何地方保存.NET X509Certificate2 ，则稍后将在用户界面中调用别名，否则就无关紧要了（除了

The best way I've found is to go through an in-memory PFX stream. Assuming you've already loaded your Bouncy Castle cert in bcCert. Note: If you are going to be saving the .NET X509Certificate2 anywhere, the "alias" is what it's going to be called in the UI later, otherwise it's irrelevant (other than it needs to be the same for both calls).

using Org.BouncyCastle.Pkcs;
using Org.BouncyCastle.Security;
using System.IO;
using System.Security.Cryptography.X509Certificates

var pkcs12Store = new Pkcs12Store();
var certEntry = new X509CertificateEntry(bcCert);
pkcs12Store.SetCertificateEntry(alias, certEntry);
pkcs12Store.SetKeyEntry(alias, new AsymmetricKeyEntry(certKey.Private), new[] { certEntry });    
X509Certificate2 keyedCert;
using (MemoryStream pfxStream = new MemoryStream())
{
    pkcs12Store.Save(pfxStream, null, new SecureRandom());
    pfxStream.Seek(0, SeekOrigin.Begin);
    keyedCert = new X509Certificate2(pfxStream.ToArray());
}

这篇关于如何在保留私钥的同时将BouncyCastle X509Certificate转换为.NET Standard X509Certificate2？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！