使用带有 ECC 公钥的 X509Certificate2 加载证书 [英] Load a Certificate Using X509Certificate2 with ECC Public Key
问题描述
这是一个新手问题.我正在尝试使用以下方法加载 .der 证书:
This is a newbie question. I'm trying to load a .der certificate using:
X509Certificate2 cert = new X509Certificate2(@"c: empmycert.der");
RSACryptoServiceProvider csp = (RSACryptoServiceProvider)cert.PublicKey.Key
但我在第二行收到不支持证书密钥算法"错误.当我将此证书导入 MMC 时,我可以看到像 .
But I get a "The certificate key algorithm is not supported" error on the 2nd line. When I import this certificate to MMC I can see the public key like .
有效吗?我如何在代码中获取它?
Is it valid? How do I get it in code?
推荐答案
在 .NET 4.6.1 之前,不支持 ECDSA 密钥.出于遗留/兼容性原因(例如您在此处转换为 RSACryptoServiceProvider 的示例),PublicKey.Key 属性和 X509Certificate2.PrivateKey 属性仍然无法使用 ECDSA.取而代之的是一个新的、更安全的路径:
Prior to .NET 4.6.1 ECDSA keys were not supported. For legacy/compatibility reasons (such as your sample here where you're converting to an RSACryptoServiceProvider) the PublicKey.Key property and X509Certificate2.PrivateKey property still cannot ECDSA. There's instead a new, more type-safe, path:
using (ECDsa ecdsa = cert.GetECDsaPublicKey())
{
if (ecdsa != null)
{
// I had to do something with it in this example...
bool verified = ecdsa.VerifyData(data, signature, HashAlgorithmName.SHA256);
}
}
这篇关于使用带有 ECC 公钥的 X509Certificate2 加载证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!