使用带有 ECC 公钥的 X509Certificate2 加载证书 [英] Load a Certificate Using X509Certificate2 with ECC Public Key

问题描述

这是一个新手问题.我正在尝试使用以下方法加载 .der 证书:

This is a newbie question. I'm trying to load a .der certificate using:

X509Certificate2 cert = new X509Certificate2(@"c:	empmycert.der");
RSACryptoServiceProvider csp = (RSACryptoServiceProvider)cert.PublicKey.Key

但我在第二行收到不支持证书密钥算法"错误.当我将此证书导入 MMC 时，我可以看到像 .

But I get a "The certificate key algorithm is not supported" error on the 2nd line. When I import this certificate to MMC I can see the public key like .

有效吗?我如何在代码中获取它?

Is it valid? How do I get it in code?

推荐答案

在 .NET 4.6.1 之前，不支持 ECDSA 密钥.出于遗留/兼容性原因(例如您在此处转换为 RSACryptoServiceProvider 的示例)，PublicKey.Key 属性和 X509Certificate2.PrivateKey 属性仍然无法使用 ECDSA.取而代之的是一个新的、更安全的路径:

Prior to .NET 4.6.1 ECDSA keys were not supported. For legacy/compatibility reasons (such as your sample here where you're converting to an RSACryptoServiceProvider) the PublicKey.Key property and X509Certificate2.PrivateKey property still cannot ECDSA. There's instead a new, more type-safe, path:

using (ECDsa ecdsa = cert.GetECDsaPublicKey())
{
    if (ecdsa != null)
    {
        // I had to do something with it in this example...
        bool verified = ecdsa.VerifyData(data, signature, HashAlgorithmName.SHA256);
    }
}

这篇关于使用带有 ECC 公钥的 X509Certificate2 加载证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！