如何在保留私钥的同时将 BouncyCastle X509Certificate 转换为 .NET Standard X509Certificate2? [英] How to convert BouncyCastle X509Certificate to .NET Standard X509Certificate2 while retaining the private key?

问题描述

我需要将生成的 BouncyCastle X509Certificate 转换为 X509Certificate2 并将私钥加载到生成的 .NET Standard X509Certificate2 对象.那可能吗?

I need to convert a generated BouncyCastle X509Certificate to X509Certificate2 with the private key getting loaded in the resulting .NET Standard X509Certificate2 object. Is that possible?

有一个类似问题的答案https://stackoverflow.com/a/8150799/5048935，但是生成 BouncyCastle 证书并将其转换为 .NET X509Certificate2 后，结果对象的 HasPrivateKey 属性设置为false".

There is an answer for a similar question https://stackoverflow.com/a/8150799/5048935 , but after generating a BouncyCastle certificate and converting it to .NET X509Certificate2 the resulting object has its HasPrivateKey property set to "false".

我需要将证书和私钥(没有页眉和页脚的单独 Base64 字符串)加载到 X509Certificate2 对象，以将其从 .NET Standard 1.6 库传递到应用程序.问题是，.NET Standard 中的 X509Certificate2 类中没有 PrivateKey 属性！因此，我在 X509Certificate2 对象中实际加载私钥的唯一方法是将它与证书本身结合在一个 .pfx 文件中，并像在构造函数中那样加载它.

I need to load a certificate and a private key (separate Base64 strings without headers and footers) to a X509Certificate2 object to pass it on to the app from a .NET Standard 1.6 library. The problem is, there is no PrivateKey property in the X509Certificate2 class in .NET Standard! So the only way for me to actually load the private key in a X509Certificate2 object is to combine it with the certificate itself in a .pfx file and load it like that in a constructor.

我有使用 BouncyCastle 的建议(https://stackoverflow.com/a/44465965/5048935 )，所以我首先从 Base64 字符串生成一个 BouncyCastle X509Certificate，然后尝试将其转换为 X509Certificate2，同时保留私钥.

I've got suggestions to use BouncyCastle for that ( https://stackoverflow.com/a/44465965/5048935 ), so I first generate a BouncyCastle X509Certificate from the Base64 strings and then try to convert it to X509Certificate2 while retaining the private key.

推荐答案

我发现的最好方法是通过内存中的 PFX 流.假设您已经在 bcCert 中加载了 Bouncy Castle 证书.注意:如果您要将 .NET X509Certificate2 保存在任何地方，则别名"是稍后将在 UI 中调用的内容，否则无关紧要(除了需要相同外)两个电话).

The best way I've found is to go through an in-memory PFX stream. Assuming you've already loaded your Bouncy Castle cert in bcCert. Note: If you are going to be saving the .NET X509Certificate2 anywhere, the "alias" is what it's going to be called in the UI later, otherwise it's irrelevant (other than it needs to be the same for both calls).

using Org.BouncyCastle.Pkcs;
using Org.BouncyCastle.Security;
using System.IO;
using System.Security.Cryptography.X509Certificates

var pkcs12Store = new Pkcs12Store();
var certEntry = new X509CertificateEntry(bcCert);
pkcs12Store.SetCertificateEntry(alias, certEntry);
pkcs12Store.SetKeyEntry(alias, new AsymmetricKeyEntry(certKey.Private), new[] { certEntry });    
X509Certificate2 keyedCert;
using (MemoryStream pfxStream = new MemoryStream())
{
    pkcs12Store.Save(pfxStream, null, new SecureRandom());
    pfxStream.Seek(0, SeekOrigin.Begin);
    keyedCert = new X509Certificate2(pfxStream.ToArray());
}

这篇关于如何在保留私钥的同时将 BouncyCastle X509Certificate 转换为 .NET Standard X509Certificate2?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！