如何使用 C# 从 PKCS#12 (.p12) 文件获取私钥
我尝试使用 PKCS#12 证书签署一些数据,但是我在从 PKCS#12 (.p12) 文件获取私钥时遇到问题。
public byte[] sign(string text)
{
string password = "1111";
X509Certificate2 cert = new X509Certificate2("c:\\certificate.p12",password);
byte[] certData = cert.Export(X509ContentType.Pfx,password);
X509Certificate2 newCert = new X509Certificate2(certData, password);
RSACryptoServiceProvider crypt = (RSACryptoServiceProvider)newCert.PrivateKey;
SHA1Managed sha1 = new SHA1Managed();
UnicodeEncoding encoding = new UnicodeEncoding();
byte[] data = encoding.GetBytes(text);
byte[] hash = sha1.ComputeHash(data);
return crypt.SignHash(hash, CryptoConfig.MapNameToOID("SHA1"));
}
问题是 newCert.PrivateKey 为空,但如果我以类似的方式使用 .pfx certicitae ,它就可以工作。
public byte[] sign(string text)
{
string password = "1234";
X509Certificate2 cert = new X509Certificate2("c:\\certificate.pfx", password);
RSACryptoServiceProvider crypt = (RSACryptoServiceProvider)cert.PrivateKey;
SHA1Managed sha1 = new SHA1Managed();
UnicodeEncoding encoding = new UnicodeEncoding();
byte[] data = encoding.GetBytes(text);
byte[] hash = sha1.ComputeHash(data);
return crypt.SignHash(hash, CryptoConfig.MapNameToOID("SHA1"));
}
所以问题是如何从 .p12 文件中获取私钥?
Im trying to sign some data using PKCS#12 certificate ,however i have problem with obtaining private key from PKCS#12 (.p12) file.
public byte[] sign(string text)
{
string password = "1111";
X509Certificate2 cert = new X509Certificate2("c:\\certificate.p12",password);
byte[] certData = cert.Export(X509ContentType.Pfx,password);
X509Certificate2 newCert = new X509Certificate2(certData, password);
RSACryptoServiceProvider crypt = (RSACryptoServiceProvider)newCert.PrivateKey;
SHA1Managed sha1 = new SHA1Managed();
UnicodeEncoding encoding = new UnicodeEncoding();
byte[] data = encoding.GetBytes(text);
byte[] hash = sha1.ComputeHash(data);
return crypt.SignHash(hash, CryptoConfig.MapNameToOID("SHA1"));
}
The problem is that newCert.PrivateKey is null but if i am using .pfx certicitae in similar way it works.
public byte[] sign(string text)
{
string password = "1234";
X509Certificate2 cert = new X509Certificate2("c:\\certificate.pfx", password);
RSACryptoServiceProvider crypt = (RSACryptoServiceProvider)cert.PrivateKey;
SHA1Managed sha1 = new SHA1Managed();
UnicodeEncoding encoding = new UnicodeEncoding();
byte[] data = encoding.GetBytes(text);
byte[] hash = sha1.ComputeHash(data);
return crypt.SignHash(hash, CryptoConfig.MapNameToOID("SHA1"));
}
So the question is how to get that private key from .p12 file ?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
我遇到了类似的问题,我在此处发布< /a>,虽然对你来说不是一回事,但问题也可能是权限问题。
我的建议是,首先,您必须确保(我想您已经这样做了)私钥是可导出的并且您拥有该文件的权限。
接下来,尝试将内容类型导出为
X509ContentType.Pkcs12而不是X509ContentType.Pfx最后,如果可能的话,为什么不尝试将其导入到certstore中。我相信这样更有保障。步骤在上面的链接中。
I had a similar problem which I posted here, although it is not the same thing for you, the problem may be also permissions.
My suggestions are, first, you have to make sure (which I suppose you already did) that the private key is exportable and you have permissions to the file.
Next, try exporting the content type as
X509ContentType.Pkcs12instead ofX509ContentType.PfxFinally, if it is possible, why don't you try importing it to the certstore. I believe that's more secure. The steps are in the link above.
看看这个问题。看起来很相似。
Have a look at this question. It looks very similar.
在 docs 中,它说
.export()< /code> 不支持Pfx类型,仅支持Cert、SerializedCert和Pkcs12。In the docs, it says that
.export()doesn't support thePfxtype, onlyCert,SerializedCert, andPkcs12.这是为了使用 Android 完成的 - 因此下面的 R.raw.key 是我在 Android Raw 文件夹中的文件。
我打开 key.p12 作为输入流。然后,我使用示例中所示的库将其转换为私钥。
http://www.flexiprovider.de/examples/ExampleSMIMEsign.html
我的代码看起来像这
This was done for using Android - so the R.raw.key below was my file in the Android Raw folder.
I opened key.p12 as as input stream. Which I then converted to the private key using the libraries as seen in the example.
http://www.flexiprovider.de/examples/ExampleSMIMEsign.html
My code looks like this