当前位置: 文江博客 话题详情

C#(NET6) - 从PFX创建Keypair(公共证书/私钥)

发布于 2025-01-31 15:39:46 字数 6604 浏览 4 评论 0 原文

我想导出PFX(公共 +私有部分)以分开文件( *.cer, *.key)。 PFX可能(或可能不)受密码保护。

我试图实现自己的目标,这在证书(公共)方面很好,但是使用私钥会引起问题。

我的bootastrap类如下:

public class CertBootstrap
    {
        private readonly FileInfo CertificateFile;
        private readonly SecureString CertificatePassword;
        public bool HasPasswordBeenSet { get; private set; } = false;
        public X509Certificate2 Certificate { get; private set; }

        public CertBootstrap(FileInfo certificationFile, string password)
        {
            if(!certificationFile.Exists)
            {
                throw new FileNotFoundException(certificationFile.FullName);
            }

            CertificateFile = certificationFile;
            HasPasswordBeenSet = true;
            CertificatePassword = ConvertPassword(password);
        }

        public CertBootstrap(FileInfo certificationFile)
        {
            if(!certificationFile.Exists)
            {
                throw new FileNotFoundException(certificationFile.FullName);
            }

            CertificateFile = certificationFile;
            HasPasswordBeenSet = false;
        }

        public CertBootstrap(string certificationFullFileName, string password)
        {
            var certificateFile = new FileInfo(certificationFullFileName);
            if(certificateFile == null || !certificateFile.Exists)
            {
                throw new FileNotFoundException(certificationFullFileName);
            }

            CertificateFile = certificateFile;
            HasPasswordBeenSet = true;
            CertificatePassword = ConvertPassword(password);
        }

        public CertBootstrap(string certificationFullFileName)
        {
            var certificateFile = new FileInfo(certificationFullFileName);
            if(certificateFile == null || !certificateFile.Exists)
            {
                throw new FileNotFoundException(certificationFullFileName);
            }

            CertificateFile = certificateFile;
            HasPasswordBeenSet = false;
        }

        public bool VerifyPassword(string password)
        {
            try
            {
                byte[] fileContent = File.ReadAllBytes(CertificateFile.FullName);

                var certificate = new X509Certificate2(fileContent, password);
            }
            catch(CryptographicException ex)
            {
                if((ex.HResult & 0xFFFF) == 0x56)
                {
                    return false;
                }

                ;

                throw;
            }

            return true;
        }

        private static SecureString ConvertPassword(string password)
        {
            var secure = new SecureString();
            foreach(char c in password)
            {
                secure.AppendChar(c);
            }

            return secure;
        }

        public void LoadBootstrap()
        {
            LoadBootstrap(X509KeyStorageFlags.Exportable | X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet);
        }

        public void LoadBootstrap(X509KeyStorageFlags keyStorageFlags)
        {
            this.Certificate = this.HasPasswordBeenSet ? new X509Certificate2(this.CertificateFile.FullName, this.CertificatePassword, keyStorageFlags) : new X509Certificate2(this.CertificateFile.FullName);
        }

        private static RSA ExportPrivateKeyCoreNet5Net6(RSA privateKey)
        {
            var password = Encoding.UTF8.GetBytes(Guid.NewGuid().ToString());

            PbeParameters pPar = new PbeParameters(PbeEncryptionAlgorithm.Aes256Cbc, HashAlgorithmName.SHA256, 100_000);

            try
            {
                byte[] tempG = privateKey.ExportEncryptedPkcs8PrivateKey(password, pPar);

                using(RSA exportRewriter = RSA.Create())
                {
                    exportRewriter.ExportParameters(true);
                    exportRewriter.ImportEncryptedPkcs8PrivateKey(password, tempG, out _);

                    return exportRewriter;
                }
            }
            catch(Exception e)
            {
                //catch this error
                string em = e.Message;

                throw;
            }
        }

        private static byte[] ExportPrivateKey(RSA privateKey)
        {
            try
            {
                return privateKey.ExportPkcs8PrivateKey();
            }
            catch(CryptographicException)
            {
            }

            return ExportPrivateKeyCoreNet5Net6(privateKey).ExportRSAPublicKey();
        }

        public byte[] GeneratePrivateKeyPem()
        {
            byte[] privateCertKeyBytes = ExportPrivateKey(this.Certificate.GetRSAPrivateKey());

            char[] newPemData = PemEncoding.Write("PRIVATE KEY", privateCertKeyBytes);

            return newPemData.Select(c => (byte)c).ToArray();
        }

        public byte[] GenerateCertificatePem()
        {
            var certData = Certificate.RawData;
            var newPemData = PemEncoding.Write("CERTIFICATE", certData);

            return newPemData.Select(c => (byte)c).ToArray();
        }

        public FileInfo SaveCertificate()
        {
            var newData = GenerateCertificatePem();

            var oldFile = Path.GetFileNameWithoutExtension(CertificateFile.FullName);
            var newCertPemFile = new FileInfo($@"{CertificateFile.DirectoryName}\{oldFile}.cer");

            return SaveNewCertFile(newCertPemFile, newData);
        }

        public FileInfo SavePrivateKey()
        {
            var newData = GeneratePrivateKeyPem();

            var oldFile = Path.GetFileNameWithoutExtension(CertificateFile.FullName);
            var newPrivateKeyPemFile = new FileInfo($@"{CertificateFile.DirectoryName}\{oldFile}.key");

            return SaveNewCertFile(newPrivateKeyPemFile, newData);
        }

        public FileInfo SaveNewCertFile(FileInfo newFile, byte[] data)
        {
            File.WriteAllBytes(newFile.FullName, data);

            return newFile;
        }
    }

有了它,我试图保存私有部分:

// (...)
CertBootstrap certBootstrap = new CertBootstrap("simple.pfx");
certBootstrap.LoadBootstrap();

// (...)
certBootstrap.SavePrivateKey();

所有这些最终都以:“不支持的请求的操作”。

我发现类似的线程:,试图执行相同的操作(导出 - >用密码导入)。但没有帮助。

你能指出我的propper方向吗?我很可能缺少一些东西,但是现在没有想法。

先感谢您。

原文

I'd like to export PFX (public + private part) to separate files (*.cer, *.key). PFX may (or may not) be password protected.

I've tried to achieve my goal, which is fine with certificate (public), but causes a problem with private key.

My bootastrap class is as below:

public class CertBootstrap
    {
        private readonly FileInfo CertificateFile;
        private readonly SecureString CertificatePassword;
        public bool HasPasswordBeenSet { get; private set; } = false;
        public X509Certificate2 Certificate { get; private set; }

        public CertBootstrap(FileInfo certificationFile, string password)
        {
            if(!certificationFile.Exists)
            {
                throw new FileNotFoundException(certificationFile.FullName);
            }

            CertificateFile = certificationFile;
            HasPasswordBeenSet = true;
            CertificatePassword = ConvertPassword(password);
        }

        public CertBootstrap(FileInfo certificationFile)
        {
            if(!certificationFile.Exists)
            {
                throw new FileNotFoundException(certificationFile.FullName);
            }

            CertificateFile = certificationFile;
            HasPasswordBeenSet = false;
        }

        public CertBootstrap(string certificationFullFileName, string password)
        {
            var certificateFile = new FileInfo(certificationFullFileName);
            if(certificateFile == null || !certificateFile.Exists)
            {
                throw new FileNotFoundException(certificationFullFileName);
            }

            CertificateFile = certificateFile;
            HasPasswordBeenSet = true;
            CertificatePassword = ConvertPassword(password);
        }

        public CertBootstrap(string certificationFullFileName)
        {
            var certificateFile = new FileInfo(certificationFullFileName);
            if(certificateFile == null || !certificateFile.Exists)
            {
                throw new FileNotFoundException(certificationFullFileName);
            }

            CertificateFile = certificateFile;
            HasPasswordBeenSet = false;
        }

        public bool VerifyPassword(string password)
        {
            try
            {
                byte[] fileContent = File.ReadAllBytes(CertificateFile.FullName);

                var certificate = new X509Certificate2(fileContent, password);
            }
            catch(CryptographicException ex)
            {
                if((ex.HResult & 0xFFFF) == 0x56)
                {
                    return false;
                }

                ;

                throw;
            }

            return true;
        }

        private static SecureString ConvertPassword(string password)
        {
            var secure = new SecureString();
            foreach(char c in password)
            {
                secure.AppendChar(c);
            }

            return secure;
        }

        public void LoadBootstrap()
        {
            LoadBootstrap(X509KeyStorageFlags.Exportable | X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet);
        }

        public void LoadBootstrap(X509KeyStorageFlags keyStorageFlags)
        {
            this.Certificate = this.HasPasswordBeenSet ? new X509Certificate2(this.CertificateFile.FullName, this.CertificatePassword, keyStorageFlags) : new X509Certificate2(this.CertificateFile.FullName);
        }

        private static RSA ExportPrivateKeyCoreNet5Net6(RSA privateKey)
        {
            var password = Encoding.UTF8.GetBytes(Guid.NewGuid().ToString());

            PbeParameters pPar = new PbeParameters(PbeEncryptionAlgorithm.Aes256Cbc, HashAlgorithmName.SHA256, 100_000);

            try
            {
                byte[] tempG = privateKey.ExportEncryptedPkcs8PrivateKey(password, pPar);

                using(RSA exportRewriter = RSA.Create())
                {
                    exportRewriter.ExportParameters(true);
                    exportRewriter.ImportEncryptedPkcs8PrivateKey(password, tempG, out _);

                    return exportRewriter;
                }
            }
            catch(Exception e)
            {
                //catch this error
                string em = e.Message;

                throw;
            }
        }

        private static byte[] ExportPrivateKey(RSA privateKey)
        {
            try
            {
                return privateKey.ExportPkcs8PrivateKey();
            }
            catch(CryptographicException)
            {
            }

            return ExportPrivateKeyCoreNet5Net6(privateKey).ExportRSAPublicKey();
        }

        public byte[] GeneratePrivateKeyPem()
        {
            byte[] privateCertKeyBytes = ExportPrivateKey(this.Certificate.GetRSAPrivateKey());

            char[] newPemData = PemEncoding.Write("PRIVATE KEY", privateCertKeyBytes);

            return newPemData.Select(c => (byte)c).ToArray();
        }

        public byte[] GenerateCertificatePem()
        {
            var certData = Certificate.RawData;
            var newPemData = PemEncoding.Write("CERTIFICATE", certData);

            return newPemData.Select(c => (byte)c).ToArray();
        }

        public FileInfo SaveCertificate()
        {
            var newData = GenerateCertificatePem();

            var oldFile = Path.GetFileNameWithoutExtension(CertificateFile.FullName);
            var newCertPemFile = new FileInfo($@"{CertificateFile.DirectoryName}\{oldFile}.cer");

            return SaveNewCertFile(newCertPemFile, newData);
        }

        public FileInfo SavePrivateKey()
        {
            var newData = GeneratePrivateKeyPem();

            var oldFile = Path.GetFileNameWithoutExtension(CertificateFile.FullName);
            var newPrivateKeyPemFile = new FileInfo($@"{CertificateFile.DirectoryName}\{oldFile}.key");

            return SaveNewCertFile(newPrivateKeyPemFile, newData);
        }

        public FileInfo SaveNewCertFile(FileInfo newFile, byte[] data)
        {
            File.WriteAllBytes(newFile.FullName, data);

            return newFile;
        }
    }

With it, I'm trying to save private part:

// (...)
CertBootstrap certBootstrap = new CertBootstrap("simple.pfx");
certBootstrap.LoadBootstrap();

// (...)
certBootstrap.SavePrivateKey();

and it all ends up with exception: "The requested operation it not supported".

I found similar thread: Cannot export RSA private key parameters, the requested operation is not supported and tried to do the same (Export -> Import with password). But did not help.

Can You point me propper direction? Most probably I'm missing something, but am out of ideas for now.

Thank You in advance.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。
列表为空,暂无数据

关于作者

看透却不说透

暂无简介

文章
评论
861 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

眼泪淡了忧伤

文章 0 评论 0

corot39

文章 0 评论 0

守护在此方

文章 0 评论 0

github_3h15MP3i7

文章 0 评论 0

相思故

文章 0 评论 0

滥情空心

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文