14

通常,当我从密钥库中X509Certificate2取出一个密钥时,我可以调用.PrivateKey以将证书的私钥检索为AsymmetricAlgorithm. 但是我决定使用 Bouncy Castle,它的实例X509Certificate只有一个getPublicKey();我看不到从证书中获取私钥的方法。有任何想法吗?

我从我的 Windows-MY 密钥库中获得了 X509Certificate2,然后使用:

//mycert is an X509Certificate2 retrieved from Windows-MY Keystore
X509CertificateParser certParser = new X509CertificateParser();
X509Certificate privateCertBouncy = certParser.ReadCertificate(mycert.GetRawCertData());
AsymmetricKeyParameter pubKey = privateCertBouncy.GetPublicKey();
//how do i now get the private key to make a keypair?

无论如何将AsymmetricAlgorithm(C#私钥)转换为AsymmetricKeyParameter(bouncycastle私钥)?

4

3 回答 3

33 
Akp = Org.BouncyCastle.Security.DotNetUtilities.GetKeyPair(this.Certificate.PrivateKey).Private;
于 2011-09-16T11:10:03.123 回答
22

不太了解BouncyCastle,但在我看来,简单的事情就是根据密钥参数重新创建密钥。

public static AsymmetricKeyParameter TransformRSAPrivateKey(
    AsymmetricAlgorithm privateKey)
{
    RSACryptoServiceProvider prov = privateKey as RSACryptoServiceProvider;
    RSAParameters parameters = prov.ExportParameters(true);
    
    return new RsaPrivateCrtKeyParameters(
        new BigInteger(1,parameters.Modulus),
        new BigInteger(1,parameters.Exponent),
        new BigInteger(1,parameters.D),
        new BigInteger(1,parameters.P),
        new BigInteger(1,parameters.Q),
        new BigInteger(1,parameters.DP),
        new BigInteger(1,parameters.DQ),
        new BigInteger(1,parameters.InverseQ));
}

您可以通过使用调用代码

AsymmetricKeyParameter bouncyCastlePrivateKey = 
    TransformRSAPrivateKey(mycert.PrivateKey);

DSACryptoServiceProvider显然,这假设证书包含一个 RSA 密钥,但使用和的 DSA 可以获得相同的结果DSAParameters

于 2010-07-13T22:47:41.390 回答
3

查找 .NET X509Certificate2:

X509Certificate2 cert = this.FindCertificate(certificateFriendlyName);

将其解析为 BouncyCastle 证书并使用 X509Certificate2Signature 获取签名:

var parser = new X509CertificateParser();
var bouncyCertificate = parser.ReadCertificate(cert.RawData);
var algorithm = DigestAlgorithms.GetDigest(bouncyCertificate.SigAlgOid);
var signature = new X509Certificate2Signature(cert, algorithm);
于 2015-05-20T11:08:28.017 回答