Menu
I am migrating a .NetFramework 4.6.1 library to a .NetCore 2.2. But i am unable to set x509certificate.PrivateKey as shown below.
I have read that may be due to the RSAServiceProvider but i am unaware how to set this property. Even instantiating:
x509certificate.PrivateKey = new RSACryptoServiceProvider();
throws the PlatformNotSupportedException.
// selfsign certificate
Org.BouncyCastle.X509.X509Certificate certificate =
certificateGenerator.Generate(signatureFactory);
// correponding private key
PrivateKeyInfo info =
PrivateKeyInfoFactory.CreatePrivateKeyInfo(subjectKeyPair.Private);
// merge into X509Certificate2
var x509certificate = new X509Certificate2(certificate.GetEncoded());
Asn1Sequence seq = (Asn1Sequence)
Asn1Object.FromByteArray(info.ParsePrivateKey().GetDerEncoded()
);
RsaPrivateKeyStructure rsa = RsaPrivateKeyStructure.GetInstance(seq);
RsaPrivateCrtKeyParameters rsaParams = new
RsaPrivateCrtKeyParameters(
rsa.Modulus,
rsa.PublicExponent,
rsa.PrivateExponent,
rsa.Prime1,
rsa.Prime2,
rsa.Exponent1,
rsa.Exponent2,
rsa.Coefficient);
x509certificate.PrivateKey = DotNetUtilities.ToRSA(rsaParams);
In the .NetCore library setting x509certificate.PrivateKey with the RSA from DotNetUtilities.ToRSA(rsaParams) throws an PlatformNotSupportedException.
System.PlatformNotSupportedException
HResult=0x80131539
Message=Operation is not supported on this platform.
Source=System.Security.Cryptography.X509Certificates
StackTrace:
at System.Security.Cryptography.X509Certificates.X509Certificate2.set_PrivateKey(AsymmetricAlgorithm value)
465
How can I create an X509Certificate2 with a private key in .NET Standard 2.0 in a way that's compatible with .NET Core? After much digging, the only solution I found was to convert the certificate to a PKCS12-formatted byte array, append the private key, and then read it back into an X509Certificate2 object.
As LexLi said, setting the private key on an existing certificate is not possible by design in .net core. Following what is described here, what you can do is use the method RSACertificateExtensions.CopyWithPrivateKey.
Following what is described here, what you can do is use the method RSACertificateExtensions.CopyWithPrivateKey. To get access to the "CopyWithPrivateKey" extension method, add this using : " (CopyWithPrivateKey) Combines a private key with the public key of an RSA certificate to generate a new RSA certificate."
X509Certificates Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
As LexLi said, setting the private key on an existing certificate is not possible by design in .net core.
Following what is described here, what you can do is use the method RSACertificateExtensions.CopyWithPrivateKey.
Instead of
x509certificate.PrivateKey = DotNetUtilities.ToRSA(rsaParams);
you could have
var rsa = DotNetUtilities.ToRSA(rsaParams);
var cert = x509certificate.CopyWithPrivateKey(rsa);
return cert;
To get access to the "CopyWithPrivateKey" extension method, add this using :
using System.Security.Cryptography.X509Certificates; /* for getting access to extension methods in RSACertificateExtensions */
"(CopyWithPrivateKey) Combines a private key with the public key of an RSA certificate to generate a new RSA certificate."
https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography.x509certificates.rsacertificateextensions.copywithprivatekey?view=netcore-3.0
69
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
