C# 如何从X509Certificate2构建Pkcs12Store
我有一个System.Security.Cryptography.X509Certificates.X509Certificate2的对象。 我想使用此对象构造Pkcs12Store(Org.BouncyCastle.Pkcs)的实例 我试过:C# 如何从X509Certificate2构建Pkcs12Store,c#,cryptography,certificate,bouncycastle,x509,C#,Cryptography,Certificate,Bouncycastle,X509,我有一个System.Security.Cryptography.X509Certificates.X509Certificate2的对象。 我想使用此对象构造Pkcs12Store(Org.BouncyCastle.Pkcs)的实例 我试过: public static Pkcs12Store GetPkcs12Store(X509Certificate2 cert, string password) { Org.BouncyCastle
public static Pkcs12Store GetPkcs12Store(X509Certificate2 cert, string password)
{
Org.BouncyCastle.X509.X509Certificate bcCert;
bcCert = DotNetUtilities.FromX509Certificate(cert);
pk12 = new Pkcs12StoreBuilder().Build();
X509CertificateEntry certEntry = new X509CertificateEntry(bcCert);
pk12.SetCertificateEntry(bcCert.SubjectDN.ToString(), certEntry);
AsymmetricKeyEntry keyEntry = new AsymmetricKeyEntry(bcCert.GetPublicKey());
return pk12;
}
方法1:
public Pkcs12Store GetPkcs12Store(X509Certificate2 cert, string password)
{
byte[] rawdata = cert.RawData;
MemoryStream memStream = new MemoryStream(rawdata);
Pkcs12Store pk12;
pk12 = new Pkcs12Store(memStream, password.ToCharArray());
return pk12;
}
public static Pkcs12Store GetPkcs12Store(X509Certificate2 cert, string password)
{
Pkcs12Store pk12;
byte[] rawdata;
Org.BouncyCastle.X509.X509Certificate bcCert;
rawdata = cert.Export(X509ContentType.Pfx, password);
MemoryStream memStream = new MemoryStream(rawdata);
pk12 = new Pkcs12Store(memStream, password.ToCharArray());
return pk12;
}
在这种方法中,我得到了一个例外:
Unable to cast object of type 'Org.BouncyCastle.Asn1.DerSequence' to type 'Org.BouncyCastle.Asn1.DerInteger'.
方法2:
public Pkcs12Store GetPkcs12Store(X509Certificate2 cert, string password)
{
byte[] rawdata = cert.RawData;
MemoryStream memStream = new MemoryStream(rawdata);
Pkcs12Store pk12;
pk12 = new Pkcs12Store(memStream, password.ToCharArray());
return pk12;
}
public static Pkcs12Store GetPkcs12Store(X509Certificate2 cert, string password)
{
Pkcs12Store pk12;
byte[] rawdata;
Org.BouncyCastle.X509.X509Certificate bcCert;
rawdata = cert.Export(X509ContentType.Pfx, password);
MemoryStream memStream = new MemoryStream(rawdata);
pk12 = new Pkcs12Store(memStream, password.ToCharArray());
return pk12;
}
我试过:
public static Pkcs12Store GetPkcs12Store(X509Certificate2 cert, string password)
{
Org.BouncyCastle.X509.X509Certificate bcCert;
bcCert = DotNetUtilities.FromX509Certificate(cert);
pk12 = new Pkcs12StoreBuilder().Build();
X509CertificateEntry certEntry = new X509CertificateEntry(bcCert);
pk12.SetCertificateEntry(bcCert.SubjectDN.ToString(), certEntry);
AsymmetricKeyEntry keyEntry = new AsymmetricKeyEntry(bcCert.GetPublicKey());
return pk12;
}
在这种方法中,我没有得到前面得到的异常,但是Pkcs12Store为IsKeyEntry返回false
string alias = null;
foreach (object a in pk12.Aliases)
{
alias = ((string)a);
if (pk12.IsKeyEntry(alias))
{
break;
}
}
ICipherParameters pk = pk12.GetKey(alias).Key;
因此代码在ICipherParameters pk=pk12.GetKey(别名).Key行失败代码>
方法3:
public Pkcs12Store GetPkcs12Store(X509Certificate2 cert, string password)
{
byte[] rawdata = cert.RawData;
MemoryStream memStream = new MemoryStream(rawdata);
Pkcs12Store pk12;
pk12 = new Pkcs12Store(memStream, password.ToCharArray());
return pk12;
}
public static Pkcs12Store GetPkcs12Store(X509Certificate2 cert, string password)
{
Pkcs12Store pk12;
byte[] rawdata;
Org.BouncyCastle.X509.X509Certificate bcCert;
rawdata = cert.Export(X509ContentType.Pfx, password);
MemoryStream memStream = new MemoryStream(rawdata);
pk12 = new Pkcs12Store(memStream, password.ToCharArray());
return pk12;
}
在这种方法中,我得到一个错误:
密钥在指定状态下无效。
在语句cert.Export…
检查。我检查了文章。但是,如果我按照本文中的描述构造Pkcs12Store,那么Pkcs12Store对象将无法找到任何KeyEntry。IsKeyEntry方法为该文章引用的所有别名返回false,因为它描述了如何向存储添加证书。您正在尝试通过输入证书原始字节来创建存储。我将证书原始字节转换为Org.bounchycastle.X509.X509Certificate,然后构建了Pkcs12Store。但是它的构造不正确,因为store方法IsKeyEntry对所有别名都返回false这是因为X509Certificate2.RawData
不包括私钥。您必须使用X509Certificate2.Export
将其导出到包含加密密钥材料的PFX字节数组。