Get Private Key from BouncyCastle X509 Certificate? C#

c# x509certificate bouncycastle private-key
41,173

Solution 1

Don't know BouncyCastle that much but it seems to me that the simple thing to do is to recreate the key based on the key parameters.

public static AsymmetricKeyParameter TransformRSAPrivateKey(
    AsymmetricAlgorithm privateKey)
{
    RSACryptoServiceProvider prov = privateKey as RSACryptoServiceProvider;
    RSAParameters parameters = prov.ExportParameters(true);
    
    return new RsaPrivateCrtKeyParameters(
        new BigInteger(1,parameters.Modulus),
        new BigInteger(1,parameters.Exponent),
        new BigInteger(1,parameters.D),
        new BigInteger(1,parameters.P),
        new BigInteger(1,parameters.Q),
        new BigInteger(1,parameters.DP),
        new BigInteger(1,parameters.DQ),
        new BigInteger(1,parameters.InverseQ));
}

You can call the code by using

AsymmetricKeyParameter bouncyCastlePrivateKey = 
    TransformRSAPrivateKey(mycert.PrivateKey);

Obviously this assumes that the certificate includes a RSA Key but the same result can be achieved for DSA with DSACryptoServiceProvider and DSAParameters.

Solution 2

Akp = Org.BouncyCastle.Security.DotNetUtilities.GetKeyPair(this.Certificate.PrivateKey).Private;

Solution 3

Find .NET X509Certificate2:

X509Certificate2 cert = this.FindCertificate(certificateFriendlyName);

Parse it to BouncyCastle certificate and use X509Certificate2Signature to get signature:

var parser = new X509CertificateParser();
var bouncyCertificate = parser.ReadCertificate(cert.RawData);
var algorithm = DigestAlgorithms.GetDigest(bouncyCertificate.SigAlgOid);
var signature = new X509Certificate2Signature(cert, algorithm);
Share:
41,173
Petey B
Author by

Petey B

I do security shenanigans at GNB. SOreadytohelp

Updated on June 02, 2021

Comments

  • Petey B
    Petey B almost 3 years

    Normally when I grab an X509Certificate2 out of my keystore I can call .PrivateKey to retrieve the cert's private key as an AsymmetricAlgorithm. However I have decided to use Bouncy Castle and its instance of X509Certificate only has a getPublicKey(); I cannot see a way to get the private key out of the cert. Any ideas?

    I get the an X509Certificate2 from my Windows-MY keystore then use:

    //mycert is an X509Certificate2 retrieved from Windows-MY Keystore
X509CertificateParser certParser = new X509CertificateParser();
X509Certificate privateCertBouncy = certParser.ReadCertificate(mycert.GetRawCertData());
AsymmetricKeyParameter pubKey = privateCertBouncy.GetPublicKey();
//how do i now get the private key to make a keypair?

    Is there anyway to convert a AsymmetricAlgorithm(C# private key) to a AsymmetricKeyParameter(bouncycastle private key)?

  • Sushant
    Sushant over 9 years
    this should be the answer?
  • Freeedy
    Freeedy almost 4 years
    This is not working for EC Elliptic Curve private key
  • gakera
    gakera over 2 years
    Doing this I just get Internal.Cryptography.CryptoThrowHelper.WindowsCryptographic‌​Exception: 'The requested operation is not supported.'

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Encrypting a BouncyCastle RSA Key Pair and storing in a SQL2008 database
How to get the base 64 encoded value of a certificate with private key?
Inserting Certificate (with privatekey) in Root, LocalMachine certificate store fails in .NET 4
Is it possible to programmatically generate an X509 certificate using only C#?
Generate a self-signed certificate on the fly
X509Certificate2 p12 is store required?
The revocation function was unable to check revocation for the certificate
How do I get an ECDSA public key from just a Bitcoin signature? ... SEC1 4.1.6 key recovery for curves over (mod p)-fields
How to sign and verify an ECDSA with SHA256 signature in C#
X509 Cannot find requested object