public X509Certificate2 CreateCertificateWithPrivateKey(
X509Certificate2 certificate,
AsymmetricAlgorithm privateKey,
string password = null)
{
return(PemDecoder.CreateCertificateWithPrivateKey(certificate, privateKey, password));
}
public static AsymmetricAlgorithm LoadPrivateKey(string privateKeyPem)
{
var keyType = DetectKeyType(privateKeyPem);
var privateKeyBytes = PemDecoder.DecodeSection(privateKeyPem, keyType);
var privateKey = GetPrivateKey(keyType, new ReadOnlyMemory <byte>(privateKeyBytes));
return(privateKey);
}
/// <summary>
/// Export a RSA private key as a pem
/// PKCS#1
/// </summary>
/// <param name="rsaCertificate">certificate which contains the private key</param>
/// <returns>a pem rsa private key export</returns>
public string PemExportRsaPrivateKey(X509Certificate2 rsaCertificate)
{
var rsa = rsaCertificate.GetRSAPrivateKey();
StringBuilder builder = new StringBuilder();
builder.AppendLine(PemDecoder.GetBegin(PemTypes.RSA_PRIVATE_KEY));
builder.AppendLine(Convert.ToBase64String(rsa.ExportRSAPrivateKey(),
Base64FormattingOptions.InsertLineBreaks));
builder.AppendLine(PemDecoder.GetEnd(PemTypes.RSA_PRIVATE_KEY));
return(builder.ToString());
}
/// <summary>
/// You must use a RSA based certificate for this export to work
/// PKCS#1
/// </summary>
/// <param name="cert"></param>
/// <returns></returns>
//public string PemExportRsaPublicKey(X509Certificate2 cert)
//{
// var rsa = cert.GetRSAPublicKey();
// StringBuilder builder = new StringBuilder();
// builder.AppendLine(PemDecoder.GetBegin(PemTypes.RSA_PUBLIC_KEY));
// builder.AppendLine(Convert.ToBase64String(rsa.ExportRSAPublicKey(),
// Base64FormattingOptions.InsertLineBreaks));
// builder.AppendLine(PemDecoder.GetEnd(PemTypes.RSA_PUBLIC_KEY));
// return builder.ToString();
//}
/// <summary>
/// public key certificate export in pem format
/// </summary>
/// <param name="certificate"></param>
/// <returns>CERTIFICATE pem export</returns>
public string PemExportPublicKeyCertificate(X509Certificate2 certificate)
{
var publicKeyCrt = ExportCertificatePublicKey(certificate);
var deviceVerifyPublicKeyBytes = publicKeyCrt.Export(X509ContentType.Cert);
StringBuilder builder = new StringBuilder();
builder.AppendLine(PemDecoder.GetBegin(PemTypes.CERTIFICATE));
builder.AppendLine(Convert.ToBase64String(deviceVerifyPublicKeyBytes,
Base64FormattingOptions.InsertLineBreaks));
builder.AppendLine(PemDecoder.GetEnd(PemTypes.CERTIFICATE));
return(builder.ToString());
}
/// <summary>
/// https://8gwifi.org/PemParserFunctions.jsp
/// </summary>
/// <param name="pemCertificate">A pem string type CERTIFICATE with, without private key</param>
/// <param name="password"></param>
/// <returns></returns>
public X509Certificate2 PemImportCertificate(string pemCertificate, string password = null)
{
var certBytes = PemDecoder.DecodeSection(pemCertificate, PemTypes.CERTIFICATE);
if (string.IsNullOrEmpty(password))
{
var certificate = new X509Certificate2(certBytes);
return(certificate);
}
else
{
var certificate = new X509Certificate2(certBytes, password);
return(certificate);
}
}
/// <summary>
/// Exports a certificate as a base64 string in the pem format string
/// </summary>
/// <param name="cert">certificate to export</param>
/// <returns>A pem certificate as a string</returns>
public string PemExportPfxFullCertificate(X509Certificate2 cert, string password = null)
{
StringBuilder builder = new StringBuilder();
builder.AppendLine(PemDecoder.GetBegin(PemTypes.CERTIFICATE));
if (string.IsNullOrEmpty(password))
{
builder.AppendLine(Convert.ToBase64String(cert.Export(X509ContentType.Pfx),
Base64FormattingOptions.InsertLineBreaks));
}
else
{
builder.AppendLine(Convert.ToBase64String(cert.Export(X509ContentType.Pfx, password),
Base64FormattingOptions.InsertLineBreaks));
}
builder.AppendLine(PemDecoder.GetEnd(PemTypes.CERTIFICATE));
return(builder.ToString());
}
/// <summary>
/// Supported EC, RSA
/// </summary>
/// <param name="pemCertificate"></param>
/// <returns></returns>
public AsymmetricAlgorithm PemImportPrivateKey(string pemCertificate)
{
return(PemDecoder.LoadPrivateKey(pemCertificate));
}