public static RSAParameters GetPrivateParameters(string privateKey)
{
var key = RsaPrivateKeyStructure.GetInstance(Convert.FromBase64String(privateKey));
return(new RSAParameters
{
Modulus = key.Modulus.ToByteArrayUnsigned(),
Exponent = key.PublicExponent.ToByteArrayUnsigned(),
D = key.PrivateExponent.ToByteArrayUnsigned(),
P = key.Prime1.ToByteArrayUnsigned(),
Q = key.Prime2.ToByteArrayUnsigned(),
DP = key.Exponent1.ToByteArrayUnsigned(),
DQ = key.Exponent2.ToByteArrayUnsigned(),
InverseQ = key.Coefficient.ToByteArrayUnsigned(),
});
}
public static void ExportPrivateKey(AsymmetricKeyParameter privKey, TextWriter outputStream)
{
PrivateKeyInfo info = PrivateKeyInfoFactory.CreatePrivateKeyInfo(privKey);
var seq = (Asn1Sequence)Asn1Object.FromByteArray(info.ParsePrivateKey().GetDerEncoded());
if (seq.Count != 9)
{
throw new PemException("Malformed sequence in RSA private key");
}
var rsa = RsaPrivateKeyStructure.GetInstance(seq);
var parameters = new RsaPrivateCrtKeyParameters(rsa.Modulus, rsa.PublicExponent, rsa.PrivateExponent,
rsa.Prime1, rsa.Prime2, rsa.Exponent1,
rsa.Exponent2, rsa.Coefficient);
using (var stream = new MemoryStream())
{
var writer = new BinaryWriter(stream);
writer.Write((byte)0x30); // SEQUENCE
using (var innerStream = new MemoryStream())
{
var innerWriter = new BinaryWriter(innerStream);
EncodeIntegerBigEndian(innerWriter, new byte[] { 0x00 }); // Version
EncodeIntegerBigEndian(innerWriter, parameters.Modulus.ToByteArray());
EncodeIntegerBigEndian(innerWriter, parameters.PublicExponent.ToByteArray());
EncodeIntegerBigEndian(innerWriter, parameters.Exponent.ToByteArray());
EncodeIntegerBigEndian(innerWriter, parameters.P.ToByteArray());
EncodeIntegerBigEndian(innerWriter, parameters.Q.ToByteArray());
EncodeIntegerBigEndian(innerWriter, parameters.DP.ToByteArray());
EncodeIntegerBigEndian(innerWriter, parameters.DQ.ToByteArray());
EncodeIntegerBigEndian(innerWriter, parameters.QInv.ToByteArray());
var length = (int)innerStream.Length;
EncodeLength(writer, length);
writer.Write(innerStream.GetBuffer(), 0, length);
}
var base64 = Convert.ToBase64String(stream.GetBuffer(), 0, (int)stream.Length).ToCharArray();
outputStream.WriteLine("-----BEGIN RSA PRIVATE KEY-----");
// Output as Base64 with lines chopped at 64 characters
for (var i = 0; i < base64.Length; i += 64)
{
outputStream.WriteLine(base64, i, Math.Min(64, base64.Length - i));
}
outputStream.WriteLine("-----END RSA PRIVATE KEY-----");
}
}
private static AsymmetricAlgorithm ConvertToRsaPrivateKey(AsymmetricCipherKeyPair keyPair)
{
var keyInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(keyPair.Private);
var seq = (Asn1Sequence)Asn1Object.FromByteArray(keyInfo.PrivateKeyAlgorithm.GetDerEncoded());
if (seq.Count != 9)
{
throw new PemException("malformed sequence in RSA private key");
}
var rsa = new RsaPrivateKeyStructure(seq);
var rsaparams = new RsaPrivateCrtKeyParameters(
rsa.Modulus, rsa.PublicExponent, rsa.PrivateExponent, rsa.Prime1, rsa.Prime2, rsa.Exponent1,
rsa.Exponent2, rsa.Coefficient);
return(DotNetUtilities.ToRSA(rsaparams));
}
/// <summary>
/// 从Pkcs8私钥中提取公钥
/// </summary>
/// <param name="privateKey">Pkcs8私钥</param>
/// <returns></returns>
public static string GetPublicKeyFromPrivateKeyPkcs8(string privateKey)
{
var privateKeyInfo = PrivateKeyInfo.GetInstance(Asn1Object.FromByteArray(Base64.Decode(privateKey)));
privateKey = Base64.ToBase64String(privateKeyInfo.ParsePrivateKey().GetEncoded());
var instance = RsaPrivateKeyStructure.GetInstance(Base64.Decode(privateKey));
var publicParameter = (AsymmetricKeyParameter) new RsaKeyParameters(false, instance.Modulus, instance.PublicExponent);
var privateParameter = (AsymmetricKeyParameter) new RsaPrivateCrtKeyParameters(instance.Modulus, instance.PublicExponent, instance.PrivateExponent, instance.Prime1, instance.Prime2, instance.Exponent1, instance.Exponent2, instance.Coefficient);
var keyPair = new AsymmetricCipherKeyPair(publicParameter, privateParameter);
var subjectPublicKeyInfo = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(keyPair.Public);
return(Base64.ToBase64String(subjectPublicKeyInfo.GetEncoded()));
}
internal static AsymmetricKeyParameter LoadPrivateKeyResource(string resource)
{
PemObject pem = LoadPemResource(resource);
if (pem.Type.EndsWith("RSA PRIVATE KEY"))
{
RsaPrivateKeyStructure rsa = RsaPrivateKeyStructure.GetInstance(pem.Content);
return(new RsaPrivateCrtKeyParameters(rsa.Modulus, rsa.PublicExponent,
rsa.PrivateExponent, rsa.Prime1, rsa.Prime2, rsa.Exponent1,
rsa.Exponent2, rsa.Coefficient));
}
if (pem.Type.EndsWith("PRIVATE KEY"))
{
return(PrivateKeyFactory.CreateKey(pem.Content));
}
throw new ArgumentException("doesn't specify a valid private key", "resource");
}
/// <summary>
/// -----BEGIN PRIVATE KEY-----
/// ...
/// -----END PRIVATE KEY-----
/// </summary>
/// <param name="privateKey">Pkcs8格式私钥</param>
/// <returns></returns>
public static RSAParameters GetRsaParametersFormAsn1PrivateKey(string privateKey)
{
var keyInfo = PrivateKeyInfo.GetInstance(Asn1Object.FromByteArray(Base64.Decode(privateKey)));
var instance = RsaPrivateKeyStructure.GetInstance(keyInfo.ParsePrivateKey());
return(new RSAParameters
{
D = instance.PrivateExponent.ToByteArrayUnsigned(),
DP = instance.Exponent1.ToByteArrayUnsigned(),
DQ = instance.Exponent2.ToByteArrayUnsigned(),
Exponent = instance.PublicExponent.ToByteArrayUnsigned(),
InverseQ = instance.Coefficient.ToByteArrayUnsigned(),
Modulus = instance.Modulus.ToByteArrayUnsigned(),
P = instance.Prime1.ToByteArrayUnsigned(),
Q = instance.Prime2.ToByteArrayUnsigned(),
});
}
public static void MergePrivateKey(X509Certificate2 certificate, AsymmetricKeyParameter keyPrivate)
{
// correcponding private key
var info = PrivateKeyInfoFactory.CreatePrivateKeyInfo(keyPrivate);
var seq = (Asn1Sequence)Asn1Object.FromByteArray(info.ParsePrivateKey().GetDerEncoded());
if (seq.Count != 9)
{
throw new PemException("malformed sequence in RSA private key");
}
var rsa = RsaPrivateKeyStructure.GetInstance(seq);
var rsaparams = new RsaPrivateCrtKeyParameters(
rsa.Modulus, rsa.PublicExponent, rsa.PrivateExponent, rsa.Prime1, rsa.Prime2, rsa.Exponent1, rsa.Exponent2, rsa.Coefficient);
certificate.PrivateKey = ToDotNetKey(rsaparams); //x509.PrivateKey = DotNetUtilities.ToRSA(rsaparams);
}
public RsaKey(byte[] bytes)
{
if (bytes == null)
{
throw new ArgumentNullException(nameof(bytes));
}
try
{
DerSequence seq2 = GetRSASequence(bytes);
var s = new RsaPrivateKeyStructure(seq2);
_Key = new RsaPrivateCrtKeyParameters(s.Modulus, s.PublicExponent, s.PrivateExponent, s.Prime1, s.Prime2, s.Exponent1, s.Exponent2, s.Coefficient);
_PubKey = new RsaPubKey(new RsaKeyParameters(false, s.Modulus, s.PublicExponent));
}
catch (Exception)
{
throw new FormatException("Invalid RSA Key");
}
}
public static AsymmetricCipherKeyPair GetRsaKeyPair(CryptographicKey key)
{
var privateKeyBuffer = key.Export(CryptographicPrivateKeyBlobType.Pkcs1RsaPrivateKey);
byte[] privateKeyBytes;
CryptographicBuffer.CopyToByteArray(privateKeyBuffer, out privateKeyBytes);
var asn1 = (Asn1Sequence)Asn1Object.FromByteArray(privateKeyBytes);
var rsa = new RsaPrivateKeyStructure(asn1);
var pubKey = new RsaKeyParameters(false, rsa.Modulus, rsa.PublicExponent);
var privKey = new RsaPrivateCrtKeyParameters(
rsa.Modulus, rsa.PublicExponent, rsa.PrivateExponent,
rsa.Prime1, rsa.Prime2, rsa.Exponent1, rsa.Exponent2,
rsa.Coefficient);
return(new AsymmetricCipherKeyPair(pubKey, privKey));
}
public static Rsa CreateFromPrivatePEM(string privatePem)
{
using (var privatePemStream = GetMemoryStream(privatePem))
{
using (var streamReaderPriv = new StreamReader(privatePemStream))
{
var pemPrivReader = new PemReader(streamReaderPriv);
var priv = pemPrivReader.ReadPemObject();
var seq = Asn1Sequence.GetInstance(priv.Content);
var rsa = RsaPrivateKeyStructure.GetInstance(seq);
var pubSpec = new RsaKeyParameters(false, rsa.Modulus, rsa.PublicExponent);
var privSpec = new RsaPrivateCrtKeyParameters(
rsa.Modulus, rsa.PublicExponent, rsa.PrivateExponent,
rsa.Prime1, rsa.Prime2, rsa.Exponent1, rsa.Exponent2,
rsa.Coefficient);
return(new Rsa(pubSpec, privSpec));
}
}
}
private void BaseOaepTest(
int id,
byte[] pubKeyEnc,
byte[] privKeyEnc,
byte[] output)
{
//
// extract the public key info.
//
Asn1Object pubKeyObj = Asn1Object.FromByteArray(pubKeyEnc);
RsaPublicKeyStructure pubStruct = RsaPublicKeyStructure.GetInstance(
SubjectPublicKeyInfo.GetInstance(pubKeyObj).GetPublicKey());
//
// extract the private key info.
//
Asn1Object privKeyObj = Asn1Object.FromByteArray(privKeyEnc);
RsaPrivateKeyStructure privStruct = RsaPrivateKeyStructure.GetInstance(
PrivateKeyInfo.GetInstance(privKeyObj).ParsePrivateKey());
RsaKeyParameters pubParameters = new RsaKeyParameters(
false,
pubStruct.Modulus,
pubStruct.PublicExponent);
RsaKeyParameters privParameters = new RsaPrivateCrtKeyParameters(
privStruct.Modulus,
privStruct.PublicExponent,
privStruct.PrivateExponent,
privStruct.Prime1,
privStruct.Prime2,
privStruct.Exponent1,
privStruct.Exponent2,
privStruct.Coefficient);
byte[] input = new byte[] {
(byte)0x54, (byte)0x85, (byte)0x9b, (byte)0x34,
(byte)0x2c, (byte)0x49, (byte)0xea, (byte)0x2a
};
EncDec("id(" + id + ")", pubParameters, privParameters, seed, input, output);
}
/// <summary>
/// Base on certificate and key pairs generate pfx file
/// </summary>
/// <param name="issuerKeyPair"></param>
/// <param name="certificate"></param>
/// <param name="x509"></param>
/// <returns></returns>
private X509Certificate2 SaveToPFX(AsymmetricCipherKeyPair issuerKeyPair, X509Certificate2 x509, string fileName)
{
// add private key to x509
PrivateKeyInfo info = PrivateKeyInfoFactory.CreatePrivateKeyInfo(issuerKeyPair.Private);
var seq = (Asn1Sequence)Asn1Object.FromByteArray(info.PrivateKey.GetDerEncoded());
if (seq.Count != 9)
{
throw new PemException("malformed sequence in RSA private key");
}
var rsa = new RsaPrivateKeyStructure(seq);
RsaPrivateCrtKeyParameters rsaparams = new RsaPrivateCrtKeyParameters(
rsa.Modulus, rsa.PublicExponent, rsa.PrivateExponent, rsa.Prime1, rsa.Prime2, rsa.Exponent1, rsa.Exponent2, rsa.Coefficient);
x509.PrivateKey = DotNetUtilities.ToRSA(rsaparams);
File.WriteAllBytes(PathWithName(fileName + ".pfx"), x509.Export(X509ContentType.Pkcs12, GetCertPassword()));
return(x509);
}
public static string PrintPrivateKey(AsymmetricCipherKeyPair keys)
{
StringBuilder sb = new StringBuilder();
PrivateKeyInfo privateKeyInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(keys.Private);
RsaPrivateKeyStructure rsa = RsaPrivateKeyStructure.GetInstance(privateKeyInfo.ParsePrivateKey());
byte[] serializedBytes = privateKeyInfo.ToAsn1Object().GetDerEncoded();
string serialized = Convert.ToBase64String(serializedBytes);
sb.AppendLine("Key==>" + serialized);
sb.AppendLine("Prime 1 ==>" + rsa.Prime1.ToString());
sb.AppendLine("Prime 2 ==>" + rsa.Prime2.ToString());
sb.AppendLine("Modulus ==>" + rsa.Modulus.ToString());
sb.AppendLine("Coefficient ==>" + rsa.Coefficient.ToString());
sb.AppendLine("Exponent1 ==>" + rsa.Exponent1.ToString());
sb.AppendLine("Exponent2 ==>" + rsa.Exponent2.ToString());
sb.AppendLine("PrivateExponent ==>" + rsa.PrivateExponent.ToString());
sb.AppendLine("PublicExponent ==>" + rsa.PublicExponent.ToString());
return(sb.ToString());
}
private static AsymmetricKeyParameter ExtractPrivateKey(byte[] pemPrivateKey)
{
var pemObject = ReadPem(pemPrivateKey);
if (!pemObject.Type.EndsWith("RSA PRIVATE KEY", StringComparison.CurrentCulture))
{
return(PrivateKeyFactory.CreateKey(pemObject.Content));
}
var rsaPrivateKeyStructure = RsaPrivateKeyStructure.GetInstance(pemObject.Content);
return(new RsaPrivateCrtKeyParameters(
rsaPrivateKeyStructure.Modulus,
rsaPrivateKeyStructure.PublicExponent,
rsaPrivateKeyStructure.PrivateExponent,
rsaPrivateKeyStructure.Prime1,
rsaPrivateKeyStructure.Prime2,
rsaPrivateKeyStructure.Exponent1,
rsaPrivateKeyStructure.Exponent2,
rsaPrivateKeyStructure.Coefficient));
}
/// <summary>
/// -----BEGIN RSA PRIVATE KEY-----
/// ...
/// -----END RSA PRIVATE KEY-----
/// </summary>
/// <param name="privateKey"></param>
/// <returns></returns>
public static RSAParameters GetRSAParametersFormRsaPrivateKey(string privateKey)
{
if (string.IsNullOrEmpty(privateKey))
{
throw new ArgumentNullException(nameof(privateKey));
}
var key = RsaPrivateKeyStructure.GetInstance(Convert.FromBase64String(privateKey));
return(new RSAParameters
{
D = key.PrivateExponent.ToByteArrayUnsigned(),
DP = key.Exponent1.ToByteArrayUnsigned(),
DQ = key.Exponent2.ToByteArrayUnsigned(),
Exponent = key.PublicExponent.ToByteArrayUnsigned(),
InverseQ = key.Coefficient.ToByteArrayUnsigned(),
Modulus = key.Modulus.ToByteArrayUnsigned(),
P = key.Prime1.ToByteArrayUnsigned(),
Q = key.Prime2.ToByteArrayUnsigned(),
});
}
private string GenerateSignature(string privateKeyPem, byte[] data)
{
byte[] keyBytes;
using (var reader = new StringReader(privateKeyPem))
{
var pemReader = new PemReader(reader);
var pemObject = pemReader.ReadPemObject();
keyBytes = pemObject.Content;
}
var seq = (Asn1Sequence)Asn1Object.FromByteArray(keyBytes);
var rsa = RsaPrivateKeyStructure.GetInstance(seq);
var signer = new PssSigner(new RsaEngine(), new Sha256Digest(), 222);
signer.Init(true, new RsaKeyParameters(true, rsa.Modulus, rsa.PrivateExponent));
signer.BlockUpdate(data, 0, data.Length);
var signature = signer.GenerateSignature();
return($"v1:{Convert.ToBase64String(signature)}");
}
/// <summary>
/// -----BEGIN RSA PRIVATE KEY-----
/// ...
/// -----END RSA PRIVATE KEY-----
/// </summary>
/// <param name="privateKey">Pkcs1格式私钥</param>
/// <returns></returns>
public static RSAParameters GetRsaParametersFormPrivateKey(string privateKey)
{
if (string.IsNullOrEmpty(privateKey))
{
throw new ArgumentNullException(nameof(privateKey));
}
var instance = RsaPrivateKeyStructure.GetInstance(Base64.Decode(privateKey));
return(new RSAParameters
{
D = instance.PrivateExponent.ToByteArrayUnsigned(),
DP = instance.Exponent1.ToByteArrayUnsigned(),
DQ = instance.Exponent2.ToByteArrayUnsigned(),
Exponent = instance.PublicExponent.ToByteArrayUnsigned(),
InverseQ = instance.Coefficient.ToByteArrayUnsigned(),
Modulus = instance.Modulus.ToByteArrayUnsigned(),
P = instance.Prime1.ToByteArrayUnsigned(),
Q = instance.Prime2.ToByteArrayUnsigned(),
});
}
public static RSAParameters GetRSAParametersFormPrivateKey(string privateKey)
{
try
{
var keyStructure = RsaPrivateKeyStructure.GetInstance(Convert.FromBase64String(privateKey));
return(new RSAParameters
{
Modulus = keyStructure.Modulus.ToByteArrayUnsigned(),
Exponent = keyStructure.PublicExponent.ToByteArrayUnsigned(),
D = keyStructure.PrivateExponent.ToByteArrayUnsigned(),
P = keyStructure.Prime1.ToByteArrayUnsigned(),
Q = keyStructure.Prime2.ToByteArrayUnsigned(),
DP = keyStructure.Exponent1.ToByteArrayUnsigned(),
DQ = keyStructure.Exponent2.ToByteArrayUnsigned(),
InverseQ = keyStructure.Coefficient.ToByteArrayUnsigned(),
});
}
catch (Exception ex)
{
return(default(RSAParameters));
}
}
/// <summary>
/// Save certificate as pfx file with private key
/// </summary>
/// <param name="issuerKeyPair"></param>
/// <param name="x509"></param>
/// <param name="fileName"></param>
/// <returns></returns>
private X509Certificate2 SaveToPFX(AsymmetricCipherKeyPair issuerKeyPair, X509Certificate2 x509, string fileName)
{
// add private key to x509
PrivateKeyInfo info = PrivateKeyInfoFactory.CreatePrivateKeyInfo(issuerKeyPair.Private);
var seq = (Asn1Sequence)Asn1Object.FromByteArray(info.PrivateKey.GetDerEncoded());
// It should thow if seq.c**t != 9 because folowing info should be stored in RSA key.
// following page has more info: https://tls.mbed.org/kb/cryptography/asn1-key-structures-in-der-and-pem
// version Version,
// modulus INTEGER, --n
// publicExponent INTEGER, --e
// privateExponent INTEGER, --d
// prime1 INTEGER, --p
// prime2 INTEGER, --q
// exponent1 INTEGER, --d mod(p - 1)
// exponent2 INTEGER, --d mod(q - 1)
// coefficient INTEGER, --(inverse of q) mod p
// otherPrimeInfos OtherPrimeInfos OPTIONAL
if (seq.Count != 9)
{
throw new PemException("malformed sequence in RSA private key");
}
var rsa = new RsaPrivateKeyStructure(seq);
RsaPrivateCrtKeyParameters rsaparams = new RsaPrivateCrtKeyParameters(
rsa.Modulus, rsa.PublicExponent, rsa.PrivateExponent, rsa.Prime1, rsa.Prime2, rsa.Exponent1, rsa.Exponent2, rsa.Coefficient);
x509.PrivateKey = DotNetUtilities.ToRSA(rsaparams);
var utils = new GeneralUtils();
if (!fileName.EndsWith(".pfx"))
{
fileName += ".pfx";
}
File.WriteAllBytes(utils.PathWithName(fileName), x509.Export(X509ContentType.Pkcs12, GetCertPassword()));
return(x509);
}
static void Main(string[] args)
{
const string pubkey = @"...";
const string prikey = @"...";
var publickey = Convert.FromBase64String(pubkey);
var privatekey = Convert.FromBase64String(prikey);
var asnprivate = Asn1Object.FromStream(new MemoryStream(privatekey));
var privStruct = new RsaPrivateKeyStructure((Asn1Sequence)asnprivate);
RsaKeyParameters privateAsymmetricKey = new RsaKeyParameters(true, privStruct.Modulus, privStruct.PrivateExponent);
RsaKeyParameters publicAsymmetricKey = (RsaKeyParameters)PublicKeyFactory.CreateKey(publickey);
var inputBytes = Encoding.UTF8.GetBytes("the message");
Console.WriteLine("--- Message: ----");
Console.WriteLine(Encoding.UTF8.GetString(inputBytes));
IAsymmetricBlockCipher cipher = new RsaEngine();
cipher.Init(true, publicAsymmetricKey);
var cipheredBytes = cipher.ProcessBlock(inputBytes, 0, inputBytes.Length);
Console.WriteLine("--- Enc utf8: ----");
Console.WriteLine(Encoding.UTF8.GetString(cipheredBytes));
Console.WriteLine("--- Enc Base64: ----");
Console.WriteLine(Convert.ToBase64String(cipheredBytes));
cipher.Init(false, privateAsymmetricKey);
var deciphered = cipher.ProcessBlock(cipheredBytes, 0, cipheredBytes.Length);
Console.WriteLine("--- Dec: ----");
Console.WriteLine(Encoding.UTF8.GetString(deciphered));
Console.ReadLine();
}
public static string Sign(dynamic payload)
{
List <string> segments = new List <string>();
//JwtHeader header = Header;
string header = @"{ ""alg"":""RS256"", ""typ"":""JWT"" }";
DateTime issued = DateTime.Now;
DateTime expire = DateTime.Now.AddHours(10);
byte[] headerBytes = Encoding.UTF8.GetBytes(JsonConvert.SerializeObject(header, Formatting.None));
byte[] payloadBytes = Encoding.UTF8.GetBytes(payload);
segments.Add(UrlEncode(headerBytes));
segments.Add(UrlEncode(payloadBytes));
string stringToSign = string.Join(".", segments.ToArray());
byte[] bytesToSign = Encoding.UTF8.GetBytes(stringToSign);
byte[] keyBytes = Convert.FromBase64String(strSecret);
var privKeyObj = Asn1Object.FromByteArray(keyBytes);
var privStruct = RsaPrivateKeyStructure.GetInstance((Asn1Sequence)privKeyObj);
ISigner sig = SignerUtilities.GetSigner(SignerName);
sig.Init(true, new RsaKeyParameters(true, privStruct.Modulus, privStruct.PrivateExponent));
sig.BlockUpdate(bytesToSign, 0, bytesToSign.Length);
byte[] signature = sig.GenerateSignature();
segments.Add(UrlEncode(signature));
return(string.Join(".", segments.ToArray()));
}
public (string PrivateKey, string PublicKey) GenerateRsaKeys(string companyName)
{
var rsaKeyPairGenerator = new RsaKeyPairGenerator();
rsaKeyPairGenerator.Init(new KeyGenerationParameters(new SecureRandom(), 2048));
var pair = rsaKeyPairGenerator.GenerateKeyPair();
var privateKeyInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(pair.Private);
byte[] privateKeyPkcs8DerEncodedBytes = privateKeyInfo.ToAsn1Object().GetDerEncoded();
// privateKeyPkcs8DerEncodedBytes contains PKCS#8 DER-encoded private key as a byte[]
var pkcs8PrivateKeyInfo = PrivateKeyInfo.GetInstance(privateKeyPkcs8DerEncodedBytes);
var pkcs1Key = RsaPrivateKeyStructure.GetInstance(pkcs8PrivateKeyInfo.ParsePrivateKey());
byte[] privateKeyPkcs1EncodedBytes = pkcs1Key.GetEncoded();
var sb = new StringBuilder();
sb.AppendLine("-----BEGIN RSA PRIVATE KEY-----");
sb.AppendLine(Convert.ToBase64String(privateKeyPkcs1EncodedBytes, Base64FormattingOptions.InsertLineBreaks));
sb.AppendLine("-----END RSA PRIVATE KEY-----");
var serializedPrivate = sb.ToString();
var caName = new X509Name($"CN={companyName}");
var caCert = GenerateCertificate(caName, caName, pair.Private, pair.Public);
var certEncoded = caCert.GetEncoded();
sb = new StringBuilder();
sb.AppendLine("-----BEGIN CERTIFICATE-----");
sb.AppendLine(Convert.ToBase64String(certEncoded, Base64FormattingOptions.InsertLineBreaks));
sb.AppendLine("-----END CERTIFICATE-----");
var serializedPublic = sb.ToString();
return(serializedPrivate, serializedPublic);
}
public static PrivateKeyInfo CreatePrivateKeyInfo(
AsymmetricKeyParameter key)
{
if (key == null)
{
throw new ArgumentNullException("key");
}
if (!key.IsPrivate)
{
throw new ArgumentException("Public key passed - private key expected", "key");
}
if (key is ElGamalPrivateKeyParameters)
{
ElGamalPrivateKeyParameters _key = (ElGamalPrivateKeyParameters)key;
return(new PrivateKeyInfo(
new AlgorithmIdentifier(
OiwObjectIdentifiers.ElGamalAlgorithm,
new ElGamalParameter(
_key.Parameters.P,
_key.Parameters.G).ToAsn1Object()),
new DerInteger(_key.X)));
}
if (key is DsaPrivateKeyParameters)
{
DsaPrivateKeyParameters _key = (DsaPrivateKeyParameters)key;
return(new PrivateKeyInfo(
new AlgorithmIdentifier(
X9ObjectIdentifiers.IdDsa,
new DsaParameter(
_key.Parameters.P,
_key.Parameters.Q,
_key.Parameters.G).ToAsn1Object()),
new DerInteger(_key.X)));
}
if (key is DHPrivateKeyParameters)
{
DHPrivateKeyParameters _key = (DHPrivateKeyParameters)key;
DHParameter p = new DHParameter(
_key.Parameters.P, _key.Parameters.G, _key.Parameters.L);
return(new PrivateKeyInfo(
new AlgorithmIdentifier(_key.AlgorithmOid, p.ToAsn1Object()),
new DerInteger(_key.X)));
}
if (key is RsaKeyParameters)
{
AlgorithmIdentifier algID = new AlgorithmIdentifier(
PkcsObjectIdentifiers.RsaEncryption, DerNull.Instance);
RsaPrivateKeyStructure keyStruct;
if (key is RsaPrivateCrtKeyParameters)
{
RsaPrivateCrtKeyParameters _key = (RsaPrivateCrtKeyParameters)key;
keyStruct = new RsaPrivateKeyStructure(
_key.Modulus,
_key.PublicExponent,
_key.Exponent,
_key.P,
_key.Q,
_key.DP,
_key.DQ,
_key.QInv);
}
else
{
RsaKeyParameters _key = (RsaKeyParameters)key;
keyStruct = new RsaPrivateKeyStructure(
_key.Modulus,
BigInteger.Zero,
_key.Exponent,
BigInteger.Zero,
BigInteger.Zero,
BigInteger.Zero,
BigInteger.Zero,
BigInteger.Zero);
}
return(new PrivateKeyInfo(algID, keyStruct.ToAsn1Object()));
}
if (key is ECPrivateKeyParameters)
{
ECPrivateKeyParameters priv = (ECPrivateKeyParameters)key;
ECDomainParameters dp = priv.Parameters;
int orderBitLength = dp.N.BitLength;
AlgorithmIdentifier algID;
ECPrivateKeyStructure ec;
if (priv.AlgorithmName == "ECGOST3410")
{
if (priv.PublicKeyParamSet == null)
{
throw Platform.CreateNotImplementedException("Not a CryptoPro parameter set");
}
Gost3410PublicKeyAlgParameters gostParams = new Gost3410PublicKeyAlgParameters(
priv.PublicKeyParamSet, CryptoProObjectIdentifiers.GostR3411x94CryptoProParamSet);
algID = new AlgorithmIdentifier(CryptoProObjectIdentifiers.GostR3410x2001, gostParams);
// TODO Do we need to pass any parameters here?
ec = new ECPrivateKeyStructure(orderBitLength, priv.D);
}
else
{
X962Parameters x962;
if (priv.PublicKeyParamSet == null)
{
X9ECParameters ecP = new X9ECParameters(dp.Curve, dp.G, dp.N, dp.H, dp.GetSeed());
x962 = new X962Parameters(ecP);
}
else
{
x962 = new X962Parameters(priv.PublicKeyParamSet);
}
// TODO Possible to pass the publicKey bitstring here?
ec = new ECPrivateKeyStructure(orderBitLength, priv.D, x962);
algID = new AlgorithmIdentifier(X9ObjectIdentifiers.IdECPublicKey, x962);
}
return(new PrivateKeyInfo(algID, ec));
}
if (key is Gost3410PrivateKeyParameters)
{
Gost3410PrivateKeyParameters _key = (Gost3410PrivateKeyParameters)key;
if (_key.PublicKeyParamSet == null)
{
throw Platform.CreateNotImplementedException("Not a CryptoPro parameter set");
}
byte[] keyEnc = _key.X.ToByteArrayUnsigned();
byte[] keyBytes = new byte[keyEnc.Length];
for (int i = 0; i != keyBytes.Length; i++)
{
keyBytes[i] = keyEnc[keyEnc.Length - 1 - i]; // must be little endian
}
Gost3410PublicKeyAlgParameters algParams = new Gost3410PublicKeyAlgParameters(
_key.PublicKeyParamSet, CryptoProObjectIdentifiers.GostR3411x94CryptoProParamSet, null);
AlgorithmIdentifier algID = new AlgorithmIdentifier(
CryptoProObjectIdentifiers.GostR3410x94,
algParams.ToAsn1Object());
return(new PrivateKeyInfo(algID, new DerOctetString(keyBytes)));
}
throw new ArgumentException("Class provided is not convertible: " + Platform.GetTypeName(key));
}
/// <summary> Generates a self signed certificate. </summary>
/// <exception cref="PemException"> Thrown when a Pem error condition occurs. </exception>
/// <param name="subjectName"> Name of the subject. </param>
/// <param name="issuerName"> Name of the issuer. </param>
/// <param name="issuerPrivKey"> The issuer priv key. </param>
/// <param name="validTill"> The valid till Date/Time. </param>
/// <param name="keyStrength"> (Optional) The key strength. </param>
/// <returns> The self signed certificate. </returns>
public static X509Certificate2 GenerateSelfSignedCertificate(string subjectName, string issuerName,
AsymmetricKeyParameter issuerPrivKey, DateTime validTill, int keyStrength = 2048)
{
// Generating Random Numbers
var randomGenerator = new CryptoApiRandomGenerator();
var random = new SecureRandom(randomGenerator);
// The Certificate Generator
var certificateGenerator = new X509V3CertificateGenerator();
// Serial Number
var serialNumber =
BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(long.MaxValue), random);
certificateGenerator.SetSerialNumber(serialNumber);
// Issuer and Subject Name
var subjectDn = new X509Name(subjectName);
var issuerDn = new X509Name(issuerName);
certificateGenerator.SetIssuerDN(issuerDn);
certificateGenerator.SetSubjectDN(subjectDn);
// Valid For
var notBefore = DateTime.UtcNow.Date;
var notAfter = validTill;
certificateGenerator.SetNotBefore(notBefore);
certificateGenerator.SetNotAfter(notAfter);
// Subject Public Key
var keyGenerationParameters = new KeyGenerationParameters(random, keyStrength);
var keyPairGenerator = new RsaKeyPairGenerator();
keyPairGenerator.Init(keyGenerationParameters);
var subjectKeyPair = keyPairGenerator.GenerateKeyPair();
certificateGenerator.SetPublicKey(subjectKeyPair.Public);
// selfsign certificate
var signatureFactory = new Asn1SignatureFactory(SignatureAlgorithm, issuerPrivKey);
var certificate = certificateGenerator.Generate(signatureFactory);
// correcponding private key
var info = PrivateKeyInfoFactory.CreatePrivateKeyInfo(subjectKeyPair.Private);
// merge into X509Certificate2
var x509 = new X509Certificate2(certificate.GetEncoded());
var seq = (Asn1Sequence)info.ParsePrivateKey();
if (seq.Count != 9)
{
throw new PemException("malformed sequence in RSA private key");
}
var rsa = RsaPrivateKeyStructure.GetInstance(seq);
var rsaparams = new RsaPrivateCrtKeyParameters(
rsa.Modulus, rsa.PublicExponent, rsa.PrivateExponent, rsa.Prime1, rsa.Prime2, rsa.Exponent1,
rsa.Exponent2,
rsa.Coefficient);
x509.PrivateKey = ToDotNetKey(rsaparams);
return(x509);
}
internal static AsymmetricKeyParameter GetKeyParameterFormPrivateKey(string privateKey)
{
var keyStructure = RsaPrivateKeyStructure.GetInstance(Convert.FromBase64String(privateKey));
return(new RsaPrivateCrtKeyParameters(keyStructure.Modulus, keyStructure.PublicExponent, keyStructure.PrivateExponent, keyStructure.Prime1, keyStructure.Prime2, keyStructure.Exponent1, keyStructure.Exponent2, keyStructure.Coefficient));
}
/// <summary>
/// Load an RSA private key from a OpenSSL style file (DER or PEM)
/// </summary>
/// <param name="keyFile">The file to load</param>
/// <param name="password">The optional password</param>
/// <param name="signature">Whether to load the key as a signature or key exchange</param>
/// <returns>The RSA algorithm object</returns>
public static RSA ImportPrivateKeyFromPEM(string keyFile, string password, bool signature)
{
RSA ret = null;
byte[] data = File.ReadAllBytes(keyFile);
RsaPrivateCrtKeyParameters keyParams = null;
if (data.Length > 0)
{
if (data[0] != 0x30)
{
try
{
// Probably a PEM file
using (StreamReader reader = new StreamReader(new MemoryStream(data)))
{
PemReader pem;
if (password != null)
{
pem = new PemReader(reader, new PasswordFinderClass(password));
}
else
{
pem = new PemReader(reader);
}
object o = pem.ReadObject();
while (o != null)
{
if (o is RsaPrivateCrtKeyParameters)
{
keyParams = o as RsaPrivateCrtKeyParameters;
break;
}
else if (o is AsymmetricCipherKeyPair)
{
AsymmetricCipherKeyPair pair = o as AsymmetricCipherKeyPair;
keyParams = pair.Private as RsaPrivateCrtKeyParameters;
break;
}
o = pem.ReadObject();
}
}
}
catch (InvalidCipherTextException)
{
// Catch this exception and convert to standard CryptographicException
throw new CryptographicException("Cannot decrypt private key");
}
}
else
{
Asn1Sequence seq = (Asn1Sequence)Asn1Object.FromByteArray(data);
if (seq.Count != 9)
{
throw new CryptographicException("Malformed ASN.1 Sequence");
}
RsaPrivateKeyStructure rsa = RsaPrivateKeyStructure.GetInstance(seq);
keyParams = new RsaPrivateCrtKeyParameters(
rsa.Modulus, rsa.PublicExponent, rsa.PrivateExponent,
rsa.Prime1, rsa.Prime2, rsa.Exponent1, rsa.Exponent2,
rsa.Coefficient);
}
if (keyParams != null)
{
ret = LoadKey(keyParams, signature);
}
}
return(ret);
}
/// <summary>
/// Generates the certificate.
/// </summary>
/// <param name="subjectName">Name of the subject.</param>
/// <param name="issuerName">Name of the issuer.</param>
/// <param name="validFrom">The valid from.</param>
/// <param name="validTo">The valid to.</param>
/// <param name="keyStrength">The key strength.</param>
/// <param name="signatureAlgorithm">The signature algorithm.</param>
/// <param name="issuerPrivateKey">The issuer private key.</param>
/// <param name="hostName">The host name</param>
/// <returns>X509Certificate2 instance.</returns>
/// <exception cref="PemException">Malformed sequence in RSA private key</exception>
private static X509Certificate2 generateCertificate(string?hostName,
string subjectName,
string issuerName, DateTime validFrom,
DateTime validTo, int keyStrength = 2048,
string signatureAlgorithm = "SHA256WithRSA",
AsymmetricKeyParameter?issuerPrivateKey = null)
{
// Generating Random Numbers
var randomGenerator = new CryptoApiRandomGenerator();
var secureRandom = new SecureRandom(randomGenerator);
// The Certificate Generator
var certificateGenerator = new X509V3CertificateGenerator();
// Serial Number
var serialNumber =
BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(long.MaxValue), secureRandom);
certificateGenerator.SetSerialNumber(serialNumber);
// Issuer and Subject Name
var subjectDn = new X509Name(subjectName);
var issuerDn = new X509Name(issuerName);
certificateGenerator.SetIssuerDN(issuerDn);
certificateGenerator.SetSubjectDN(subjectDn);
certificateGenerator.SetNotBefore(validFrom);
certificateGenerator.SetNotAfter(validTo);
if (hostName != null)
{
// add subject alternative names
var nameType = GeneralName.DnsName;
if (IPAddress.TryParse(hostName, out _))
{
nameType = GeneralName.IPAddress;
}
var subjectAlternativeNames = new Asn1Encodable[] { new GeneralName(nameType, hostName) };
var subjectAlternativeNamesExtension = new DerSequence(subjectAlternativeNames);
certificateGenerator.AddExtension(X509Extensions.SubjectAlternativeName.Id, false,
subjectAlternativeNamesExtension);
}
// Subject Public Key
var keyGenerationParameters = new KeyGenerationParameters(secureRandom, keyStrength);
var keyPairGenerator = new RsaKeyPairGenerator();
keyPairGenerator.Init(keyGenerationParameters);
var subjectKeyPair = keyPairGenerator.GenerateKeyPair();
certificateGenerator.SetPublicKey(subjectKeyPair.Public);
// Set certificate intended purposes to only Server Authentication
certificateGenerator.AddExtension(X509Extensions.ExtendedKeyUsage.Id, false,
new ExtendedKeyUsage(KeyPurposeID.IdKPServerAuth));
if (issuerPrivateKey == null)
{
certificateGenerator.AddExtension(X509Extensions.BasicConstraints.Id, true, new BasicConstraints(true));
}
var signatureFactory = new Asn1SignatureFactory(signatureAlgorithm,
issuerPrivateKey ?? subjectKeyPair.Private, secureRandom);
// Self-sign the certificate
var certificate = certificateGenerator.Generate(signatureFactory);
// Corresponding private key
var privateKeyInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(subjectKeyPair.Private);
var seq = (Asn1Sequence)Asn1Object.FromByteArray(privateKeyInfo.ParsePrivateKey().GetDerEncoded());
if (seq.Count != 9)
{
throw new PemException("Malformed sequence in RSA private key");
}
var rsa = RsaPrivateKeyStructure.GetInstance(seq);
var rsaparams = new RsaPrivateCrtKeyParameters(rsa.Modulus, rsa.PublicExponent, rsa.PrivateExponent,
rsa.Prime1, rsa.Prime2, rsa.Exponent1,
rsa.Exponent2, rsa.Coefficient);
// Set private key onto certificate instance
var x509Certificate = withPrivateKey(certificate, rsaparams);
if (!doNotSetFriendlyName)
{
try
{
x509Certificate.FriendlyName = ProxyConstants.CNRemoverRegex.Replace(subjectName, string.Empty);
}
catch (PlatformNotSupportedException)
{
doNotSetFriendlyName = true;
}
}
return(x509Certificate);
}
public static RSA ToRSA(RsaPrivateKeyStructure privKey)
{
return(CreateRSAProvider(ToRSAParameters(privKey)));
}
private static void GenerateSigningCertificate(ICertificatePolicy certificatePolicy, out string thumbprint, out string pemPublicCert, out byte[] pkcs12Data, out System.Security.Cryptography.X509Certificates.X509Certificate2 x509Certificate2)
{
// Generating Random Numbers
var randomGenerator = new CryptoApiRandomGenerator();
var random = new SecureRandom(randomGenerator);
var kpgen = new RsaKeyPairGenerator();
kpgen.Init(new KeyGenerationParameters(random, 2048));
var subjectKeyPair = kpgen.GenerateKeyPair();
var gen = new X509V3CertificateGenerator();
X509Name certName;
if (certificatePolicy.X509NameDictionary == null || !certificatePolicy.X509NameDictionary.Any())
{
certName = new X509Name("CN=" + certificatePolicy.CommonName);
}
else
{
var list = new Dictionary <string, string>();
AddSubjectNameItem(list, "CN", certificatePolicy.CommonName);
foreach (var item in certificatePolicy.X509NameDictionary)
{
AddSubjectNameItem(list, item.Key, item.Value);
}
certName = new X509Name(GetSubjectNameItemString(list));
}
BigInteger serialNo;
serialNo = BigInteger.ProbablePrime(120, random);
gen.SetSerialNumber(serialNo);
gen.SetSubjectDN(certName);
gen.SetIssuerDN(certName);
gen.SetNotBefore(DateTime.UtcNow.AddHours(-2)); // go back 2 hours just to be safe
gen.SetNotAfter(DateTime.UtcNow.AddDays(certificatePolicy.ValidForDays));
gen.SetSignatureAlgorithm("SHA256WithRSA");
gen.SetPublicKey(subjectKeyPair.Public);
gen.AddExtension(
X509Extensions.BasicConstraints.Id,
true,
new BasicConstraints(false));
gen.AddExtension(X509Extensions.KeyUsage.Id,
true,
new KeyUsage(KeyUsage.DigitalSignature));
// handle our key purposes
if (!certificatePolicy.AllPurposes)
{
var purposes = new List <KeyPurposeID>();
if (certificatePolicy.ServerAuthentication)
{
purposes.Add(KeyPurposeID.IdKPServerAuth);
}
if (certificatePolicy.ClientAuthentication)
{
purposes.Add(KeyPurposeID.IdKPClientAuth);
}
if (certificatePolicy.CodeSigning)
{
purposes.Add(KeyPurposeID.IdKPCodeSigning);
}
if (purposes.Any())
{
gen.AddExtension(
X509Extensions.ExtendedKeyUsage.Id,
true,
new ExtendedKeyUsage(purposes.ToArray()));
}
}
var certificate = gen.Generate(subjectKeyPair.Private, random);
PrivateKeyInfo info = PrivateKeyInfoFactory.CreatePrivateKeyInfo(subjectKeyPair.Private);
var seq = (Asn1Sequence)Asn1Object.FromByteArray(info.PrivateKey.GetDerEncoded());
if (seq.Count != 9)
{
throw new PemException("Malformed sequence in RSA private key.");
}
var rsa = new RsaPrivateKeyStructure(seq);
RsaPrivateCrtKeyParameters rsaparams = new RsaPrivateCrtKeyParameters(
rsa.Modulus, rsa.PublicExponent, rsa.PrivateExponent, rsa.Prime1, rsa.Prime2, rsa.Exponent1, rsa.Exponent2, rsa.Coefficient);
// this is exportable to get the bytes of the key to our file system in an encrypted manner
RSAParameters rsaParameters = DotNetUtilities.ToRSAParameters(rsaparams);
CspParameters cspParameters = new CspParameters();
cspParameters.KeyContainerName = Guid.NewGuid().ToString();
RSACryptoServiceProvider rsaKey = new RSACryptoServiceProvider(2048, cspParameters);
rsaKey.PersistKeyInCsp = false; // do not persist
rsaKey.ImportParameters(rsaParameters);
var x509 = new System.Security.Cryptography.X509Certificates.X509Certificate2(certificate.GetEncoded());
x509.PrivateKey = rsaKey;
// this is non-exportable
CspParameters cspParametersNoExport = new CspParameters();
cspParametersNoExport.KeyContainerName = Guid.NewGuid().ToString();
cspParametersNoExport.Flags = CspProviderFlags.UseNonExportableKey;
RSACryptoServiceProvider rsaKey2 = new RSACryptoServiceProvider(2048, cspParametersNoExport);
rsaKey2.PersistKeyInCsp = false; // do not persist
rsaKey2.ImportParameters(rsaParameters);
x509Certificate2 = new System.Security.Cryptography.X509Certificates.X509Certificate2(certificate.GetEncoded());
x509Certificate2.PrivateKey = rsaKey2;
//// Generating Random Numbers
//var chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-()#$%^&@+=!";
//var rnd = new Random();
//password = new string(
// Enumerable.Repeat(chars, 15)
// .Select(s => s[rnd.Next(s.Length)])
// .ToArray());
thumbprint = x509.Thumbprint.ToLower();
var publicKeyPem = new StringBuilder();
var utf8WithoutBom = new System.Text.UTF8Encoding(false);
var publicKeyPemWriter = new PemWriter(new StringWriterWithEncoding(publicKeyPem, utf8WithoutBom));
publicKeyPemWriter.WriteObject(certificate);
publicKeyPemWriter.Writer.Flush();
pemPublicCert = publicKeyPem.ToString();
pemPublicCert = pemPublicCert.Replace(Environment.NewLine, "\n"); //only use newline and not returns
pkcs12Data = x509.Export(System.Security.Cryptography.X509Certificates.X509ContentType.Pfx);
}
public static X509Certificate2 GenerateSelfSignedCertificate(string subjectName, string issuerName, AsymmetricKeyParameter issuerPrivKey)
{
var randomGenerator = new CryptoApiRandomGenerator();
var random = new SecureRandom(randomGenerator);
var certificateGenerator = new X509V3CertificateGenerator();
// Serial Number
var serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(long.MaxValue), random);
certificateGenerator.SetSerialNumber(serialNumber);
// Issuer and SN
var subjectDN = new X509Name(subjectName);
var issuerDN = new X509Name(issuerName);
certificateGenerator.SetIssuerDN(issuerDN);
certificateGenerator.SetSubjectDN(subjectDN);
// SAN
var subjectAltName = new GeneralNames(new GeneralName(GeneralName.DnsName, "localhost"));
certificateGenerator.AddExtension(X509Extensions.SubjectAlternativeName, false, subjectAltName);
// Validity
var notBefore = DateTime.UtcNow.Date;
var notAfter = notBefore.AddYears(2);
certificateGenerator.SetNotBefore(notBefore);
certificateGenerator.SetNotAfter(notAfter);
// Public Key
var keyGenerationParameters = new KeyGenerationParameters(random, KeyStrength);
var keyPairGenerator = new RsaKeyPairGenerator();
keyPairGenerator.Init(keyGenerationParameters);
var subjectKeyPair = keyPairGenerator.GenerateKeyPair();
certificateGenerator.SetPublicKey(subjectKeyPair.Public);
// Sign certificate
var signatureFactory = new Asn1SignatureFactory("SHA256WithRSA", issuerPrivKey, random);
var certificate = certificateGenerator.Generate(signatureFactory);
var x509 = new X509Certificate2(certificate.GetEncoded(), (string)null, X509KeyStorageFlags.Exportable);
// Private key
var privateKeyInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(subjectKeyPair.Private);
var seq = (Asn1Sequence)Asn1Object.FromByteArray(privateKeyInfo.ParsePrivateKey().GetDerEncoded());
if (seq.Count != 9)
{
throw new PemException("Invalid RSA private key");
}
var rsa = RsaPrivateKeyStructure.GetInstance(seq);
var rsaparams = new RsaPrivateCrtKeyParameters(rsa.Modulus, rsa.PublicExponent, rsa.PrivateExponent, rsa.Prime1, rsa.Prime2, rsa.Exponent1, rsa.Exponent2, rsa.Coefficient);
var parms = DotNetUtilities.ToRSAParameters(rsaparams);
var rsa1 = RSA.Create();
rsa1.ImportParameters(parms);
// https://github.com/dotnet/runtime/issues/23749
var cert = x509.CopyWithPrivateKey(rsa1);
return(new X509Certificate2(cert.Export(X509ContentType.Pkcs12)));
}
