private void checkCrlCreation3()
{
IAsymmetricCipherKeyPairGenerator kpGen = GeneratorUtilities.GetKeyPairGenerator("RSA");
kpGen.Init(
new RsaKeyGenerationParameters(
BigInteger.ValueOf(0x10001), new SecureRandom(), 768, 25));
X509V2CrlGenerator crlGen = new X509V2CrlGenerator();
DateTime now = DateTime.UtcNow;
AsymmetricCipherKeyPair pair = kpGen.GenerateKeyPair();
crlGen.SetIssuerDN(new X509Name("CN=Test CA"));
crlGen.SetThisUpdate(now);
crlGen.SetNextUpdate(now.AddSeconds(100));
crlGen.SetSignatureAlgorithm("SHA256WithRSAEncryption");
IList extOids = new ArrayList();
IList extValues = new ArrayList();
CrlReason crlReason = new CrlReason(CrlReason.PrivilegeWithdrawn);
try
{
extOids.Add(X509Extensions.ReasonCode);
extValues.Add(new X509Extension(false, new DerOctetString(crlReason.GetEncoded())));
}
catch (IOException e)
{
throw new ArgumentException("error encoding reason: " + e);
}
X509Extensions entryExtensions = new X509Extensions(extOids, extValues);
crlGen.AddCrlEntry(BigInteger.One, now, entryExtensions);
crlGen.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(pair.Public));
X509Crl crl = crlGen.Generate(pair.Private);
if (!crl.IssuerDN.Equivalent(new X509Name("CN=Test CA"), true))
{
Fail("failed CRL issuer test");
}
Asn1OctetString authExt = crl.GetExtensionValue(X509Extensions.AuthorityKeyIdentifier);
if (authExt == null)
{
Fail("failed to find CRL extension");
}
AuthorityKeyIdentifier authId = new AuthorityKeyIdentifierStructure(authExt);
X509CrlEntry entry = crl.GetRevokedCertificate(BigInteger.One);
if (entry == null)
{
Fail("failed to find CRL entry");
}
if (!entry.SerialNumber.Equals(BigInteger.One))
{
Fail("CRL cert serial number does not match");
}
if (!entry.HasExtensions)
{
Fail("CRL entry extension not found");
}
Asn1OctetString ext = entry.GetExtensionValue(X509Extensions.ReasonCode);
if (ext != null)
{
DerEnumerated reasonCode = (DerEnumerated)X509ExtensionUtilities.FromExtensionValue(ext);
if (reasonCode.Value.IntValue != CrlReason.PrivilegeWithdrawn)
{
Fail("CRL entry reasonCode wrong");
}
}
else
{
Fail("CRL entry reasonCode not found");
}
//
// check loading of existing CRL
//
crlGen = new X509V2CrlGenerator();
now = DateTime.UtcNow;
crlGen.SetIssuerDN(new X509Name("CN=Test CA"));
crlGen.SetThisUpdate(now);
crlGen.SetNextUpdate(now.AddSeconds(100));
crlGen.SetSignatureAlgorithm("SHA256WithRSAEncryption");
crlGen.AddCrl(crl);
crlGen.AddCrlEntry(BigInteger.Two, now, entryExtensions);
crlGen.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(pair.Public));
X509Crl newCrl = crlGen.Generate(pair.Private);
int count = 0;
bool oneFound = false;
bool twoFound = false;
foreach (X509CrlEntry crlEnt in newCrl.GetRevokedCertificates())
{
if (crlEnt.SerialNumber.IntValue == 1)
{
oneFound = true;
}
else if (crlEnt.SerialNumber.IntValue == 2)
{
twoFound = true;
}
count++;
}
if (count != 2)
{
Fail("wrong number of CRLs found");
}
if (!oneFound || !twoFound)
{
Fail("wrong CRLs found in copied list");
}
//
// check factory read back
//
X509Crl readCrl = new X509CrlParser().ReadCrl(newCrl.GetEncoded());
if (readCrl == null)
{
Fail("crl not returned!");
}
// ICollection col = cFact.generateCRLs(new ByteArrayInputStream(newCrl.getEncoded()));
ICollection col = new X509CrlParser().ReadCrls(newCrl.GetEncoded());
if (col.Count != 1)
{
Fail("wrong number of CRLs found in collection");
}
}
/// <summary>
///
/// </summary>
/// <remarks>Based on <see cref="http://www.fkollmann.de/v2/post/Creating-certificates-using-BouncyCastle.aspx"/></remarks>
/// <param name="subjectName"></param>
/// <returns></returns>
public static void GenerateCertificate(string subjectName, DateTime expireOnUtc, byte[] issuingCertificate, string issuingCertificatePassword, out string password, out byte[] cerData, out byte[] pkcs12Data)
{
AsymmetricKeyParameter caPrivateKey;
var caCert = ReadCertificateFromBytes(issuingCertificate, issuingCertificatePassword, out caPrivateKey);
var caAuth = new AuthorityKeyIdentifierStructure(caCert);
var authKeyId = new AuthorityKeyIdentifier(caAuth.GetKeyIdentifier());
// Generating Random Numbers
var randomGenerator = new CryptoApiRandomGenerator();
var random = new SecureRandom(randomGenerator);
var chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-()#$%^&@+=!";
var rnd = new Random();
var result = new string(
Enumerable.Repeat(chars, 15)
.Select(s => s[rnd.Next(s.Length)])
.ToArray());
password = result;
var gen = new X509V3CertificateGenerator();
var certName = new X509Name("CN=" + subjectName);
var serialNo = BigInteger.ProbablePrime(120, random);
gen.SetSerialNumber(serialNo);
gen.SetSubjectDN(certName);
gen.SetIssuerDN(caCert.IssuerDN);
// gen.SetIssuerUniqueID(caCert.IssuerUniqueID.GetBytes())
gen.SetNotAfter(expireOnUtc);
gen.SetNotBefore(DateTime.Now.Subtract(new TimeSpan(7, 0, 0, 0)));
gen.SetSignatureAlgorithm("SHA256WithRSA"); //("MD5WithRSA");
var kpgen = new RsaKeyPairGenerator();
kpgen.Init(new KeyGenerationParameters(random, 2048)); // new SecureRandom(new CryptoApiRandomGenerator()), 2048));
var subjectKeyPair = kpgen.GenerateKeyPair();
gen.SetPublicKey(subjectKeyPair.Public);
//gen.AddExtension(
// X509Extensions.ExtendedKeyUsage.Id,
// false,
// new ExtendedKeyUsage(new KeyPurposeID[] { KeyPurposeID.IdKPClientAuth, KeyPurposeID.IdKPServerAuth, KeyPurposeID.IdKPCodeSigning }));
//1.3.6.1.5.5.7.3.1 = server authentication
//1.3.6.1.5.5.7.3.2 = client authentication
//1.3.6.1.5.5.7.3.3 = code signing
var certificate = gen.Generate(caPrivateKey);
PrivateKeyInfo info = PrivateKeyInfoFactory.CreatePrivateKeyInfo(subjectKeyPair.Private);
// merge into X509Certificate2
var x509 = X509CertificateHelper.GetCertificate(certificate.GetEncoded(), null, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags.Exportable);
var seq = (Asn1Sequence)Asn1Object.FromByteArray(info.PrivateKey.GetDerEncoded());
if (seq.Count != 9)
{
throw new PemException("Malformed sequence in RSA private key.");
}
var rsa = new RsaPrivateKeyStructure(seq);
RsaPrivateCrtKeyParameters rsaparams = new RsaPrivateCrtKeyParameters(
rsa.Modulus, rsa.PublicExponent, rsa.PrivateExponent, rsa.Prime1, rsa.Prime2, rsa.Exponent1, rsa.Exponent2, rsa.Coefficient);
RSAParameters rsaParameters = DotNetUtilities.ToRSAParameters(rsaparams);
CspParameters cspParameters = new CspParameters();
cspParameters.KeyContainerName = Guid.NewGuid().ToString(); // "MyKeyContainer";
RSACryptoServiceProvider rsaKey = new RSACryptoServiceProvider(2048, cspParameters);
rsaKey.ImportParameters(rsaParameters);
x509.PrivateKey = rsaKey;
cerData = x509.Export(System.Security.Cryptography.X509Certificates.X509ContentType.Cert);
pkcs12Data = x509.Export(System.Security.Cryptography.X509Certificates.X509ContentType.Pkcs12, password);
}
private void checkCrlCreation2()
{
IAsymmetricCipherKeyPairGenerator kpGen = GeneratorUtilities.GetKeyPairGenerator("RSA");
kpGen.Init(
new RsaKeyGenerationParameters(
BigInteger.ValueOf(0x10001), new SecureRandom(), 768, 25));
X509V2CrlGenerator crlGen = new X509V2CrlGenerator();
DateTime now = DateTime.UtcNow;
AsymmetricCipherKeyPair pair = kpGen.GenerateKeyPair();
crlGen.SetIssuerDN(new X509Name("CN=Test CA"));
crlGen.SetThisUpdate(now);
crlGen.SetNextUpdate(now.AddSeconds(100));
crlGen.SetSignatureAlgorithm("SHA256WithRSAEncryption");
IList extOids = new ArrayList();
IList extValues = new ArrayList();
CrlReason crlReason = new CrlReason(CrlReason.PrivilegeWithdrawn);
try
{
extOids.Add(X509Extensions.ReasonCode);
extValues.Add(new X509Extension(false, new DerOctetString(crlReason.GetEncoded())));
}
catch (IOException e)
{
throw new ArgumentException("error encoding reason: " + e);
}
X509Extensions entryExtensions = new X509Extensions(extOids, extValues);
crlGen.AddCrlEntry(BigInteger.One, now, entryExtensions);
crlGen.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(pair.Public));
X509Crl crl = crlGen.Generate(pair.Private);
if (!crl.IssuerDN.Equivalent(new X509Name("CN=Test CA"), true))
{
Fail("failed CRL issuer test");
}
Asn1OctetString authExt = crl.GetExtensionValue(X509Extensions.AuthorityKeyIdentifier);
if (authExt == null)
{
Fail("failed to find CRL extension");
}
AuthorityKeyIdentifier authId = new AuthorityKeyIdentifierStructure(authExt);
X509CrlEntry entry = crl.GetRevokedCertificate(BigInteger.One);
if (entry == null)
{
Fail("failed to find CRL entry");
}
if (!entry.SerialNumber.Equals(BigInteger.One))
{
Fail("CRL cert serial number does not match");
}
if (!entry.HasExtensions)
{
Fail("CRL entry extension not found");
}
Asn1OctetString ext = entry.GetExtensionValue(X509Extensions.ReasonCode);
if (ext != null)
{
DerEnumerated reasonCode = (DerEnumerated)X509ExtensionUtilities.FromExtensionValue(ext);
if (reasonCode.Value.IntValue != CrlReason.PrivilegeWithdrawn)
{
Fail("CRL entry reasonCode wrong");
}
}
else
{
Fail("CRL entry reasonCode not found");
}
}
/// <summary>
///
/// </summary>
/// <remarks>Based on <see cref="http://www.fkollmann.de/v2/post/Creating-certificates-using-BouncyCastle.aspx"/></remarks>
/// <param name="subjectName"></param>
/// <returns></returns>
public static byte[] GenerateCertificate(string subjectName, byte[] issuingCertificate, string issuingCertificatePassword, out string password)
{
AsymmetricKeyParameter caPrivateKey;
var caCert = ReadCertificateFromBytes(issuingCertificate, issuingCertificatePassword, out caPrivateKey);
var caAuth = new AuthorityKeyIdentifierStructure(caCert);
var authKeyId = new AuthorityKeyIdentifier(caAuth.GetKeyIdentifier());
// ---------------------------
// Generating Random Numbers
var randomGenerator = new CryptoApiRandomGenerator();
var random = new SecureRandom(randomGenerator);
var chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-()#$%^&@+=!";
var rnd = new Random();
var result = new string(
Enumerable.Repeat(chars, 15)
.Select(s => s[rnd.Next(s.Length)])
.ToArray());
password = result;
var gen = new X509V3CertificateGenerator();
var certName = new X509Name("CN=" + subjectName);
var serialNo = BigInteger.ProbablePrime(120, random);
gen.SetSerialNumber(serialNo);
gen.SetSubjectDN(certName);
gen.SetIssuerDN(caCert.IssuerDN);
// gen.SetIssuerUniqueID(caCert.IssuerUniqueID.GetBytes())
gen.SetNotAfter(DateTime.Now.AddYears(100));
gen.SetNotBefore(DateTime.Now.Subtract(new TimeSpan(7, 0, 0, 0)));
gen.SetSignatureAlgorithm("SHA256WithRSA"); //("MD5WithRSA");
var kpgen = new RsaKeyPairGenerator();
kpgen.Init(new KeyGenerationParameters(random, 2048)); // new SecureRandom(new CryptoApiRandomGenerator()), 2048));
var subjectKeyPair = kpgen.GenerateKeyPair();
gen.SetPublicKey(subjectKeyPair.Public);
//gen.AddExtension(
// X509Extensions.AuthorityKeyIdentifier,
// false,
// authKeyId);
//gen.AddExtension(
// X509Extensions.SubjectKeyIdentifier,
// false,
// new SubjectKeyIdentifierStructure(kp.Public)
// );
//gen.AddExtension(
// X509Extensions.AuthorityKeyIdentifier.Id,
// false,
// new AuthorityKeyIdentifier(
// SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(kp.Public),
// new GeneralNames(new GeneralName(certName)),
// serialNo));
gen.AddExtension(
X509Extensions.ExtendedKeyUsage.Id,
false,
new ExtendedKeyUsage(new KeyPurposeID[] { KeyPurposeID.IdKPClientAuth, KeyPurposeID.IdKPServerAuth, KeyPurposeID.IdKPCodeSigning }));
//1.3.6.1.5.5.7.3.1 = server authentication
//1.3.6.1.5.5.7.3.2 = client authentication
//1.3.6.1.5.5.7.3.3 = code signing
var certificate = gen.Generate(caPrivateKey);
PrivateKeyInfo info = PrivateKeyInfoFactory.CreatePrivateKeyInfo(subjectKeyPair.Private);
// merge into X509Certificate2
var x509 = new System.Security.Cryptography.X509Certificates.X509Certificate2(certificate.GetEncoded());
var seq = (Asn1Sequence)Asn1Object.FromByteArray(info.PrivateKey.GetDerEncoded());
if (seq.Count != 9)
{
throw new PemException("malformed sequence in RSA private key");
}
var rsa = new RsaPrivateKeyStructure(seq);
RsaPrivateCrtKeyParameters rsaparams = new RsaPrivateCrtKeyParameters(
rsa.Modulus, rsa.PublicExponent, rsa.PrivateExponent, rsa.Prime1, rsa.Prime2, rsa.Exponent1, rsa.Exponent2, rsa.Coefficient);
//-------------
//RsaPrivateCrtKeyParameters rsaparams = (RsaPrivateCrtKeyParameters)subjectKeyPair.Private;
RSAParameters rsaParameters = DotNetUtilities.ToRSAParameters(rsaparams);
CspParameters cspParameters = new CspParameters();
cspParameters.KeyContainerName = Guid.NewGuid().ToString(); // "MyKeyContainer";
RSACryptoServiceProvider rsaKey = new RSACryptoServiceProvider(2048, cspParameters);
rsaKey.ImportParameters(rsaParameters);
// ------------
x509.PrivateKey = rsaKey; // DotNetUtilities.ToRSA(rsaparams);
//var certBytes = DotNetUtilities.ToX509Certificate(certificate).Export(System.Security.Cryptography.X509Certificates.X509ContentType.Pfx, password);
//var x5092 = new System.Security.Cryptography.X509Certificates.X509Certificate2(certBytes, password);
//var rsaPriv = DotNetUtilities.ToRSA(subjectKeyPair.Private as RsaPrivateCrtKeyParameters);
//x509.PrivateKey = rsaPriv;
var x509Bytes = x509.Export(System.Security.Cryptography.X509Certificates.X509ContentType.Cert);
System.IO.File.WriteAllBytes(@"C:\mycertx509x.cer", x509Bytes);
var x509Bytes2 = x509.Export(System.Security.Cryptography.X509Certificates.X509ContentType.Pkcs12, password);
System.IO.File.WriteAllBytes(@"C:\mycertx509x.pfx", x509Bytes2);
System.IO.File.WriteAllText(@"C:\mycertx509x_pass.txt", password);
//Utility.AddCertToStore(x509, System.Security.Cryptography.X509Certificates.StoreName.My, System.Security.Cryptography.X509Certificates.StoreLocation.LocalMachine);
return x509Bytes2;
}
public static void GenerateCertificate(string subjectName, long serialNumber, DateTime expireOn, bool isCertificateAuthority, System.Security.Cryptography.X509Certificates.X509Certificate2 issuingCertificate, out string thumbprint, out string pemPrivateKey, out string pemPublicCert, out byte[] publicCert, out byte[] pkcs12Data, out string password)
{
AsymmetricKeyParameter caPrivateKey;
var caCert = ReadCertificateFromX509Certificate2(issuingCertificate, out caPrivateKey);
var caAuth = new AuthorityKeyIdentifierStructure(caCert);
var authKeyId = new AuthorityKeyIdentifier(caAuth.GetKeyIdentifier());
// Generating Random Numbers
var randomGenerator = new CryptoApiRandomGenerator();
var random = new SecureRandom(randomGenerator);
var kpgen = new RsaKeyPairGenerator();
kpgen.Init(new KeyGenerationParameters(random, 2048)); //new SecureRandom(new CryptoApiRandomGenerator()), 2048));
var subjectKeyPair = kpgen.GenerateKeyPair();
var gen = new X509V3CertificateGenerator();
var certName = new X509Name("CN=" + subjectName);
BigInteger serialNo;
if (serialNumber == 0)
{
serialNo = BigInteger.ProbablePrime(120, random);
}
else
{
serialNo = BigInteger.ValueOf(serialNumber);
}
gen.SetSerialNumber(serialNo);
gen.SetSubjectDN(certName);
//gen.SetIssuerDN(certName);
gen.SetIssuerDN(caCert.IssuerDN);
var issuerPublicKeyInfo = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(caCert.GetPublicKey());
var issuerGeneralNames = new GeneralNames(new GeneralName(caCert.IssuerDN));
var issuerSerialNumber = caCert.SerialNumber;
var authorityKeyIdentifier = new AuthorityKeyIdentifier(issuerPublicKeyInfo, issuerGeneralNames, issuerSerialNumber);
gen.AddExtension(X509Extensions.AuthorityKeyIdentifier.Id, true, authorityKeyIdentifier);
gen.SetNotAfter(expireOn);
gen.SetNotBefore(DateTime.Now.Date);
gen.SetSignatureAlgorithm("SHA256WithRSA"); //("MD5WithRSA");
gen.SetPublicKey(subjectKeyPair.Public);
gen.AddExtension(
X509Extensions.BasicConstraints.Id,
true,
new BasicConstraints(isCertificateAuthority));
var certificate = gen.Generate(caPrivateKey, random);
//var certificate = gen.Generate(subjectKeyPair.Private, random);
PrivateKeyInfo info = PrivateKeyInfoFactory.CreatePrivateKeyInfo(subjectKeyPair.Private);
var x509 = new System.Security.Cryptography.X509Certificates.X509Certificate2(certificate.GetEncoded());
var seq = (Asn1Sequence)Asn1Object.FromByteArray(info.PrivateKey.GetDerEncoded());
if (seq.Count != 9)
{
throw new PemException("Malformed sequence in RSA private key.");
}
var rsa = new RsaPrivateKeyStructure(seq);
RsaPrivateCrtKeyParameters rsaparams = new RsaPrivateCrtKeyParameters(
rsa.Modulus, rsa.PublicExponent, rsa.PrivateExponent, rsa.Prime1, rsa.Prime2, rsa.Exponent1, rsa.Exponent2, rsa.Coefficient);
RSAParameters rsaParameters = DotNetUtilities.ToRSAParameters(rsaparams);
CspParameters cspParameters = new CspParameters();
cspParameters.KeyContainerName = Guid.NewGuid().ToString(); // "MyKeyContainer";
RSACryptoServiceProvider rsaKey = new RSACryptoServiceProvider(2048, cspParameters);
rsaKey.ImportParameters(rsaParameters);
x509.PrivateKey = rsaKey; // DotNetUtilities.ToRSA(rsaparams);
// Generating Random Numbers
var chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-()#$%^&@+=!";
var rnd = new Random();
password = new string(
Enumerable.Repeat(chars, 32)
.Select(s => s[rnd.Next(s.Length)])
.ToArray());
thumbprint = x509.Thumbprint.ToLower();
publicCert = x509.Export(System.Security.Cryptography.X509Certificates.X509ContentType.Cert);
var privateKeyPem = new StringBuilder();
var privateKeyPemWriter = new PemWriter(new StringWriter(privateKeyPem));
privateKeyPemWriter.WriteObject(certificate);
privateKeyPemWriter.WriteObject(subjectKeyPair.Private);
privateKeyPemWriter.Writer.Flush();
pemPrivateKey = privateKeyPem.ToString();
var publicKeyPem = new StringBuilder();
var utf8WithoutBom = new System.Text.UTF8Encoding(false);
var publicKeyPemWriter = new PemWriter(new StringWriterWithEncoding(publicKeyPem, utf8WithoutBom));
publicKeyPemWriter.WriteObject(certificate);
publicKeyPemWriter.Writer.Flush();
pemPublicCert = publicKeyPem.ToString();
pemPublicCert = pemPublicCert.Replace(Environment.NewLine, "\n"); //only use newline and not returns
pkcs12Data = x509.Export(System.Security.Cryptography.X509Certificates.X509ContentType.Pfx, password);
}
public AuthorityKeyIdentifierStructure(AsymmetricKeyParameter pubKey) : base(AuthorityKeyIdentifierStructure.FromKey(pubKey))
{
}
public AuthorityKeyIdentifierStructure(X509Certificate certificate) : base(AuthorityKeyIdentifierStructure.FromCertificate(certificate))
{
}
public X509Certificate2 Build()
{
// Generating Random Numbers
var randomGenerator = new CryptoApiRandomGenerator();
var random = new SecureRandom(randomGenerator);
// The Certificate Generator
var certificateGenerator = new X509V3CertificateGenerator();
// Serial Number
var serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(long.MaxValue), random);
certificateGenerator.SetSerialNumber(serialNumber);
// Signature Algorithm
certificateGenerator.SetSignatureAlgorithm("SHA256WithRSA");
// Issuer and Subject Name
certificateGenerator.SetIssuerDN(new X509Name(_issuerName ?? _subjectName));
certificateGenerator.SetSubjectDN(new X509Name(_subjectName));
// Authority Key Identifier
if (_issuer != null)
{
var authorityKeyIdentifier = new AuthorityKeyIdentifierStructure(
DotNetUtilities.FromX509Certificate(_issuer));
certificateGenerator.AddExtension(
X509Extensions.AuthorityKeyIdentifier.Id, false, authorityKeyIdentifier);
}
// Basic Constraints - certificate is allowed to be used as intermediate.
certificateGenerator.AddExtension(
X509Extensions.BasicConstraints.Id, true, new BasicConstraints(_intermediate));
// Valid For
certificateGenerator.SetNotBefore(_notBefore ?? DateTime.UtcNow.Date);
certificateGenerator.SetNotAfter(_notAfter ?? DateTime.UtcNow.Date.AddYears(2));
// Subject Public Key
var keyGenerationParameters = new KeyGenerationParameters(random, _keyStrength);
var keyPairGenerator = new RsaKeyPairGenerator();
keyPairGenerator.Init(keyGenerationParameters);
var subjectKeyPair = keyPairGenerator.GenerateKeyPair();
var issuerKeyPair = _issuerPrivateKey == null
? subjectKeyPair
: DotNetUtilities.GetKeyPair(_issuerPrivateKey);
certificateGenerator.SetPublicKey(subjectKeyPair.Public);
// selfsign certificate
var certificate = certificateGenerator.Generate(issuerKeyPair.Private, random);
// merge into X509Certificate2
return new X509Certificate2(certificate.GetEncoded())
{
PrivateKey = ConvertToRsaPrivateKey(subjectKeyPair)
};
}
