//---------------------------------------私钥转换 public static void getPriKeyPem() { var rsa = new RSACryptoServiceProvider(); using (var sr = new StreamReader("E:\\PriKey.xml")) { rsa.FromXmlString(sr.ReadToEnd()); } var p = rsa.ExportParameters(true); var key = new RsaPrivateCrtKeyParameters( new BigInteger(1, p.Modulus), new BigInteger(1, p.Exponent), new BigInteger(1, p.D), new BigInteger(1, p.P), new BigInteger(1, p.Q), new BigInteger(1, p.DP), new BigInteger(1, p.DQ), new BigInteger(1, p.InverseQ)); using (var sw = new StreamWriter("e:\\PriKey.pem")) { var pemWriter = new Org.BouncyCastle.OpenSsl.PemWriter(sw); pemWriter.WriteObject(key); } }
private static string GimmeKey(AsymmetricKeyParameter key) { var sb = new StringBuilder(); using (var prvSw = new StringWriter(sb)) { var pmw = new Org.BouncyCastle.OpenSsl.PemWriter(prvSw); pmw.WriteObject(key); } return sb.ToString(); }
/// <summary> /// XML格式私钥转换PEM格式 /// </summary> public static string XMLPrivatekeyToPEM(string xml) { var rsa2 = new RSACryptoServiceProvider(); rsa2.FromXmlString(xml); var p = rsa2.ExportParameters(true); var key = new RsaPrivateCrtKeyParameters( new BigInteger(1, p.Modulus), new BigInteger(1, p.Exponent), new BigInteger(1, p.D), new BigInteger(1, p.P), new BigInteger(1, p.Q), new BigInteger(1, p.DP), new BigInteger(1, p.DQ), new BigInteger(1, p.InverseQ)); using (MemoryStream stream = new MemoryStream()) { using (var sw = new StreamWriter(stream, Encoding.UTF8)) { var pemWriter = new Org.BouncyCastle.OpenSsl.PemWriter(sw); pemWriter.WriteObject(key); sw.Flush(); var ret = System.Text.Encoding.UTF8.GetString(stream.ToArray()); return(ret); } } }
public static string GetPrivatePemString(RSAParameters p) { var key = new RsaPrivateCrtKeyParameters( new BigInteger(1, p.Modulus), new BigInteger(1, p.Exponent), new BigInteger(1, p.D), new BigInteger(1, p.P), new BigInteger(1, p.Q), new BigInteger(1, p.DP), new BigInteger(1, p.DQ), new BigInteger(1, p.InverseQ)); using (var stream = new MemoryStream()) { using (var writer = new StreamWriter(stream, new UTF8Encoding())) { var pemWriter = new Org.BouncyCastle.OpenSsl.PemWriter(writer); pemWriter.WriteObject(key); } return new UTF8Encoding().GetString(stream.ToArray()).Replace("\r\n", "\n"); } }
/// <summary> /// Creates a new X509 certificate and returns its data in PEM format. /// /// <see cref="PatchingCertificatePem"/> is generated using this method. /// </summary> public string GenerateNewCertificatePem() { var randomGenerator = new CryptoApiRandomGenerator(); var random = new SecureRandom(randomGenerator); var certificateGenerator = new X509V3CertificateGenerator(); var serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(Int64.MaxValue), random); certificateGenerator.SetSerialNumber(serialNumber); // TODO: Figure out ISignatureFactory to avoid these deprecated methods #pragma warning disable 618 certificateGenerator.SetSignatureAlgorithm("SHA256WithRSA"); #pragma warning restore 618 var subjectDn = new X509Name("cn=Unknown"); var issuerDn = subjectDn; certificateGenerator.SetIssuerDN(issuerDn); certificateGenerator.SetSubjectDN(subjectDn); certificateGenerator.SetNotBefore(DateTime.UtcNow.Date.AddYears(-10)); certificateGenerator.SetNotAfter(DateTime.UtcNow.Date.AddYears(50)); var keyGenerationParameters = new KeyGenerationParameters(random, 2048); var keyPairGenerator = new RsaKeyPairGenerator(); keyPairGenerator.Init(keyGenerationParameters); var subjectKeyPair = keyPairGenerator.GenerateKeyPair(); certificateGenerator.SetPublicKey(subjectKeyPair.Public); // TODO: Figure out ISignatureFactory to avoid these deprecated methods #pragma warning disable 618 X509Certificate cert = certificateGenerator.Generate(subjectKeyPair.Private); #pragma warning restore 618 using var writer = new StringWriter(); var pemWriter = new Org.BouncyCastle.OpenSsl.PemWriter(writer); pemWriter.WriteObject(new PemObject("CERTIFICATE", cert.GetEncoded())); pemWriter.WriteObject(subjectKeyPair.Private); return(writer.ToString()); }
/// <summary> /// XML格式私钥转PEM /// </summary> /// <param name="xml">XML格式私钥</param> /// <param name="saveFile">保存文件的物理路径</param> public static string Xml2PemPrivate(string xml, string saveFile) { var rsa = new RSACryptoServiceProvider(); rsa.FromXmlString(xml); var p = rsa.ExportParameters(true); var key = new RsaPrivateCrtKeyParameters( new BigInteger(1, p.Modulus), new BigInteger(1, p.Exponent), new BigInteger(1, p.D), new BigInteger(1, p.P), new BigInteger(1, p.Q), new BigInteger(1, p.DP), new BigInteger(1, p.DQ), new BigInteger(1, p.InverseQ)); using (var sw = new StreamWriter(saveFile)) { var pemWriter = new Org.BouncyCastle.OpenSsl.PemWriter(sw); pemWriter.WriteObject(key); } PrivateKeyInfo privateKeyInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(key); byte[] serializedPrivateBytes = privateKeyInfo.ToAsn1Object().GetEncoded(); string privateKey = Convert.ToBase64String(serializedPrivateBytes); return(Format(privateKey, 2)); }
// http://stackoverflow.com/questions/36942094/how-can-i-generate-a-self-signed-cert-without-using-obsolete-bouncycastle-1-7-0 public static System.Security.Cryptography.X509Certificates.X509Certificate2 CreateX509Cert2(string certName) { var keypairgen = new Org.BouncyCastle.Crypto.Generators.RsaKeyPairGenerator(); keypairgen.Init(new Org.BouncyCastle.Crypto.KeyGenerationParameters( new Org.BouncyCastle.Security.SecureRandom( new Org.BouncyCastle.Crypto.Prng.CryptoApiRandomGenerator() ) , 1024 //, 512 ) ); Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair keypair = keypairgen.GenerateKeyPair(); // --- Until here we generate a keypair var random = new Org.BouncyCastle.Security.SecureRandom( new Org.BouncyCastle.Crypto.Prng.CryptoApiRandomGenerator() ); // SHA1WITHRSA // SHA256WITHRSA // SHA384WITHRSA // SHA512WITHRSA // SHA1WITHECDSA // SHA224WITHECDSA // SHA256WITHECDSA // SHA384WITHECDSA // SHA512WITHECDSA Org.BouncyCastle.Crypto.ISignatureFactory signatureFactory = new Org.BouncyCastle.Crypto.Operators.Asn1SignatureFactory("SHA512WITHRSA", keypair.Private, random) ; var gen = new Org.BouncyCastle.X509.X509V3CertificateGenerator(); var CN = new Org.BouncyCastle.Asn1.X509.X509Name("CN=" + certName); var SN = Org.BouncyCastle.Math.BigInteger.ProbablePrime(120, new Random()); gen.SetSerialNumber(SN); gen.SetSubjectDN(CN); gen.SetIssuerDN(CN); gen.SetNotAfter(DateTime.Now.AddYears(1)); gen.SetNotBefore(DateTime.Now.Subtract(new TimeSpan(7, 0, 0, 0))); gen.SetPublicKey(keypair.Public); // -- Are these necessary ? // public static readonly DerObjectIdentifier AuthorityKeyIdentifier = new DerObjectIdentifier("2.5.29.35"); // OID value: 2.5.29.35 // OID description: id-ce-authorityKeyIdentifier // This extension may be used either as a certificate or CRL extension. // It identifies the public key to be used to verify the signature on this certificate or CRL. // It enables distinct keys used by the same CA to be distinguished (e.g., as key updating occurs). // http://stackoverflow.com/questions/14930381/generating-x509-certificate-using-bouncy-castle-java gen.AddExtension( Org.BouncyCastle.Asn1.X509.X509Extensions.AuthorityKeyIdentifier.Id, false, new Org.BouncyCastle.Asn1.X509.AuthorityKeyIdentifier( Org.BouncyCastle.X509.SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(keypair.Public), new Org.BouncyCastle.Asn1.X509.GeneralNames(new Org.BouncyCastle.Asn1.X509.GeneralName(CN)), SN )); // OID value: 1.3.6.1.5.5.7.3.1 // OID description: Indicates that a certificate can be used as an SSL server certificate. gen.AddExtension( Org.BouncyCastle.Asn1.X509.X509Extensions.ExtendedKeyUsage.Id, false, new Org.BouncyCastle.Asn1.X509.ExtendedKeyUsage( new System.Collections.Generic.List <object>() { new Org.BouncyCastle.Asn1.DerObjectIdentifier("1.3.6.1.5.5.7.3.1") } ) ); gen.AddExtension( new Org.BouncyCastle.Asn1.DerObjectIdentifier("2.5.29.19"), false, new Org.BouncyCastle.Asn1.X509.BasicConstraints(false) // true if it is allowed to sign other certs ); gen.AddExtension( new Org.BouncyCastle.Asn1.DerObjectIdentifier("2.5.29.15"), true, new Org.BouncyCastle.X509.X509KeyUsage( Org.BouncyCastle.X509.X509KeyUsage.DigitalSignature | Org.BouncyCastle.X509.X509KeyUsage.NonRepudiation | Org.BouncyCastle.X509.X509KeyUsage.KeyEncipherment | Org.BouncyCastle.X509.X509KeyUsage.DataEncipherment) ); // -- End are these necessary ? Org.BouncyCastle.X509.X509Certificate bouncyCert = gen.Generate(signatureFactory); // Org.BouncyCastle.X509.X509Certificate bouncyCert = gen.Generate(keypair.Private); bouncyCert.GetPublicKey(); byte[] ba = bouncyCert.GetEncoded(); using (System.IO.TextWriter textWriter = new System.IO.StringWriter()) { Org.BouncyCastle.OpenSsl.PemWriter pemWriter = new Org.BouncyCastle.OpenSsl.PemWriter(textWriter); pemWriter.WriteObject(bouncyCert); pemWriter.WriteObject(keypair.Private); pemWriter.Writer.Flush(); string privateKey = textWriter.ToString(); System.Console.WriteLine(privateKey); } // End Using textWriter string certFile = @"D:\mycert.cert"; using (System.IO.FileStream fs = System.IO.File.OpenWrite(certFile)) { using (System.IO.TextWriter textWriter = new System.IO.StreamWriter(fs)) { Org.BouncyCastle.OpenSsl.PemWriter pemWriter = new Org.BouncyCastle.OpenSsl.PemWriter(textWriter); pemWriter.WriteObject(bouncyCert); pemWriter.WriteObject(keypair.Private); pemWriter.Writer.Flush(); string privateKey = textWriter.ToString(); System.Console.WriteLine(privateKey); } // End Using textWriter } // End Using fs // https://github.com/dotnet/corefx/blob/master/src/System.Security.Cryptography.X509Certificates/src/System/Security/Cryptography/X509Certificates/X509Certificate.cs // https://github.com/dotnet/corefx/blob/master/src/System.Security.Cryptography.X509Certificates/src/System/Security/Cryptography/X509Certificates/X509Certificate2.cs // System.Security.Cryptography.X509Certificates.X509Certificate2 msCert = new System.Security.Cryptography.X509Certificates.X509Certificate2(ba); System.Security.Cryptography.X509Certificates.X509Certificate2 msCert = new System.Security.Cryptography.X509Certificates .X509Certificate2(ba, null , System.Security.Cryptography.X509Certificates.X509KeyStorageFlags.Exportable // System.Security.Cryptography.X509Certificates.X509KeyStorageFlag.PersistKeySet | // System.Security.Cryptography.X509Certificates.X509KeyStorageFlag.MachineKeySet | // System.Security.Cryptography.X509Certificates.X509KeyStorageFlag.Exportable ); msCert = new X509Certificate2(certFile, null, X509KeyStorageFlags.MachineKeySet); object obj = msCert.GetRSAPrivateKey(); System.Console.WriteLine(obj); if (msCert.HasPrivateKey) { Console.WriteLine(msCert.HasPrivateKey); } return(msCert); }
} // End Function GenerateEcdsaKeyPair public static void WritePrivatePublic(Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair keyPair) { string privateKey = null; string publicKey = null; string bothKeys = null; // id_rsa using (System.IO.TextWriter textWriter = new System.IO.StringWriter()) { Org.BouncyCastle.OpenSsl.PemWriter pemWriter = new Org.BouncyCastle.OpenSsl.PemWriter(textWriter); pemWriter.WriteObject(keyPair.Private); pemWriter.Writer.Flush(); privateKey = textWriter.ToString(); } // End Using textWriter // id_rsa.pub using (System.IO.TextWriter textWriter = new System.IO.StringWriter()) { Org.BouncyCastle.OpenSsl.PemWriter pemWriter = new Org.BouncyCastle.OpenSsl.PemWriter(textWriter); pemWriter.WriteObject(keyPair.Public); pemWriter.Writer.Flush(); publicKey = textWriter.ToString(); } // End Using textWriter // // This writes the same as private key, not both //using (System.IO.TextWriter textWriter = new System.IO.StringWriter()) //{ // Org.BouncyCastle.OpenSsl.PemWriter pemWriter = new Org.BouncyCastle.OpenSsl.PemWriter(textWriter); // pemWriter.WriteObject(keyPair); // pemWriter.Writer.Flush(); // bothKeys = textWriter.ToString(); //} // End Using textWriter System.Console.WriteLine(privateKey); System.Console.WriteLine(publicKey); //System.Console.WriteLine(bothKeys); // Org.BouncyCastle.Crypto.AsymmetricKeyParameter pk = ReadPrivateKey(privateKey); // Org.BouncyCastle.Crypto.AsymmetricKeyParameter pubKey = ReadPublicKey(publicKey); // ReadPublicKey(privateKey); // Cannot read this // ReadPrivateKey(publicKey); // Cannot read this either... ReadPublicKey(publicKey); // ReadPrivateKey(publicKey); Org.BouncyCastle.Crypto.AsymmetricKeyParameter privKey = ReadPrivateKey(privateKey); byte[] value = System.Text.Encoding.UTF8.GetBytes("hello world"); // Org.BouncyCastle.Crypto.Parameters.ECPrivateKeyParameters privKey = pk; // key.EcPrivateKey; Org.BouncyCastle.Crypto.ISigner signer = // https://github.com/neoeinstein/bouncycastle/blob/master/crypto/src/security/SignerUtilities.cs Org.BouncyCastle.Security.SignerUtilities.GetSigner("SHA-256withECDSA"); signer.Init(true, privKey); signer.BlockUpdate(value, 0, value.Length); byte[] signature = signer.GenerateSignature(); System.Console.WriteLine(signature); } // End Sub WritePrivatePublic
} // End Sub WriteCerAndCrt public static void Test() { Org.BouncyCastle.Asn1.X509.X509Name caName = new Org.BouncyCastle.Asn1.X509.X509Name("CN=TestCA"); Org.BouncyCastle.Asn1.X509.X509Name eeName = new Org.BouncyCastle.Asn1.X509.X509Name("CN=TestEE"); Org.BouncyCastle.Asn1.X509.X509Name eeName25519 = new Org.BouncyCastle.Asn1.X509.X509Name("CN=TestEE25519"); string countryIso2Characters = "EA"; string stateOrProvince = "ERA"; string localityOrCity = "NeutralZone"; string companyName = "Skynet Earth Inc."; string division = "Skynet mbH"; string domainName = "sky.net"; string email = "*****@*****.**"; Org.BouncyCastle.Asn1.X509.X509Name subj = CertificateInfo.CreateSubject( countryIso2Characters, stateOrProvince , localityOrCity, companyName , division, domainName, email); System.Console.WriteLine(subj); Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair caKey25519 = KeyGenerator.GenerateEcKeyPair("curve25519", s_secureRandom.Value); Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair caKey = KeyGenerator.GenerateEcKeyPair("secp256r1", s_secureRandom.Value); Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair eeKey = KeyGenerator.GenerateRsaKeyPair(2048, s_secureRandom.Value); string publicKey = null; // id_rsa.pub using (System.IO.TextWriter textWriter = new System.IO.StringWriter()) { Org.BouncyCastle.OpenSsl.PemWriter pemWriter = new Org.BouncyCastle.OpenSsl.PemWriter(textWriter); pemWriter.WriteObject(eeKey); pemWriter.Writer.Flush(); publicKey = textWriter.ToString(); } // End Using textWriter System.Console.WriteLine(publicKey); // https://social.msdn.microsoft.com/Forums/vstudio/de-DE/8d49a681-22c6-417f-af3c-8daebd6f10dd/signierung-eines-hashs-mit-ellipticcurve-crypto?forum=visualcsharpde // https://stackoverflow.com/questions/22963581/reading-elliptic-curve-private-key-from-file-with-bouncycastle/41947163 // PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(pkcs8key); // The EC PARAMETERS block in your file is an accident of the way openssl ecparam - genkey works by default; // it is not needed or used as part of the actual key and you can omit it by specifying - noout // which is admittedly somewhat unobvious. // The actual key structure('hidden' in the base64/ DER data) for EC(DSA / DH) // does contain some parameter info which RSA doesn't but DSA does. PrivatePublicPemKeyPair keyPair = KeyImportExport.GetPemKeyPair(caKey25519); // PrivatePublicPemKeyPair keyPair = PrivatePublicPemKeyPair.ImportFrom("", ""); Org.BouncyCastle.X509.X509Certificate caCert = GenerateCertificate(caName, caName, caKey.Private, caKey.Public, s_secureRandom.Value); Org.BouncyCastle.X509.X509Certificate eeCert = GenerateCertificate(caName, eeName, caKey.Private, eeKey.Public, s_secureRandom.Value); Org.BouncyCastle.X509.X509Certificate ee25519Cert = GenerateCertificate(caName, eeName25519, caKey25519.Private, caKey25519.Public, s_secureRandom.Value); bool caOk = ValidateSelfSignedCert(caCert, caKey.Public); bool eeOk = ValidateSelfSignedCert(eeCert, caKey.Public); bool ee25519 = ValidateSelfSignedCert(eeCert, caKey.Public); PfxGenerator.CreatePfxFile("example.pfx", caCert, caKey.Private, null); // System.IO.File.WriteAllBytes("fileName", caCert.Export(X509ContentType.Pkcs12, PfxPassword)); // https://info.ssl.com/how-to-der-vs-crt-vs-cer-vs-pem-certificates-and-how-to-conver-them/ // The file extensions .CRT and .CER are interchangeable. // If your server requires that you use the .CER file extension, you can change the extension // http://www.networksolutions.com/support/what-is-the-difference-between-a-crt-and-a-cer-file/ // https://stackoverflow.com/questions/642284/apache-with-ssl-how-to-convert-cer-to-crt-certificates // File extensions for cryptographic certificates aren't really as standardized as you'd expect. // Windows by default treats double - clicking a.crt file as a request to import the certificate // So, they're different in that sense, at least, that Windows has some inherent different meaning // for what happens when you double click each type of file. // One is a "binary" X.509 encoding, and the other is a "text" base64 encoding that usually starts with "-----BEGIN CERTIFICATE-----". // into the Windows Root Certificate store, but treats a.cer file as a request just to view the certificate. // CER is an X.509 certificate in binary form, DER encoded // CRT is a binary X.509 certificate, encapsulated in text (base-64) encoding // Most systems accept both formats, but if you need to you can convert one to the other via openssl // Certificate file should be PEM-encoded X.509 Certificate file: // openssl x509 -inform DER -in certificate.cer -out certificate.pem using (System.IO.Stream f = System.IO.File.Open("ca.cer", System.IO.FileMode.Create)) { byte[] buf = caCert.GetEncoded(); f.Write(buf, 0, buf.Length); f.Flush(); } using (System.IO.Stream fs = System.IO.File.Open("ee.cer", System.IO.FileMode.Create)) { byte[] buf = eeCert.GetEncoded(); fs.Write(buf, 0, buf.Length); fs.Flush(); } // End Using fs using (System.IO.Stream fs = System.IO.File.Open("ee25519.cer", System.IO.FileMode.Create)) { byte[] buf = ee25519Cert.GetEncoded(); fs.Write(buf, 0, buf.Length); fs.Flush(); } // End Using fs // new System.Text.ASCIIEncoding(false) // new System.Text.UTF8Encoding(false) using (System.IO.Stream fs = System.IO.File.Open("ee.crt", System.IO.FileMode.Create)) { using (System.IO.StreamWriter sw = new System.IO.StreamWriter(fs, System.Text.Encoding.ASCII)) { byte[] buf = eeCert.GetEncoded(); string pem = ToPem(buf); sw.Write(pem); } // End Using sw } // End Using fs using (System.IO.Stream fs = System.IO.File.Open("ee25519.crt", System.IO.FileMode.Create)) { using (System.IO.StreamWriter sw = new System.IO.StreamWriter(fs, System.Text.Encoding.ASCII)) { byte[] buf = ee25519Cert.GetEncoded(); string pem = ToPem(buf); sw.Write(pem); } // End Using sw } // End Using fs Org.BouncyCastle.Asn1.X509.X509Name subject = eeName25519; } // End Sub Test
// https://gist.github.com/Venomed/5337717aadfb61b09e58 // https://www.powershellgallery.com/packages/Posh-ACME/2.2.0/Content/Private%5CNew-Csr.ps1 public static string CreateSignatureRequest( Org.BouncyCastle.Asn1.X509.X509Name subject , Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair caKey25519 , Org.BouncyCastle.Security.SecureRandom secureRandom) { Org.BouncyCastle.Crypto.ISignatureFactory signatureFactory; Org.BouncyCastle.Crypto.AsymmetricKeyParameter publicKey = caKey25519.Public; Org.BouncyCastle.Crypto.AsymmetricKeyParameter signingKey = caKey25519.Private; if (signingKey is Org.BouncyCastle.Crypto.Parameters.ECPrivateKeyParameters) { signatureFactory = new Org.BouncyCastle.Crypto.Operators.Asn1SignatureFactory( Org.BouncyCastle.Asn1.X9.X9ObjectIdentifiers.ECDsaWithSha256.ToString(), signingKey); } else { signatureFactory = new Org.BouncyCastle.Crypto.Operators.Asn1SignatureFactory( Org.BouncyCastle.Asn1.Pkcs.PkcsObjectIdentifiers.Sha256WithRsaEncryption.ToString(), signingKey); } System.Collections.Generic.Dictionary <Org.BouncyCastle.Asn1.DerObjectIdentifier, Org.BouncyCastle.Asn1.X509.X509Extension> extensions = new System.Collections.Generic.Dictionary <Org.BouncyCastle.Asn1.DerObjectIdentifier, Org.BouncyCastle.Asn1.X509.X509Extension>() { { Org.BouncyCastle.Asn1.X509.X509Extensions.BasicConstraints, new Org.BouncyCastle.Asn1.X509.X509Extension( true , new Org.BouncyCastle.Asn1.DerOctetString(new Org.BouncyCastle.Asn1.X509.BasicConstraints(false)) ) }, { Org.BouncyCastle.Asn1.X509.X509Extensions.KeyUsage, new Org.BouncyCastle.Asn1.X509.X509Extension(true, new Org.BouncyCastle.Asn1.DerOctetString( new Org.BouncyCastle.Asn1.X509.KeyUsage( Org.BouncyCastle.Asn1.X509.KeyUsage.DigitalSignature | Org.BouncyCastle.Asn1.X509.KeyUsage.KeyEncipherment | Org.BouncyCastle.Asn1.X509.KeyUsage.DataEncipherment | Org.BouncyCastle.Asn1.X509.KeyUsage.NonRepudiation ) ) ) }, { Org.BouncyCastle.Asn1.X509.X509Extensions.ExtendedKeyUsage, new Org.BouncyCastle.Asn1.X509.X509Extension(false, new Org.BouncyCastle.Asn1.DerOctetString( new Org.BouncyCastle.Asn1.X509.ExtendedKeyUsage( Org.BouncyCastle.Asn1.X509.KeyPurposeID.IdKPServerAuth, Org.BouncyCastle.Asn1.X509.KeyPurposeID.IdKPClientAuth ) ) ) }, }; // Asn1Set attributes = null; Org.BouncyCastle.Asn1.Asn1Set attributes = new Org.BouncyCastle.Asn1.DerSet( new Org.BouncyCastle.Asn1.Pkcs.AttributePkcs( Org.BouncyCastle.Asn1.Pkcs.PkcsObjectIdentifiers.Pkcs9AtExtensionRequest , new Org.BouncyCastle.Asn1.DerSet(new Org.BouncyCastle.Asn1.X509.X509Extensions(extensions)) ) ); Org.BouncyCastle.Pkcs.Pkcs10CertificationRequest csr = new Org.BouncyCastle.Pkcs.Pkcs10CertificationRequest( signatureFactory, subject, publicKey, attributes, signingKey ); System.Text.StringBuilder csrPem = new System.Text.StringBuilder(); Org.BouncyCastle.OpenSsl.PemWriter csrPemWriter = new Org.BouncyCastle.OpenSsl.PemWriter(new System.IO.StringWriter(csrPem)); csrPemWriter.WriteObject(csr); csrPemWriter.Writer.Flush(); string signingRequest = csrPem.ToString(); csrPem.Clear(); csrPem = null; // System.IO.File.WriteAllText("request.csr", signingRequest, System.Text.Encoding.ASCII); CertificationRequestReader.ReadCertificationRequest(signingRequest); // csr.GetDerEncoded(); System.Console.WriteLine(signingRequest); return(signingRequest); } // End Sub CreateSignatureRequest