public void ConvertPfxToPem(
string pfxPath,
string pfxPassword,
string keyPath)
{
using (Stream stream = File.Open(pfxPath, FileMode.Open))
{
Pkcs12Store pkcs = new Pkcs12Store(stream, pfxPassword.ToCharArray());
foreach (string alias in pkcs.Aliases)
{
if (pkcs.IsKeyEntry(alias) && pkcs.GetKey(alias).Key.IsPrivate)
{
AsymmetricKeyParameter privateKey = pkcs.GetKey(alias).Key;
using (Stream s = new FileStream(keyPath, FileMode.Create))
using (TextWriter textWriter = new StreamWriter(s))
{
var generator = new MiscPemGenerator(privateKey);
PemWriter pemWriter = new PemWriter(textWriter);
pemWriter.WriteObject(generator);
textWriter.Flush();
}
}
}
}
}
/// <summary>
/// get csr
/// </summary>
/// <param name="issuerName"></param>
/// <returns></returns>
public static Tuple <string, AsymmetricKeyParameter> GetCsr(string issuerName)
{
//generate KeyPair
var keyGenerator = new ECKeyPairGenerator();
ECKeyGenerationParameters pa = new ECKeyGenerationParameters(SecObjectIdentifiers.SecP256r1, new SecureRandom());
keyGenerator.Init(pa);
var keypair = keyGenerator.GenerateKeyPair();
//domain name of CSR file
X509Name principal = new X509Name(string.Format("CN={0},OU=client,O=BSN", string.IsNullOrEmpty(issuerName) ? "test02@app0001202004161020152918451" : issuerName));
//load public key
SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(keypair.Public);
CertificationRequestInfo info = new CertificationRequestInfo(principal, subjectPublicKeyInfo, new DerSet());
//signature
byte[] bs = ECDSAHelper.CsrSignData(info.GetEncoded(Asn1Encodable.Der), keypair.Private, pa.DomainParameters.N);
//generate csr object
Pkcs10CertificationRequest p10 = new Pkcs10CertificationRequest(new CertificationRequest
(info, new AlgorithmIdentifier(X9ObjectIdentifiers.ECDsaWithSha256),
new DerBitString(bs)).GetEncoded());
//generate csr string
Org.BouncyCastle.Utilities.IO.Pem.PemObject pemCSR = new Org.BouncyCastle.Utilities.IO.Pem.PemObject("CERTIFICATE REQUEST", p10.GetEncoded());
StringWriter str = new StringWriter();
Org.BouncyCastle.Utilities.IO.Pem.PemWriter pemCsr = new Org.BouncyCastle.Utilities.IO.Pem.PemWriter(str);
pemCsr.WriteObject(pemCSR);
pemCsr.Writer.Flush();
return(new Tuple <string, AsymmetricKeyParameter>(str.ToString(), keypair.Private));
}
private static byte[] ExportCertificate(X509Certificate certificate, AsymmetricCipherKeyPair subjectKeyPair, TCertificateFormat certificateFormat)
{
byte[] result = null;
switch (certificateFormat)
{
case TCertificateFormat.NotSet:
break;
case TCertificateFormat.PEM:
using (MemoryStream stream = new MemoryStream())
{
using (StreamWriter writer = new StreamWriter(stream))
{
Org.BouncyCastle.Utilities.IO.Pem.PemWriter pemWriter = new Org.BouncyCastle.Utilities.IO.Pem.PemWriter(writer);
if (subjectKeyPair.Private is ECKeyParameters)
{
ECPrivateKeyParameters priv = (ECPrivateKeyParameters)subjectKeyPair.Private;
ECDomainParameters dp = priv.Parameters;
int orderBitLength = dp.N.BitLength;
Org.BouncyCastle.Asn1.Sec.ECPrivateKeyStructure ec;
Org.BouncyCastle.Asn1.X9.X962Parameters x962;
if (priv.PublicKeyParamSet == null)
{
Org.BouncyCastle.Asn1.X9.X9ECParameters ecP = new Org.BouncyCastle.Asn1.X9.X9ECParameters(dp.Curve, dp.G, dp.N, dp.H, dp.GetSeed());
x962 = new Org.BouncyCastle.Asn1.X9.X962Parameters(ecP);
}
else
{
x962 = new Org.BouncyCastle.Asn1.X9.X962Parameters(priv.PublicKeyParamSet);
}
ec = new Org.BouncyCastle.Asn1.Sec.ECPrivateKeyStructure(orderBitLength, priv.D, SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(subjectKeyPair.Public).PublicKeyData, x962);
pemWriter.WriteObject(new Org.BouncyCastle.Utilities.IO.Pem.PemObject("EC PRIVATE KEY", ec.GetEncoded()));
}
else
{
pemWriter.WriteObject(new Org.BouncyCastle.OpenSsl.MiscPemGenerator(subjectKeyPair.Private));
}
pemWriter.WriteObject(new Org.BouncyCastle.OpenSsl.MiscPemGenerator(subjectKeyPair.Public));
pemWriter.WriteObject(new Org.BouncyCastle.OpenSsl.MiscPemGenerator(certificate));
writer.Flush();
result = stream.ToArray();
}
}
break;
case TCertificateFormat.PFX:
//Asn1Sequence asn1Sequence = Asn1Sequence.GetInstance(Asn1Object.FromByteArray(certificate.GetEncoded()));
//asn1Sequence.GetObjects
//Org.BouncyCastle.Asn1.Pkcs.Pfx pfx = new Org.BouncyCastle.Asn1.Pkcs.Pfx();
//Org.BouncyCastle.Asn1.Pkcs.PrivateKeyInfo info = Org.BouncyCastle.Pkcs.PrivateKeyInfoFactory.CreatePrivateKeyInfo(subjectKeyPair.Private);
//result = pfx.GetEncoded(Asn1Encodable.Der);
break;
case TCertificateFormat.CER:
result = certificate.GetEncoded();
break;
default:
break;
}
return result;
}
private static byte[] ExportCertificate(X509Certificate certificate, AsymmetricCipherKeyPair subjectKeyPair, TCertificateFormat certificateFormat)
{
byte[] result = null;
switch (certificateFormat)
{
case TCertificateFormat.NotSet:
break;
case TCertificateFormat.PEM:
using (MemoryStream stream = new MemoryStream())
{
using (StreamWriter writer = new StreamWriter(stream))
{
Org.BouncyCastle.Utilities.IO.Pem.PemWriter pemWriter = new Org.BouncyCastle.Utilities.IO.Pem.PemWriter(writer);
if (subjectKeyPair.Private is ECKeyParameters)
{
ECPrivateKeyParameters priv = (ECPrivateKeyParameters)subjectKeyPair.Private;
ECDomainParameters dp = priv.Parameters;
int orderBitLength = dp.N.BitLength;
Org.BouncyCastle.Asn1.Sec.ECPrivateKeyStructure ec;
Org.BouncyCastle.Asn1.X9.X962Parameters x962;
if (priv.PublicKeyParamSet == null)
{
Org.BouncyCastle.Asn1.X9.X9ECParameters ecP = new Org.BouncyCastle.Asn1.X9.X9ECParameters(dp.Curve, dp.G, dp.N, dp.H, dp.GetSeed());
x962 = new Org.BouncyCastle.Asn1.X9.X962Parameters(ecP);
}
else
{
x962 = new Org.BouncyCastle.Asn1.X9.X962Parameters(priv.PublicKeyParamSet);
}
ec = new Org.BouncyCastle.Asn1.Sec.ECPrivateKeyStructure(orderBitLength, priv.D, SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(subjectKeyPair.Public).PublicKeyData, x962);
pemWriter.WriteObject(new Org.BouncyCastle.Utilities.IO.Pem.PemObject("EC PRIVATE KEY", ec.GetEncoded()));
}
else
{
pemWriter.WriteObject(new Org.BouncyCastle.OpenSsl.MiscPemGenerator(subjectKeyPair.Private));
}
pemWriter.WriteObject(new Org.BouncyCastle.OpenSsl.MiscPemGenerator(subjectKeyPair.Public));
pemWriter.WriteObject(new Org.BouncyCastle.OpenSsl.MiscPemGenerator(certificate));
writer.Flush();
result = stream.ToArray();
}
}
break;
case TCertificateFormat.PFX:
//Asn1Sequence asn1Sequence = Asn1Sequence.GetInstance(Asn1Object.FromByteArray(certificate.GetEncoded()));
//asn1Sequence.GetObjects
//Org.BouncyCastle.Asn1.Pkcs.Pfx pfx = new Org.BouncyCastle.Asn1.Pkcs.Pfx();
//Org.BouncyCastle.Asn1.Pkcs.PrivateKeyInfo info = Org.BouncyCastle.Pkcs.PrivateKeyInfoFactory.CreatePrivateKeyInfo(subjectKeyPair.Private);
//result = pfx.GetEncoded(Asn1Encodable.Der);
break;
case TCertificateFormat.CER:
result = certificate.GetEncoded();
break;
default:
break;
}
return(result);
}
public static bool ExportPrimaryAsPkcs(this IKeySet keySet, string location, Func <string> passwordPrompt)
{
var i = keySet.Metadata.Versions.First(it => it.Status == KeyStatus.Primary).VersionNumber;
using (var key = keySet.GetKey(i))
{
using (var stream = new FileStream(location, FileMode.Create))
using (var writer = new StreamWriter(stream))
{
var pemWriter = new Org.BouncyCastle.Utilities.IO.Pem.PemWriter(writer);
AsymmetricKeyParameter writeKey;
if (!(key is IPrivateKey))
{
if (key.KeyType == KeyType.DsaPub)
{
var dsaKey = (DsaPublicKey)key;
writeKey = new DsaPublicKeyParameters(dsaKey.Y.ToBouncyBigInteger(),
new DsaParameters(
dsaKey.P.ToBouncyBigInteger(),
dsaKey.Q.ToBouncyBigInteger(),
dsaKey.G.ToBouncyBigInteger()));
}
else if (key is IRsaPublicKey)
{
var rsaKey = (IRsaPublicKey)key;
writeKey = new RsaKeyParameters(false,
rsaKey.Modulus.ToBouncyBigInteger(),
rsaKey.PublicExponent.ToBouncyBigInteger());
}
else
{
throw new InvalidKeyTypeException("Non exportable key type.");
}
pemWriter.WriteObject(new MiscPemGenerator(writeKey));
}
else
{
if (key.KeyType == KeyType.DsaPriv)
{
var dsaKey = (DsaPrivateKey)key;
writeKey = new DsaPrivateKeyParameters(dsaKey.X.ToBouncyBigInteger(),
new DsaParameters(
dsaKey.PublicKey.P.ToBouncyBigInteger(),
dsaKey.PublicKey.Q.ToBouncyBigInteger(),
dsaKey.PublicKey.G.ToBouncyBigInteger()));
}
else if (key is IRsaPrivateKey)
{
var rsaKey = (IRsaPrivateKey)key;
writeKey = new RsaPrivateCrtKeyParameters(
rsaKey.PublicKey.Modulus.ToBouncyBigInteger(),
rsaKey.PublicKey.PublicExponent.ToBouncyBigInteger(),
rsaKey.PrivateExponent.ToBouncyBigInteger(),
rsaKey.PrimeP.ToBouncyBigInteger(),
rsaKey.PrimeQ.ToBouncyBigInteger(),
rsaKey.PrimeExponentP.ToBouncyBigInteger(),
rsaKey.PrimeExponentQ.ToBouncyBigInteger(),
rsaKey.CrtCoefficient.ToBouncyBigInteger());
}
else
{
throw new InvalidKeyTypeException("Non exportable key type.");
}
pemWriter.WriteObject(new Pkcs8Generator(writeKey, Pkcs8Generator.PbeSha1_RC2_128)
{
Password = (passwordPrompt() ?? String.Empty).ToCharArray(),
SecureRandom = Secure.Random,
IterationCount = 4096
});
}
}
}
return(true);
}
public static bool ExportPrimaryAsPkcs(this IKeySet keySet, Stream stream, Func <string> passwordPrompt)
{
using (var key = keySet.GetPrimaryKey())
{
using (var writer = new StreamWriter(stream))
{
var pemWriter = new Org.BouncyCastle.Utilities.IO.Pem.PemWriter(writer);
string password = null;
if (key is IPrivateKey)
{
password = (passwordPrompt?.Invoke() ?? String.Empty);
}
AsymmetricKeyParameter writeKey;
if (!(key is IPrivateKey) || String.IsNullOrWhiteSpace(password))
{
switch (key)
{
case DsaPublicKey dsa:
writeKey = BouncyCastleFromKey(dsa);
break;
case IRsaPublicKey rsa:
writeKey = BouncyCastleFromKey(rsa);
break;
case DsaPrivateKey dsa:
writeKey = BouncyCastleFromKey(dsa.PublicKey);
pemWriter.WriteObject(new MiscPemGenerator(writeKey));
writeKey = BouncyCastleFromKey(dsa);
break;
case IRsaPrivateKey rsa:
writeKey = BouncyCastleFromKey(rsa.PublicKey);
pemWriter.WriteObject(new MiscPemGenerator(writeKey));
writeKey = BouncyCastleFromKey(rsa);
break;
default:
throw new InvalidKeyTypeException("Non exportable key type.");
}
pemWriter.WriteObject(new MiscPemGenerator(writeKey));
}
else
{
switch (key)
{
case DsaPrivateKey dsa:
writeKey = BouncyCastleFromKey(dsa);
break;
case IRsaPrivateKey rsa:
writeKey = BouncyCastleFromKey(rsa);
break;
default:
throw new InvalidKeyTypeException("Non exportable key type.");
}
pemWriter.WriteObject(new Pkcs8Generator(writeKey, Pkcs8Generator.PbeSha1_RC2_128)
{
Password = (password)?.ToCharArray(),
SecureRandom = Secure.Random,
IterationCount = 4096
});
}
}
}
return(true);
}
