/// <summary> /// Returns a byte array containing the private key in PEM format. /// </summary> public static byte[] ExportPrivateKeyAsPEM( X509Certificate2 certificate, string password = null ) { byte[] exportedPkcs8PrivateKey = null; using (RSA rsaPrivateKey = certificate.GetRSAPrivateKey()) { if (rsaPrivateKey != null) { // write private key as PKCS#8 exportedPkcs8PrivateKey = String.IsNullOrEmpty(password) ? rsaPrivateKey.ExportPkcs8PrivateKey() : rsaPrivateKey.ExportEncryptedPkcs8PrivateKey(password.ToCharArray(), new PbeParameters(PbeEncryptionAlgorithm.TripleDes3KeyPkcs12, HashAlgorithmName.SHA1, 2000)); } else { using (ECDsa ecdsaPrivateKey = certificate.GetECDsaPrivateKey()) { if (ecdsaPrivateKey != null) { // write private key as PKCS#8 exportedPkcs8PrivateKey = String.IsNullOrEmpty(password) ? ecdsaPrivateKey.ExportPkcs8PrivateKey() : ecdsaPrivateKey.ExportEncryptedPkcs8PrivateKey(password.ToCharArray(), new PbeParameters(PbeEncryptionAlgorithm.TripleDes3KeyPkcs12, HashAlgorithmName.SHA1, 2000)); } } } } return(EncodeAsPEM(exportedPkcs8PrivateKey, String.IsNullOrEmpty(password) ? "PRIVATE KEY" : "ENCRYPTED PRIVATE KEY")); }
public void ExportPkcs8PrivateKey(AsnFormat format) { using ECDsa ecdsa = ECDsa.Create(ECCurve.NamedCurves.nistP256); byte[] exported = ecdsa.ExportPkcs8PrivateKey(format); if (format == AsnFormat.Der) { var info = PrivateKeyFactory.CreateKey(exported); Assert.IsNotNull(info); } if (format == AsnFormat.Pem) { using MemoryStream ms = new MemoryStream(exported); using TextReader tr = new StreamReader(ms, Encoding.ASCII); PemReader pemReader = new PemReader(tr); object obj = pemReader.ReadObject(); Assert.IsNotNull(obj); } this.CheckFormat(format, exported); }
private Renci.SshNet.SftpClient _getSFtpClientWithCertificate() { #if NETSTANDARD2_0 || NET472 throw new NotSupportedException($"ClientCertificate does not support X509 Certificate in NETCORE2.0 nor NET472"); #else var connInfo = _getConnectionInfo(); var cert = FtpConfig.ClientCertificate; string keyExchangeAlgorithm = null; byte[] privateKeyBytes = null; string privateKeyPemString; bool isKeyNull = false; switch (cert.PublicKey.Oid.Value) { case _rsa: { using RSA rsaKey = cert.GetRSAPrivateKey(); keyExchangeAlgorithm = rsaKey.KeyExchangeAlgorithm; if (rsaKey != null) { privateKeyBytes = rsaKey.ExportRSAPrivateKey(); } else { isKeyNull = true; } break; } case _dsa: { using DSA dsaKey = cert.GetDSAPrivateKey(); keyExchangeAlgorithm = dsaKey.KeyExchangeAlgorithm; if (dsaKey != null) { privateKeyBytes = dsaKey.ExportPkcs8PrivateKey(); } else { isKeyNull = true; } break; } case _ecdsa: { using ECDsa ecdsaKey = cert.GetECDsaPrivateKey(); keyExchangeAlgorithm = ecdsaKey.KeyExchangeAlgorithm; if (ecdsaKey != null) { privateKeyBytes = ecdsaKey.ExportPkcs8PrivateKey(); } else { isKeyNull = true; } break; } default: throw new NotSupportedException($"ClientCertificate does not support the given algorithm {cert.PublicKey.Oid.FriendlyName}"); } if (isKeyNull) { throw new ArgumentNullException($"ClientCertificate has a null Key"); } #if NET5_0_OR_GREATER var privateKeyPem = PemEncoding.Write($"{keyExchangeAlgorithm} PRIVATE KEY", privateKeyBytes); privateKeyPemString = new string(privateKeyPem); #else var builder = new StringBuilder(); builder.AppendLine($"-----BEGIN {keyExchangeAlgorithm} PRIVATE KEY-----"); builder.AppendLine( Convert.ToBase64String(privateKeyBytes, Base64FormattingOptions.InsertLineBreaks)); builder.AppendLine($"-----END {keyExchangeAlgorithm} PRIVATE KEY-----"); privateKeyPemString = builder.ToString(); #endif var byteArray = Encoding.UTF8.GetBytes(privateKeyPemString); using var ms = new MemoryStream(byteArray); using var privateKeyFile = new PrivateKeyFile(ms); return(new Renci.SshNet.SftpClient(connInfo.Host, connInfo.Username, new PrivateKeyFile[] { privateKeyFile }) { KeepAliveInterval = _keepAliveInterval, OperationTimeout = _operationTimeout, }); #endif }
/// <summary> /// Exports the ECDSA key in Pkcs8 format /// </summary> /// <param name="parameters">The ECDSA key</param> /// <returns>Exported private key</returns> public static byte[] ExportPrivateKey(ECParameters parameters) { ECDsa ecDsa = ECDsa.Create(parameters); return(ecDsa.ExportPkcs8PrivateKey()); }