/// <summary>
/// Returns a byte array containing the private key in PEM format.
/// </summary>
public static byte[] ExportPrivateKeyAsPEM(
X509Certificate2 certificate,
string password = null
)
{
byte[] exportedPkcs8PrivateKey = null;
using (RSA rsaPrivateKey = certificate.GetRSAPrivateKey())
{
if (rsaPrivateKey != null)
{
// write private key as PKCS#8
exportedPkcs8PrivateKey = String.IsNullOrEmpty(password) ?
rsaPrivateKey.ExportPkcs8PrivateKey() :
rsaPrivateKey.ExportEncryptedPkcs8PrivateKey(password.ToCharArray(),
new PbeParameters(PbeEncryptionAlgorithm.TripleDes3KeyPkcs12, HashAlgorithmName.SHA1, 2000));
}
else
{
using (ECDsa ecdsaPrivateKey = certificate.GetECDsaPrivateKey())
{
if (ecdsaPrivateKey != null)
{
// write private key as PKCS#8
exportedPkcs8PrivateKey = String.IsNullOrEmpty(password) ?
ecdsaPrivateKey.ExportPkcs8PrivateKey() :
ecdsaPrivateKey.ExportEncryptedPkcs8PrivateKey(password.ToCharArray(),
new PbeParameters(PbeEncryptionAlgorithm.TripleDes3KeyPkcs12, HashAlgorithmName.SHA1, 2000));
}
}
}
}
return(EncodeAsPEM(exportedPkcs8PrivateKey,
String.IsNullOrEmpty(password) ? "PRIVATE KEY" : "ENCRYPTED PRIVATE KEY"));
}
public void ExportPkcs8PrivateKey(AsnFormat format)
{
using ECDsa ecdsa = ECDsa.Create(ECCurve.NamedCurves.nistP256);
byte[] exported = ecdsa.ExportPkcs8PrivateKey(format);
if (format == AsnFormat.Der)
{
var info = PrivateKeyFactory.CreateKey(exported);
Assert.IsNotNull(info);
}
if (format == AsnFormat.Pem)
{
using MemoryStream ms = new MemoryStream(exported);
using TextReader tr = new StreamReader(ms, Encoding.ASCII);
PemReader pemReader = new PemReader(tr);
object obj = pemReader.ReadObject();
Assert.IsNotNull(obj);
}
this.CheckFormat(format, exported);
}
private Renci.SshNet.SftpClient _getSFtpClientWithCertificate()
{
#if NETSTANDARD2_0 || NET472
throw new NotSupportedException($"ClientCertificate does not support X509 Certificate in NETCORE2.0 nor NET472");
#else
var connInfo = _getConnectionInfo();
var cert = FtpConfig.ClientCertificate;
string keyExchangeAlgorithm = null;
byte[] privateKeyBytes = null;
string privateKeyPemString;
bool isKeyNull = false;
switch (cert.PublicKey.Oid.Value)
{
case _rsa:
{
using RSA rsaKey = cert.GetRSAPrivateKey();
keyExchangeAlgorithm = rsaKey.KeyExchangeAlgorithm;
if (rsaKey != null)
{
privateKeyBytes = rsaKey.ExportRSAPrivateKey();
}
else
{
isKeyNull = true;
}
break;
}
case _dsa:
{
using DSA dsaKey = cert.GetDSAPrivateKey();
keyExchangeAlgorithm = dsaKey.KeyExchangeAlgorithm;
if (dsaKey != null)
{
privateKeyBytes = dsaKey.ExportPkcs8PrivateKey();
}
else
{
isKeyNull = true;
}
break;
}
case _ecdsa:
{
using ECDsa ecdsaKey = cert.GetECDsaPrivateKey();
keyExchangeAlgorithm = ecdsaKey.KeyExchangeAlgorithm;
if (ecdsaKey != null)
{
privateKeyBytes = ecdsaKey.ExportPkcs8PrivateKey();
}
else
{
isKeyNull = true;
}
break;
}
default:
throw new NotSupportedException($"ClientCertificate does not support the given algorithm {cert.PublicKey.Oid.FriendlyName}");
}
if (isKeyNull)
{
throw new ArgumentNullException($"ClientCertificate has a null Key");
}
#if NET5_0_OR_GREATER
var privateKeyPem = PemEncoding.Write($"{keyExchangeAlgorithm} PRIVATE KEY", privateKeyBytes);
privateKeyPemString = new string(privateKeyPem);
#else
var builder = new StringBuilder();
builder.AppendLine($"-----BEGIN {keyExchangeAlgorithm} PRIVATE KEY-----");
builder.AppendLine(
Convert.ToBase64String(privateKeyBytes, Base64FormattingOptions.InsertLineBreaks));
builder.AppendLine($"-----END {keyExchangeAlgorithm} PRIVATE KEY-----");
privateKeyPemString = builder.ToString();
#endif
var byteArray = Encoding.UTF8.GetBytes(privateKeyPemString);
using var ms = new MemoryStream(byteArray);
using var privateKeyFile = new PrivateKeyFile(ms);
return(new Renci.SshNet.SftpClient(connInfo.Host, connInfo.Username, new PrivateKeyFile[] { privateKeyFile })
{
KeepAliveInterval = _keepAliveInterval,
OperationTimeout = _operationTimeout,
});
#endif
}
/// <summary>
/// Exports the ECDSA key in Pkcs8 format
/// </summary>
/// <param name="parameters">The ECDSA key</param>
/// <returns>Exported private key</returns>
public static byte[] ExportPrivateKey(ECParameters parameters)
{
ECDsa ecDsa = ECDsa.Create(parameters);
return(ecDsa.ExportPkcs8PrivateKey());
}
