/// <summary> /// Create the RSA certificate as Pfx byte array with a private key. /// </summary> /// <returns> /// Returns the Pfx with certificate and private key. /// </returns> private byte[] CreatePfxForRSA(string passcode, ISignatureFactory signatureFactory = null) { // Cases locked out by API flow Debug.Assert(m_rsaPublicKey == null, "A public key is not supported for the certificate."); if (signatureFactory != null && IssuerCAKeyCert == null) { throw new NotSupportedException("Need an issuer certificate for a signature generator."); } if (IssuerCAKeyCert != null && (!IssuerCAKeyCert.HasPrivateKey && signatureFactory == null)) { throw new NotSupportedException("Need an issuer certificate with a private key or a signature generator."); } using (var cfrg = new CertificateFactoryRandomGenerator()) { // cert generators SecureRandom random = new SecureRandom(cfrg); CreateDefaults(cfrg); X509V3CertificateGenerator cg = new X509V3CertificateGenerator(); CreateMandatoryFields(cg); // create Private/Public Keypair var rsa = new RSACryptoServiceProvider(m_keySize == 0 ? X509Defaults.RSAKeySize : m_keySize); AsymmetricKeyParameter subjectPublicKey = X509Utils.GetPublicKeyParameter(rsa); AsymmetricKeyParameter subjectPrivateKey = X509Utils.GetPrivateKeyParameter(rsa); cg.SetPublicKey(subjectPublicKey); CreateExtensions(cg, subjectPublicKey); // sign certificate if (signatureFactory == null) { AsymmetricKeyParameter signingKey; if (IssuerCAKeyCert != null) { // signed by issuer signingKey = X509Utils.GetPrivateKeyParameter(IssuerCAKeyCert); } else { // self signed signingKey = subjectPrivateKey; } signatureFactory = new Asn1SignatureFactory( X509Utils.GetRSAHashAlgorithm(HashAlgorithmName), signingKey, random); } Org.BouncyCastle.X509.X509Certificate x509 = cg.Generate(signatureFactory); // note: this Pfx has a private key! return(X509Utils.CreatePfxWithPrivateKey(x509, null, subjectPrivateKey, passcode, random)); } }
/// <summary> /// Create a Pfx with a private key by combining /// an existing X509Certificate2 and a RSA private key. /// </summary> public static byte[] CreatePfxWithRSAPrivateKey( X509Certificate2 certificate, string friendlyName, RSA privateKey, string passcode) { var x509 = new X509CertificateParser().ReadCertificate(certificate.RawData); using (var cfrg = new CertificateFactoryRandomGenerator()) { return(X509Utils.CreatePfxWithPrivateKey( x509, friendlyName, X509Utils.GetPrivateKeyParameter(privateKey), passcode, new SecureRandom(cfrg))); } }