views:

213

answers:

2

Normally when I grab an X509Certificate2 out of my keystore I can call .PrivateKey to retrieve the cert's private key as an AsymmetricAlgorithm. However I have decided to use Bouncy Castle and its instance of X509Certificate only has a getPublicKey(); I cannot see a way to get the private key out of the cert. Any ideas?

I get the an X509Certificate2 from my Windows-MY keystore then use:

//mycert is an X509Certificate2 retrieved from Windows-MY Keystore
X509CertificateParser certParser = new X509CertificateParser();
X509Certificate privateCertBouncy = certParser.ReadCertificate(mycert.GetRawCertData());
AsymmetricKeyParameter pubKey = privateCertBouncy.GetPublicKey();
//how do i now get the private key to make a keypair?

Is there anyway to convert a AsymmetricAlgorithm(C# private key) to a AsymmetricKeyParameter(bouncycastle private key)?

+1  A: 

Don't know BouncyCastle that much but it seems to me that the simple thing to do is to recreate the key based on the key parameters.


    public static AsymmetricKeyParameter TransformRSAPrivateKey(AsymmetricAlgorithm privateKey)
    {
        RSACryptoServiceProvider prov = privateKey as RSACryptoServiceProvider;
        RSAParameters parameters = prov.ExportParameters(true);

        return new RsaPrivateCrtKeyParameters(
            new BigInteger(1,parameters.Modulus),
            new BigInteger(1,parameters.Exponent),
            new BigInteger(1,parameters.D),
            new BigInteger(1,parameters.P),
            new BigInteger(1,parameters.Q),
            new BigInteger(1,parameters.DP),
            new BigInteger(1,parameters.DQ),
            new BigInteger(1,parameters.InverseQ));
    }

You can call the code by using


AsymmetricKeyParameter bouncyCastlePrivateKey = TransformRSAPrivateKey(mycert.PrivateKey);

Obviously this assumes that the certificate includes a RSA Key but the same result can be achieved for DSA with DSACryptoServiceProvider and DSAParameters

CriGoT
Worked like a damn charm, you are a gentleman and a scholar.
Petey B
A: 

It works ok, BUT if the private key it's into a smart card, you will get the error "invalid type"...

David