Decrypt with PrivateKey X.509 Certificate

Question

I have a problem to decrypt a message usgin X.509 Certificate.

I generate my certificate with makecert with this options:

makecert -r -pe -n \"CN=MyC         


        

Answer 1

The certificate itself only contains the public key (+ some data), but not the private key. (It's very unlikely that the RSA private key is "mypassword". The password that protects your private key may be "mypassword", but the private key itself (more specifically the private exponent, in RSA) will be a rather long number.)

As a result (because CA.cer only contains the certificate), X509DecryptString(token, @"c:\CA.cer", "mypassword") will almost certainly not work.

X509DecryptString(token, @"c:\CA.pvk", "mypassword"); could work in principle, but you're creating a X509Certificate2 object from it, and it still needs the certificate and the private key. You should be able to load that from a PKCS#12 container (.p12/.pfx).

To create this container, you can use pvk2pfx:

pvk2pfx -spc CA.cer -pvk CA.pvk -pfx CA.pfx

(If you don't specify -pfx CA.pfx, it will launch the interactive interface, in which case you need to tick the box to export the private key.)

Then, try to decrypt using that pfx/p12 file instead.

Answer 2

I think you should be using "-sky exchange" to generate a public/private key pair.