How to pair a ECDSA public key to it's private key

会有一股神秘感。 提交于 2021-02-10 18:53:59

问题


I've created an ECDSA CSR using certreq, now I want to import the certificate into my local store and pair it with the private key. I can import RSA public keys and pair them up no problem, and can import ECDSA certificates but they lack their private key...

I've looked into all kinds of methods and properties on every class I could see - None of them seem to have a straightforward way to "set" the private key when it's ECDsa - One promising method is the "ECDsaCertificateExtensions.CopyWithPrivateKey" method - but this shows up as not having a definition, and I'd rather not force people using this to download other versions of .net, etc. ( I'm using Windows 10 )

certificate.PrivateKey = foundCSR.PrivateKey;

Works just fine for setting RSA private keys once I've found the CSR within the system. Trying that when it's an ECDsa key throws an error "Only asymmetric keys that implement ICspAsymmetricAlgorithm are supported"

Trying to get this key into a RSACryptoProvider blob is no good because it's not RSA-based (I'm assuming) - GetECDsaPrivateKey method only gets that key - is there an equivalent to SetECDsaPrivateKey?

( I'd also be open to using other ways to get the functionality of certreq -accept - This is basically the goal, import certificate, pair it to it's private key, delete csr )


回答1:


CopyWithPrivateKey is the only built-in way. It comes with .NET Framework 4.7.2, which is built in to Windows 10 1803+.

The main alternative, to keep your dependencies low, is to P/Invoke CertGetCertificateContextProperty (and CertSetCertificateContextProperty) to copy over the CERT_KEY_PROV_INFO_PROP_ID property. This is less safe than using CopyWithPrivateKey, because it doesn't check that the keys match or that the target cert didn't already have a property that's being overwritten. It also doesn't work for ephemeral keys.

The second alternative is to copy the method from .NET Core, and its preconditions.

Personally, I'd just take 4.7.2 as a dependency.



来源:https://stackoverflow.com/questions/56214111/how-to-pair-a-ecdsa-public-key-to-its-private-key

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!