RSAParameters 到 pfx (X509Certificate2) 的转换

Posted 2023-02-19

【中文标题】RSAParameters 到 pfx (X509Certificate2) 的转换

【英文标题】：RSAParameters to pfx (X509Certificate2) conversion

【发布时间】：2013-07-03 13:11:09

【问题描述】：

我想用 RSACryptoServiceProvider 创建的密钥创建一个 pfx 文件。 我试过了：

certificate.PrivateKey =  rsa as AsymmetricAlgorithm;

与以下相反：

rsa = (RSACryptoServiceProvider)certificate.PrivateKey;

这似乎有效（第二个）。但出现以下错误：

m_safeCertContext 是无效句柄。

我使用 RSAParameters 尝试了一些方法 - 但无济于事。

【参考方案1】：

你可以使用Bouncy Castle来做到这一点：

private static byte[] MergePFXFromPrivateAndCertificate(RSAParameters privateKey, X509Certificate2 certificate, string pfxPassPhrase)

    RsaPrivateCrtKeyParameters rsaParam = new RsaPrivateCrtKeyParameters(
        ParseAsUnsignedBigInteger(privateKey.Modulus),
        ParseAsUnsignedBigInteger(privateKey.Exponent),
        ParseAsUnsignedBigInteger(privateKey.D),
        ParseAsUnsignedBigInteger(privateKey.P),
        ParseAsUnsignedBigInteger(privateKey.Q),
        ParseAsUnsignedBigInteger(privateKey.DP),
        ParseAsUnsignedBigInteger(privateKey.DQ),
        ParseAsUnsignedBigInteger(privateKey.InverseQ)
    );

    Org.BouncyCastle.X509.X509Certificate bcCert = new Org.BouncyCastle.X509.X509CertificateParser().ReadCertificate(certificate.RawData);

    MemoryStream p12Stream = new MemoryStream();
    Pkcs12Store p12 = new Pkcs12Store();
    p12.SetKeyEntry("key", new AsymmetricKeyEntry(rsaParam), new X509CertificateEntry[]  new X509CertificateEntry(bcCert) );
    p12.Save(p12Stream, pfxPassPhrase.ToCharArray(), new SecureRandom());

    return p12Stream.ToArray();


private static BigInteger ParseAsUnsignedBigInteger(byte[] rawUnsignedNumber)

    return new BigInteger(1, rawUnsignedNumber, 0, rawUnsignedNumber.Length);

您将需要以下命名空间：

using Org.BouncyCastle.Crypto.Parameters;
using Org.BouncyCastle.Math;
using Org.BouncyCastle.Pkcs;
using Org.BouncyCastle.Security;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;