CODEWITHSUNDEEP
c#
TheWebGuy
TheWebGuy

Reputation: 12575

Loading public key from file in C#

I am having difficulty loading my private key. I created a certificate using the following command:

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout privateKey.key -out certificate.crt

I created a GIST of the output: https://gist.github.com/anonymous/5592135 

    static void Main(string[] args)
    {
        string location = Path.GetDirectoryName(System.Reflection.Assembly.GetExecutingAssembly().Location);
        string certLocation = location + "\\assets\\certificate.crt";
        string privateKeyLocation = location + "\\assets\\privateKey.key";
        string xmlDocLocation = location + "\\assets\\sample.xml";

        XmlDocument Doc = new XmlDocument();
        Doc.Load(xmlDocLocation);

        // read up the certificate
        X509Certificate2 cert = new X509Certificate2(certLocation);
        X509Certificate2 privateKey = new X509Certificate2(privateKeyLocation);

    }

My certificate loads fine but I cannot get the private key to load. I get "Cannot find the requested object."

I would prefer to load the private key and cert from files instead of using the store, is this possible? Did I generate the cert and private key incorrectly? Ultimately I would like to include the public key in an xml document and the receiver would parse the xml data and validate the private and public keys match up.

Upvotes: 3

Views: 7915

Answers (1)

mikey
mikey

Reputation: 5160

If you want to avoid using the certificate store, what I'd recommend is that you combine the CRT and the key into a PFX file. Here is one link that will discuss how to do that (or just google "openssl create pfx").

https://www.globalsign.com/support/import/apache.php

In your code, keep in mind that an X509Certificate2 object (e.g. your cert object) will include both the public AND private key -- so you don't need a separate object for your private key. When you create the PFX file, you will be prompted for a password. This password is used to encrypt the private key portion of the PFX. When you create your X509Certificate2 object, you give it the location of the PFX file as well as the password.. Here is the constructor:

http://msdn.microsoft.com/en-us/library/ms148420.aspx

I'm not sure what your ultimate goal is. If you want the client to ensure that the XML file does indeed come from the server and has not been altered, you should look into using digital signatures. In a nutshell, the sender signs a hash of the XML file with its private key and the receiver verifies it using the sender's public key..

Upvotes: 1

Related Questions