Reputation: 35
Convert PEM string to PFX file to load in X509Certificate in C#?
I have PEM string for private key. Wanted this to be loaded in x509Certifcate in private Key section?
----BEGIN PRIVATE KEY-----
MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBALyuJDi0hk6pMSYB
ZaW4e6vxrQv5fWuWZoXQT0BpWOgBKlyfwsRT1L/2vPnzhmfn/JrAjTVbO+/w53+u
dprOgzVI75ILg1ONivtBu6ivz+iAgV87MJtRPbVaee52DGvwFZ2tMUTtKNhO10IN
0+RuE8F/EZOs2DOTGiP6F7Wo4JStAgMBAAECgYAhDbzItk9lDlzO1KXS/1ujBqaT
F3TyWRnCzXhkx0/M7Q9XxKEhNbJqorX+b7wXDdwB3EOgmkgIw8I6avzaJ91yNido
Mruenc+FJJXntcIeW1E+OnHAnoY5OvLk4aQy1j7ZDnxpzVhc/y1WFDIKvszNAChV
QBrolHu4GmWcpVunPQJBAOc28JVRYd++AiKOk1HP6iJSanND5tb8sCjINMbZGSh+
3aS0KmVE0RpaDE7hxvsq4arqdie8HSyj8mfPFF46G+8CQQDQ5/X9O+z26W0RSJed
mMwZYbGPcej7hG6GT6+jcqNgPvrHucTvcAcgR6rdKA30mm94s9O6IU/rapA+sioF
lm0jAkASi/SmdZ29PdecAAXPNTdZw3SohFTa/+/9hXm+TaHX/r02vgD8mJWRYJHG
LhQxB5KMjDwoGc3ZS9lg/Fps6IpfAkB1BfueZ7tOdWRLkkacWcO7VCaLHFxOyNjB
FFJnVQiAGceRqlbPagoT4xGr4YwvwXNAQjwQwChsz70N4e/4QVPRAkEAn3bnuuUb
l5geVfamQwxCLnNbKcAQTdd5Ud69gZ5+c8WTt3ecJ/erccRXTcizEQxcMsfVivhz
qO88dh2HgL4Ijw==
-----END PRIVATE KEY-----
Code :
byte[] certificatebytes = Encoding.ASCII.GetBytes(x509CertificateString);
X509Certificate2 x509Certificate3 = new X509Certificate2(certificatebytes,"");
x509Certificate.Import(certificatebytes,"",X509KeyStorageFlags.DefaultKeySet);
Code Explanation :
Converting PEM string to bytes and then loaded in x509Certificate2 throwing exception : System.Security.Cryptography.CryptographicException: 'Cannot find the requested object. ?
Upvotes: 1
Views: 2084
Answers (1)
Reputation: 33088
A private key and a certificate are different things. You could invent a self-signed certificate from a private key, but you can't just "get one".
.NET doesn't have a lot of great API for reading keys. Since this is a private key in unencrypted PKCS#8 format ("BEGIN PRIVATE KEY", vs "BEGIN RSA PRIVATE KEY", or "BEGIN ENCRYPTED PRIVATE KEY") it can be read by CNG. You need to strip off the header and footer, then convert the base64 string back to the byte sequence.
string noHeaderOrFooter = @"
MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBALyuJDi0hk6pMSYB
ZaW4e6vxrQv5fWuWZoXQT0BpWOgBKlyfwsRT1L/2vPnzhmfn/JrAjTVbO+/w53+u
dprOgzVI75ILg1ONivtBu6ivz+iAgV87MJtRPbVaee52DGvwFZ2tMUTtKNhO10IN
0+RuE8F/EZOs2DOTGiP6F7Wo4JStAgMBAAECgYAhDbzItk9lDlzO1KXS/1ujBqaT
F3TyWRnCzXhkx0/M7Q9XxKEhNbJqorX+b7wXDdwB3EOgmkgIw8I6avzaJ91yNido
Mruenc+FJJXntcIeW1E+OnHAnoY5OvLk4aQy1j7ZDnxpzVhc/y1WFDIKvszNAChV
QBrolHu4GmWcpVunPQJBAOc28JVRYd++AiKOk1HP6iJSanND5tb8sCjINMbZGSh+
3aS0KmVE0RpaDE7hxvsq4arqdie8HSyj8mfPFF46G+8CQQDQ5/X9O+z26W0RSJed
mMwZYbGPcej7hG6GT6+jcqNgPvrHucTvcAcgR6rdKA30mm94s9O6IU/rapA+sioF
lm0jAkASi/SmdZ29PdecAAXPNTdZw3SohFTa/+/9hXm+TaHX/r02vgD8mJWRYJHG
LhQxB5KMjDwoGc3ZS9lg/Fps6IpfAkB1BfueZ7tOdWRLkkacWcO7VCaLHFxOyNjB
FFJnVQiAGceRqlbPagoT4xGr4YwvwXNAQjwQwChsz70N4e/4QVPRAkEAn3bnuuUb
l5geVfamQwxCLnNbKcAQTdd5Ud69gZ5+c8WTt3ecJ/erccRXTcizEQxcMsfVivhz
qO88dh2HgL4Ijw==";
byte[] p8bytes = Convert.FromBase64String(noHeaderOrFooter );
using (CngKey key = CngKey.Import(p8bytes, CngKeyBlobFormat.Pkcs8PrivateBlob))
{
Console.WriteLine(key.Algorithm);
}
Inside that using block you have a key object. But, again, that doesn't give you a certificate. The relationship is
- A private key is created.
- A public key is derived from the private key.
- The public key is sent off to a certification authority with some other data.
- The certification authority produces a certificate.
From the private key you could start that process flow again, but you can't just "get" the certificate from it.
Upvotes: 2
Related Questions
- How can I load a .pem certificate in c# from file?
- Converting .PFX to .PEM programmatically?
- Load X509Certificate2 using PEM and not .p12
- x509certificate2 to PEM in NET FR. 4.7.2
- Create X509Certificate2 from PEM file in .NET Core
- Get PEM public and private keys or from PFX file
- How do I convert a pem to pfx file?
- C# Export cert in pfx format
- Get string from X509 Cert pfx file
- Convert a .PEM certificate to .PFX programmatically using OpenSSL