.Net Core 中X509Certificate2 私钥保存为 pem 的方法

在自己签发CA证书和颁发X509证书时,私钥通过下面的方法保存为PEM 相关代码可以已经提交在了 https://github.com/q2g/q2g-helper-pem-nuget/pull/13

  public static void SavePem(this X509Certificate2 @this, out string cert, out   string privateKey)
        {
            cert = string.Empty;
            privateKey = string.Empty;
            try
            {
                if (@this.HasPrivateKey)
                {
#if NET452
                    var p = (@this.PrivateKey as RSACryptoServiceProvider).ExportParameters(true);
#else

                    var p = @this.GetRSAPrivateKey().ExportParameters(true);
#endif
                    var key = new RsaPrivateCrtKeyParameters(
                        new Org.BouncyCastle.Math.BigInteger(1, p.Modulus), new Org.BouncyCastle.Math.BigInteger(1, p.Exponent), new Org.BouncyCastle.Math.BigInteger(1, p.D),
                        new Org.BouncyCastle.Math.BigInteger(1, p.P), new Org.BouncyCastle.Math.BigInteger(1, p.Q), new Org.BouncyCastle.Math.BigInteger(1, p.DP), new Org.BouncyCastle.Math.BigInteger(1, p.DQ),
                        new Org.BouncyCastle.Math.BigInteger(1, p.InverseQ));
                    using (var stringWriter = new StringWriter())
                    {
                        var pemWriter = new Org.BouncyCastle.OpenSsl.PemWriter(stringWriter);
                        pemWriter.WriteObject(key);
                        privateKey = stringWriter.GetStringBuilder().ToString();
                    }
                }
                cert = PemCertificateHelper.ExportCertificateToPEM(@this);
            }
            catch (Exception ex)
            {
                throw new Exception($"Certificate could not be saved.  ", ex);
            }
        }

        public static void SavePem(this X509Certificate2 @this, string certFile, string privateKeyFile = null)
        {
            try
            {
                Directory.CreateDirectory(Path.GetDirectoryName(certFile));
                if (!string.IsNullOrEmpty(privateKeyFile) && @this.HasPrivateKey)
                {
                    Directory.CreateDirectory(Path.GetDirectoryName(privateKeyFile));
#if NET452
                    var p = (@this.PrivateKey as RSACryptoServiceProvider).ExportParameters(true);
#else

                    var p = @this.GetRSAPrivateKey().ExportParameters(true);
#endif
                    var key = new RsaPrivateCrtKeyParameters(
                        new Org.BouncyCastle.Math.BigInteger(1, p.Modulus), new Org.BouncyCastle.Math.BigInteger(1, p.Exponent), new Org.BouncyCastle.Math.BigInteger(1, p.D),
                        new Org.BouncyCastle.Math.BigInteger(1, p.P), new Org.BouncyCastle.Math.BigInteger(1, p.Q), new Org.BouncyCastle.Math.BigInteger(1, p.DP), new Org.BouncyCastle.Math.BigInteger(1, p.DQ),
                        new Org.BouncyCastle.Math.BigInteger(1, p.InverseQ));
                    using (var sw = new StreamWriter(privateKeyFile))
                    {
                        var pemWriter = new Org.BouncyCastle.OpenSsl.PemWriter(sw);
                        pemWriter.WriteObject(key);
                    }
                }
                File.WriteAllText(certFile, PemCertificateHelper.ExportCertificateToPEM(@this));
            }
            catch (Exception ex)
            {
                throw new Exception($"Certificate could not be saved. cert: {certFile} - key: {privateKeyFile}", ex);
            }
        }

 

posted @ 2018-09-16 14:31  麦壳饼  阅读(1185)  评论(0编辑  收藏  举报