security - How do I create a PKCS12 .p12 file in C#? -
this n00b question, don't have experience in area.
i need create p12 bundle containing x509 certificate , private key. have 2 objects, x509certificate2, , rsaparameters object contains key information. how combine these p12 file?
i cannot find information regarding this.
i have rsacryptoserviceprovider object has parameters rsaparameters imported if helps.
some additional background. getting certificate verisign registration authority have installed here. done creating pcks#10 certificate request. create certificate object reading in byte array of data ra puts database.
rsaprivatecrtkeyparameters keyparams = (rsaprivatecrtkeyparameters)this.keypair.private; rsaparameters rsaparameters = new rsaparameters(); rsaparameters.modulus = keyparams.modulus.tobytearrayunsigned(); rsaparameters.p = keyparams.p.tobytearrayunsigned(); rsaparameters.q = keyparams.q.tobytearrayunsigned(); rsaparameters.dp = keyparams.dp.tobytearrayunsigned(); rsaparameters.dq = keyparams.dq.tobytearrayunsigned(); rsaparameters.inverseq = keyparams.qinv.tobytearrayunsigned(); rsaparameters.d = keyparams.exponent.tobytearrayunsigned(); rsaparameters.exponent = keyparams.publicexponent.tobytearrayunsigned(); rsacryptoserviceprovider rsakey = new rsacryptoserviceprovider(); rsakey.importparameters(rsaparameters); this.certificate.privatekey = rsakey; byte[] p12 = this.certificate.export(x509contenttype.pkcs12, "password"); file.writeallbytes(filename, p12); pkcs10 generation (using bouncycastle library)
509name name = new x509name(string.concat(subjectcommonname, "=", firstname, " ", lastname)); rsakeypairgenerator rkpg = new rsakeypairgenerator(); rkpg.init(new keygenerationparameters(new securerandom(), 1024)); this.keypair = rkpg.generatekeypair(); // pkcs #10 certificate signing request pkcs10certificationrequest csr = new pkcs10certificationrequest("sha1withrsa", name, this.keypair.public, null, this.keypair.private); byte[] request = base64.encode(csr.getencoded()); asciiencoding encoder = new asciiencoding(); return encoder.getstring(request); the cert request (minus http post headers). public_key parameter base64 encoded, pkcs10 formatted csr. (i've put line breaks after each parameter it's easier read here, not there in actual http post)
operation=autoauthosusersubmit& form_file=..%2ffdf%2fclient%2fuserenrollms.fdf& authenticate=no& public_key_format=pkcs10& country=nz& mail_firstname=daniel& mail_lastname=mapletoft& mail_email=daniel.mapletoft@nz.firstms.com& challenge=1234& public_key=miibtzcbuwibadaumriweaydvqqddaltaw1vbibeb2uwgz8wdqyjkozihvcnaqebbqadgy0amigjaogbanzd8m7gjuq1vbwq4w25x3snhet4t+ucv3ebnab5ws9f2yqevd9qesfopww/pyj/mjrdzdljyzg63vquzrxybx3pzhmwqwadecaysssoytftmwpns0srsyg1f35f4mh0zxieipydv8r9cvjg9woa15la1cyi0b93alm/z+oomlxnagmbaaewcwyjkozihvcnaqefa4gbaib9buu5sycjdagyv+umalzyklenrqmi2/36zz4q3sx5biylm9toeexbnzkk86kcgqhl2w/0oa5upucuu4iif9u+lhpmoulbhkh4tosswmwveifpfiwrl4m9x7+tw4lj1agf2t+xgkhweo+cbsgexxvho27oah9d1nvdozej6c7i this output certificate.getrawcertdatastring()
3082036f30820257a003020102021034914bb0af5a48704b56c89de8b1bbfd300d06092a864886f70d0101050500304d310b3009060355040613024e5a31283026060355040a131f4669727374204d6f727467616765205365727669636573204c696d69746564311430120603550403130b464d5320526f6f74204341301e170d3130303132313030303030305a170d3131303132313233353935395a305b31243022060355040a141b4669727374204d6f727467616765205365727669636573204c7464311f301d060355040b1416466f72205465737420507572706f736573204f6e6c79311230100603550403140953696d6f6e20446f6530819f300d06092a864886f70d010101050003818d0030818902818100d643f0cee08d4ab5bc15aae30db9c7748d85eb784feb8257779b9c0079c2cf5fd9841ebddf507927e83d6c3fa7227f9894436432e36331badd5414ceb5f2071dcf661996a966831020184acb0e6137d33163e7b34b11b328357f7e5fe2687465789e88f61dbfcafd0958c6f70a1ad792c0d5c608d1bf776a533fcfe3a830bc4d0203010001a381c03081bd30090603551d1304023000300e0603551d0f0101ff0404030205a030600603551d1f0101ff045630543052a050a04e864c687474703a2f2f6f6e7369746563726c2e766572697369676e2e636f6d2f46697273744d6f72746761676553657276696365734c746450726f70656c6c632f4c617465737443524c2e63726c301f0603551d230418301680148b2a2c583903b2619f16e73d3df1704db1f3d4e2301d0603551d0e0416041411a6d5ebc14d7c226502ec340f70237d23431d0b300d06092a864886f70d010105050003820101008efd93ef777f2d196fc8633c5a8347ca886320e59af8af8d3aa901aef0adf75edd2d3c4495cf70f1e4516aa224f3731b6ee66dcb332fd88c03255da9d12202dd3df619ee55443f53773fd03c808b5b66aeeb39a3e20b866dc22d92010785a2729c269e35ed6b2036014628850b8e8a40a501f3c7eeca49a4b7e957b496ecd8a27702d7230c40580f94c69e83a0aefd9347625b529e3acdd2a5feb7b946bee9be9da9aa52e14aec790c66e8a670aa1d53518defb66fe6bc33a57bb6a59c75c6dfade5e961a9a03c3ffdc559fc9add565d345975b99bef5f973d331e60a3fefef713c6c630d80222ad9541bc12f1e92379ef5cbece81ca5e327fd32fdc28ab52d7 this contents of array byte[] array1 = certkey.exportcspblob(false);
6,2,0,0,0,164,0,0,82,83,65,49,0,4,0,0,1,0,1,0,77,188,48,168,227,207,63,83,106,119,191,209,8,198,213,192,146,215,26,10,247,198,88,9,253,202,191,29,246,136,158,120,101,116,104,226,95,126,127,53,40,179,17,75,179,231,99,49,211,55,97,14,203,74,24,32,16,131,102,169,150,25,102,207,29,7,242,181,206,20,84,221,186,49,99,227,50,100,67,148,152,127,34,167,63,108,61,232,39,121,80,223,189,30,132,217,95,207,194,121,0,156,155,119,87,130,235,79,120,235,133,141,116,199,185,13,227,170,21,188,181,74,141,224,206,240,67,214 this contents of array byte[] array2 = rsakey.exportcspblob(false);
6,2,0,0,0,164,0,0,82,83,65,49,0,4,0,0,1,0,1,0,77,188,48,168,227,207,63,83,106,119,191,209,8,198,213,192,146,215,26,10,247,198,88,9,253,202,191,29,246,136,158,120,101,116,104,226,95,126,127,53,40,179,17,75,179,231,99,49,211,55,97,14,203,74,24,32,16,131,102,169,150,25,102,207,29,7,242,181,206,20,84,221,186,49,99,227,50,100,67,148,152,127,34,167,63,108,61,232,39,121,80,223,189,30,132,217,95,207,194,121,0,156,155,119,87,130,235,79,120,235,133,141,116,199,185,13,227,170,21,188,181,74,141,224,206,240,67,214
try this:
rsacryptoserviceprovider rsakey = new rsacryptoserviceprovider(); rsakey.importparameters(rsaparameters); x509certificate2 cert = ... cert.privatekey = rsakey; cert.export(x509contenttype.pkcs12, "password"); since still mismatch, cannot find difference between keys, try insert check (it should replicate .net framework internally):
rsacryptoserviceprovider certkey = (rsacryptoserviceprovider) cert.publickey.key; byte[] array1 = certkey.exportcspblob(false); byte[] array2 = rsakey.exportcspblob(false); if(array1.length!=array2.length) throw new exception("key mismatch"); (int = 8; < array1.length; i++){ // skip blobheader if (array1[i] != array2[i]){ throw new exception("key mismatch"); } } it looks going wrong keys. perhaps generating new rsa key between issuing certificate-request , receiving certificate?
here dump of certificate-request:
0 30 342: sequence { 4 30 194: sequence { 7 02 1: integer 0 10 30 27: sequence { 12 31 25: set { 14 30 23: sequence { 16 06 3: object identifier commonname (2 5 4 3) 21 0c 16: utf8string 'daniel mapletoft' : } : } : } 39 30 159: sequence { 42 30 13: sequence { 44 06 9: object identifier rsaencryption (1 2 840 113549 1 1 1) 55 05 0: null : } 57 03 141: bit string 0 unused bits, encapsulates { 61 30 137: sequence { 64 02 129: integer : 00 95 83 2a ab 16 9d 7f 16 87 40 a4 09 74 5f 9d : 81 04 b0 41 c1 75 9c c9 cd d0 52 ef 61 09 ef f5 : 9b 40 1d d4 79 e0 4b 17 6c 1e 62 73 38 d8 69 92 : 31 c4 e0 84 07 4b 2e fd 53 6d 24 95 59 12 43 8e : 82 35 1d 62 79 89 c2 88 38 57 3d 1f 15 8d b9 cc : fa f4 41 23 ba fd ed 51 69 f7 7a e7 03 72 a2 da : a9 08 65 17 da 90 e3 7b c4 2c 85 6a 3f af 83 ac : e5 00 37 7a 98 14 03 ee 68 37 cb e7 0a 1a 49 5f : [ 1 bytes skipped ] 196 02 3: integer 65537 : } : } : } : } 201 30 11: sequence { 203 06 9: object identifier : sha1withrsaencryption (1 2 840 113549 1 1 5) : } 214 03 129: bit string 0 unused bits : 70 d5 29 eb f3 2a 34 13 3f e6 de 78 35 fb 79 bd : 6d ed 8e 89 d9 b0 8f c1 7c 7d 42 37 b8 3e 5b 00 : c2 26 a4 e5 77 26 01 86 63 e1 bb 4d 9c ce 7a 10 : ff 8e bf 77 1b 0e f9 ee 38 1f 1f a1 04 24 d7 6a : b6 28 3a 88 f5 54 d0 88 46 92 6e 5d 7e 7c ce 87 : 99 f9 dc 85 99 33 8c 9d bd 73 e2 23 8a 9a 97 b0 : 3a 9b 36 51 58 fd b7 0f 60 3d fb 5f 4f 06 a0 ce : 30 7f 56 b6 53 5e fe 64 7d 8a 30 92 fb ba a4 c6 : } and here dump of certificate:
0 30 886: sequence { 4 30 606: sequence { 8 a0 3: [0] { 10 02 1: integer 2 : } 13 02 16: integer : 6e f0 a9 78 7d 3c d4 05 4e 90 13 dc 9d 34 77 2c 31 30 13: sequence { 33 06 9: object identifier : sha1withrsaencryption (1 2 840 113549 1 1 5) 44 05 0: null : } 46 30 77: sequence { 48 31 11: set { 50 30 9: sequence { 52 06 3: object identifier countryname (2 5 4 6) 57 13 2: printablestring 'nz' : } : } 61 31 40: set { 63 30 38: sequence { 65 06 3: object identifier organizationname (2 5 4 10) 70 13 31: printablestring 'first mortgage services limited' : } : } 103 31 20: set { 105 30 18: sequence { 107 06 3: object identifier commonname (2 5 4 3) 112 13 11: printablestring 'fms root ca' : } : } : } 125 30 30: sequence { 127 17 13: utctime '091222000000z' 142 17 13: utctime '101222235959z' : } 157 30 98: sequence { 159 31 36: set { 161 30 34: sequence { 163 06 3: object identifier organizationname (2 5 4 10) 168 14 27: teletexstring 'first mortgage services ltd' : } : } 197 31 31: set { 199 30 29: sequence { 201 06 3: object identifier organizationalunitname (2 5 4 11) 206 14 22: teletexstring 'for test purposes only' : } : } 230 31 25: set { 232 30 23: sequence { 234 06 3: object identifier commonname (2 5 4 3) 239 14 16: teletexstring 'daniel mapletoft' : } : } : } 257 30 159: sequence { 260 30 13: sequence { 262 06 9: object identifier rsaencryption (1 2 840 113549 1 1 1) 273 05 0: null : } 275 03 141: bit string 0 unused bits, encapsulates { 279 30 137: sequence { 282 02 129: integer : 00 cd 08 ae 3e e3 5a e4 5e 50 28 29 5e 65 05 da : 1a e1 9c 50 44 4a f0 06 aa 75 1a 8f f0 75 4c aa : 47 4b d5 8f 04 b5 ce 98 c5 0d 99 54 36 e9 ef 2e : 7d cd df fa 46 b2 7d 76 e5 74 19 ad 3e f0 52 52 : c7 f8 86 e6 78 32 90 eb 2f 12 3f 7a 31 4b 15 e9 : 2a 9d 75 91 ea 31 9f 4e 98 a6 06 81 dd 98 1b 1a : db fe 1f 2e bd 2e 32 60 5a 54 7c 0e 48 6a ab 6c : c6 f6 e2 f2 fd 4a 5a bd e0 df 0c 21 b6 4c 9e : [ 1 bytes skipped ] 414 02 3: integer 65537 : } : } : } 419 a3 192: [3] { 422 30 189: sequence { 425 30 9: sequence { 427 06 3: object identifier basicconstraints (2 5 29 19) 432 04 2: octet string, encapsulates { 434 30 0: sequence {} : } : } 436 30 14: sequence { 438 06 3: object identifier keyusage (2 5 29 15) 443 01 1: boolean true 446 04 4: octet string, encapsulates { 448 03 2: bit string 5 unused bits : '101'b : } : } 452 30 96: sequence { 454 06 3: object identifier crldistributionpoints (2 5 29 31) 459 01 1: boolean true 462 04 86: octet string, encapsulates { 464 30 84: sequence { 466 30 82: sequence { 468 a0 80: [0] { 470 a0 78: [0] { 472 86 76: [6] : 'http://onsitecrl.verisign.com/firstmortgageservi' : 'cesltdpropellc/latestcrl.crl' : } : } : } : } : } : } 550 30 31: sequence { 552 06 3: object identifier authoritykeyidentifier (2 5 29 35) 557 04 24: octet string, encapsulates { 559 30 22: sequence { 561 80 20: [0] : 8b 2a 2c 58 39 03 b2 61 9f 16 e7 3d 3d f1 70 4d : b1 f3 d4 e2 : } : } : } 583 30 29: sequence { 585 06 3: object identifier subjectkeyidentifier (2 5 29 14) 590 04 22: octet string, encapsulates { 592 04 20: octet string : 3e 91 db a0 9c b4 a1 cb 68 cc 70 d0 0a 29 d6 bf : 4e 68 10 ab : } : } : } : } : } 614 30 13: sequence { 616 06 9: object identifier : sha1withrsaencryption (1 2 840 113549 1 1 5) 627 05 0: null : } 629 03 257: bit string 0 unused bits : 3e c3 a3 f3 5f 3e 29 37 4d 33 e3 f5 f2 89 42 78 : ac cd 59 14 e9 cc ff 20 8f 98 34 7b f0 f4 d2 96 : ec 58 53 61 e4 3e d0 02 cf ff 30 c8 77 d0 6f 94 : 37 72 3c b7 90 6e 38 10 59 8c f8 06 b0 61 55 65 : 58 96 30 7b 9a 58 ff db 15 7c fa f9 1f 64 5e dc : e8 63 ee ee 90 b1 18 3c 6a 11 62 73 91 cf de db : 34 f5 67 4f c9 89 77 5c 36 71 fc 11 27 07 c5 76 : bb 79 b8 8e 19 e8 e2 5b d7 a5 23 ba d8 19 7c 74 : [ 128 bytes skipped ] : } the integers starting "00 95 83 2a" in request , "00 cd 08 ae" in certificate rsa moduluses of public key.
the values in output exportcspblob reversed, since microsoft uses little-endian format, if start end of certkey.exportcspblob(false), should recognize: 205=0xcd, 8=0x08, 174=0xae. rsakey.exportcspblob(false) on other hand contains 166=0xa6, 154=0x9a, 180=0xb4, yet rsa modulus.
are sure of dumped values same certificate-issuing-process?
Comments
Post a Comment