Je travaille avec un château gonflable et je souhaite générer une clé privée spécifique au lieu de la clé aléatoire générée.Utiliser une clé privée spécifique pour générer un certificat
Je souhaite fournir ma propre clé privée mais le code génère des clés aléatoires. est-il un moyen de spécifier la clé privée exacte à utiliser dans le château gonflable?
Mon code est comme ci-dessous. Lorsque je vérifie la clé publique du certificat généré, j'obtiens des valeurs différentes tout le temps. J'ai besoin de la valeur que j'ai spécifiée.
Dans principaux
var cb = new X509CertBuilder(suppliers, "CN=MandarinAS, OU=Scheme42, O=MandarinAS, C=GB",
CertStrength.Bits1024);
var cert = cb.MakeCertificate(pwd, "CN=Mandarin, OU=CustomerId, OU=Scheme42, O=OrgX, C=GB", 1,keypair);
File.WriteAllBytes("Cert.pfx", cert.Export(X509ContentType.Pkcs12, pwd));
File.WriteAllBytes("Cert.cer", cert.Export(X509ContentType.Cert, pwd));
var store = new X509Store(storeLocation);
store.Open(OpenFlags.ReadOnly);
var myCertificate = new X509Certificate2("Cert.pfx", "password");
if (myCertificate.PrivateKey !
= null)
{
store.Close();
}
//here i debug and compare the public key values myCertificate is always changing
X509CertBuilder.cs
public class X509CertBuilder
{
private const string SignatureAlgorithm = "SHA1WithRSA";
private readonly int _strength;
private readonly CryptoApiRandomGenerator _randomGenerator = new CryptoApiRandomGenerator();
private readonly X509V3CertificateGenerator _certificateGenerator = new X509V3CertificateGenerator();
private readonly SecureRandom _random;
private readonly X509Name _issuer;
private readonly GeneralName[] _generalNames;
public X509CertBuilder(string[] validWithDomainNames, string issuer, CertStrength certStrength)
{
_random = new SecureRandom(_randomGenerator);
_issuer = new X509Name(issuer);
_strength = (int) certStrength;
_generalNames = new GeneralName[validWithDomainNames.Length];
for (var t = 0; t < validWithDomainNames.Length; t++)
{
_generalNames[t] = new GeneralName(new X509Name(validWithDomainNames[t]));
}
}
public X509Certificate2 MakeCertificate(string password, string issuedToDomainName, int validYears, AsymmetricCipherKeyPair mykey=null)
{
_certificateGenerator.Reset();
_certificateGenerator.SetSignatureAlgorithm(SignatureAlgorithm);
var serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(long.MaxValue),
_random);
_certificateGenerator.SetSerialNumber(serialNumber);
_certificateGenerator.SetSubjectDN(new X509Name(issuedToDomainName));
_certificateGenerator.SetIssuerDN(_issuer);
var subjectAlternativeNames = new Asn1Encodable[_generalNames.Length + 1];
// first subject alternative name is the same as the subject
subjectAlternativeNames[0] = new GeneralName(new X509Name(issuedToDomainName));
for (var t = 1; t <= _generalNames.Length; t++)
{
subjectAlternativeNames[t] = _generalNames[t - 1];
}
var subjectAlternativeNamesExtension = new DerSequence(subjectAlternativeNames);
_certificateGenerator.AddExtension(X509Extensions.SubjectAlternativeName.Id, false,
subjectAlternativeNamesExtension);
_certificateGenerator.SetNotBefore(DateTime.UtcNow.Date);
_certificateGenerator.SetNotAfter(DateTime.UtcNow.Date.AddYears(validYears));
var keyGenerationParameters = new KeyGenerationParameters(_random, _strength);
var keyPairGenerator = new RsaKeyPairGenerator();
keyPairGenerator.Init(keyGenerationParameters);
var subjectKeyPair = keyPairGenerator.GenerateKeyPair();
_certificateGenerator.SetPublicKey(subjectKeyPair.Public);
//Previouse auto key
//var issuerKeyPair = subjectKeyPair;
//My mykey
var issuerKeyPair = mykey;
var certificate = _certificateGenerator.Generate(issuerKeyPair.Private,_random);
var store = new Pkcs12Store();
var friendlyName = certificate.SubjectDN.ToString();
var certificateEntry = new X509CertificateEntry(certificate);
store.SetCertificateEntry(friendlyName, certificateEntry);
store.SetKeyEntry(friendlyName, new AsymmetricKeyEntry(issuerKeyPair.Private), new[] {certificateEntry});
using (var stream = new MemoryStream())
{
store.Save(stream, password.ToCharArray(), _random);
return new X509Certificate2(stream.ToArray(), password,
X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable);
}
}
}