likestoski

If there is already a post that covers these details I apologize. If anyone can point me in the right direction I will appreciate it very much.

I need to be able to use the contents of a X509 Certificate and Private Key in PEM format. I'm not sure that what I am extracting from the certificates is the correct way to do it since the output looks different then if I look at the contents of the certificate in a file format. Also I need to be able to convert the contents of the certificate and the private key into PEM format. Below is an example of how I am interacting with the certificate store to retrieve the X509 certificate and private key. Can anyone point out if this is the correct way to get the contents of a certificate and private key and format it as PEM



X509Store store = new X509Store("MY", StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
X509Certificate2Collection collection = (X509Certificate2Collection)store.Certificates;

X509Certificate2Collection fcollection = (X509Certificate2Collection)collection.Find(X509FindType.FindByTimeValid, DateTime.Now, false);
string subjName = "MyTestCertificate";
X509Certificate2Collection fcerts = (X509Certificate2Collection)collection.Find(X509FindType.FindBySubjectName, subjName, false);

X509Certificate2 certificate = fcerts[0];
string certString = certificate.GetRawCertDataString();
//For PEM Encoding use Base64
byte[] base64Cert = Convert.FromBase64String(certString);

string privateKeyXml = certificate.PrivateKey.ToXmlString(true);
XmlDocument keyDoc = new XmlDocument();
keyDoc.LoadXml(privateKeyXml);
string xPath = "//Modulus";
XmlNode keyNode = keyDoc.SelectSingleNode(xPath);
string keyText = keyNode.InnerText;
//Again for PEM encoding
byte[] base64PrivateKey = Convert.FromBase64String(keyText);







Re: .NET Framework Networking and Communication How to work with X509 Certificates and Private Keys in PEM format

Shipra Mishra

Due to security considerations, PrivateKey is not extractable from an x509Certificate2 object.

X509Certificate2.PrivateKey returns the name of the AsymmetricAlgorithm (and not the PrivateKey) unlike the PublicKey property.

Check the MSDN documentation at - http://msdn2.microsoft.com/en-us/library/system.security.cryptography.x509certificates.x509certificate2.privatekey.aspx





Re: .NET Framework Networking and Communication How to work with X509 Certificates and Private Keys in PEM format

Anonymous280z

Thaks for the reply. What you are saying makes a lot of sense from the security perspective. Is there any way to get to the PrivateKey using the .NET library or CryptoAPI

Also if you know if using ConvertFromBase64String is how to get to a PEM encoded data that would be really helpful to. Thanks!




Re: .NET Framework Networking and Communication How to work with X509 Certificates and Private Keys in PEM format

likestoski

So I found out the way to get the certificate data as a string. Here is an example. This is missing the header and footer sections (----BEGIN CERTIFICATE ---- END CERTIFICATE ---) stuff but that is no biggy.

I still have not found the way to get the Private Key into a string in this manner Sad

X509Certificate2 certificate = GetCertificateFromStore("nameOfTheCertificate");
string certificateAsString = Convert.ToBase64String(certificate.GetRawCertData());




Re: .NET Framework Networking and Communication How to work with X509 Certificates and Private Keys in PEM format

likestoski

And here is how you get the Private Key as a text string, happy coding!

Link to Forum Post




Re: .NET Framework Networking and Communication How to work with X509 Certificates and Private Keys in PEM format

likestoski

I have managed to track down where the Private Key's live however I have discovered that they are apparently encrypted. From what I have seen the files are encrypted using (among other things) the login for the user that owns the certificate. Does anyone know what steps I have to take to get the Private Key in a usable form Do you have to use DPAPI in order to decrypt the Private Key file Have I missed some other way within the .NET framework to get the Private Key

The need I have for obtaining and un-encrypting the private key is for use with a third-party product. Any help on this subject will be greatly appreciated!