1

I'm trying to access the Google Analytics API from a VB.NET server application. My app falls into the category of a "service account" application, so I'm not requesting credentials from the user--the app has its own credentials, which it uses to retrieve data from Google to show to the user.

The service-account OAuth2 workflow requires the application to generate a JWT (JSON Web Token) as a means of authenticating itself. I found a .NET library to generate these tokens, but I'm a little confused on which "key" to give this library. In the library's documentation, the example key given is a base-64-looking string of numbers and uppercase and lowercase letters. But what I have is a .p12 private-key file and the corresponding password. How can I extract some kind of textual key from this key file?

I tried to do something like

Dim cert As New X509Certificate2("C:\Users\xxxxx\private.p12", "notasecret")
Dim certData As Byte() = cert.Export(X509ContentType.Pkcs12, "notasecret")

but this leaves me with a byte array, not a string. Am I on the right track here?

bdesham
  • 15,430
  • 13
  • 79
  • 123
  • i don't think you can extract a private key from anything. – Daniel A. White Mar 04 '13 at 18:23
  • Is this helpful? Export a certificate with the private key: http://technet.microsoft.com/en-us/library/cc737187(v=ws.10).aspx. A Google search on [certificate export private key] returns many promising results. – Jim Mischel Mar 04 '13 at 20:19
  • @DanielA.White I'm not sure what you mean... PKCS12 is "an archive file format commonly used to directly store a private key along with its X.509 certificate." ([Wikipedia](http://en.wikipedia.org/wiki/PKCS_12)) – bdesham Mar 06 '13 at 14:28
  • @JimMischel Thanks, but that's for extracting certificates from the system's collection... I'm trying to programatically extract a key from a file. A little more Googling didn't help. – bdesham Mar 06 '13 at 14:30
  • Well, the pkcs12 utility (OpenSSL) can read the file and export the keys. So in the worst case you can locate the source for that program and reverse-engineer it. But it sure looks like this should answer your question: http://stackoverflow.com/q/5036590/56778. And, yes, the certificate is a byte array. When you see a text representation, it's typically base64 encoded. – Jim Mischel Mar 06 '13 at 14:41

1 Answers1

3

I believe I've figured out what to do:

Dim PrivateKeyPath As String = "C:\Users\xxxxx\privatekey.p12"
Dim CertificatePassword As String = "notasecret"

Dim cert As New X509Certificate2(PrivateKeyPath, CertificatePassword,
                                 X509KeyStorageFlags.Exportable)
Dim certData As Byte() = cert.Export(X509ContentType.Pkcs12, CertificatePassword)
Dim keyString As String = Convert.ToBase64String(certData)

As @Jim Mischel pointed out, I just needed to encode the key data in base-64.

By the way, adding the X509KeyStorageFlags.Exportable flag fixed a CryptographicException (“Key not valid for use in specified state.”) while trying to export the key.

bdesham
  • 15,430
  • 13
  • 79
  • 123