3

I'm trying to generate RSA X509 public/private key to dynamically, below is how I do it with openssh command line:

openssl genrsa -out privatekey.pem 1024
openssl req -new -x509 -key privatekey.pem -out publickey.cer -days 1825
openssl pkcs12 -export -out public_privatekey.pfx -inkey privatekey.pem -in publickey.cer

Also how do I add passphrase to encrypt the private key?

and I only got here by far

//Generate a public/private key pair.  
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();

//Save the public key information to an RSAParameters structure.  
RSAParameters rsaKeyInfo = rsa.ExportParameters(true);

I have used this class however it does not result into a valid SSL, when I submit it to developer portal it did not get accepted as valid public key: developer.xero.com/myapps

Regards

Mason.Chase
  • 897
  • 1
  • 10
  • 21
  • Clarification needed: do you want to create certificate from RSAParameters alone? – Igor B Jun 08 '19 at 14:26
  • Please educate me what are the params, I am not sure if there are other parameters missing in standard X509 format? I need to do what openssl does in command line. – Mason.Chase Jun 09 '19 at 04:36

1 Answers1

3

Note that I have replaced the RSACryptoServiceProvider class with the recommended RSA base class which is cross-platform and also the better RSA implementation.

This SO question put me in the right direction.

using (var rsa = RSA.Create(1024))
{
    var distinguishedName = new X500DistinguishedName($"CN=SelfSignedCertificate");
    var request = new CertificateRequest(distinguishedName, rsa, HashAlgorithmName.SHA256,RSASignaturePadding.Pkcs1);
    var certificate = request.CreateSelfSigned(DateTimeOffset.Now, DateTimeOffset.Now.AddDays(1825));

    // Create PFX (PKCS #12) with private key
    File.WriteAllBytes("privatekey.pfx", certificate.Export(X509ContentType.Pfx, "RGliXtaLkENste"));

    // Create Base 64 encoded CER (public key only)
    File.WriteAllText("publickey.cer",
        "-----BEGIN CERTIFICATE-----\r\n"
        + Convert.ToBase64String(certificate.Export(X509ContentType.Cert), Base64FormattingOptions.InsertLineBreaks)
        + "\r\n-----END CERTIFICATE-----");
}

I have tested the resulting .cer file on xero so it should work

  • 1
    I have used this class however it does not result into a valid SSL, when I submit it to developer portal it did not get accepted as valid public key: https://developer.xero.com/myapps/ – Mason.Chase Jun 09 '19 at 04:35
  • @Mason.Chase I have updated my answer to generate a `.cer` and a `.pfx` file, I have also uploaded the `.cer` file to a demo xero app –  Jun 09 '19 at 08:09
  • Hi Elphas, thanks for the answer, how do I export private key in PEM format? – Mason.Chase Jun 10 '19 at 05:24
  • @Mason.Chase You would need to export the parameters from the RSA provider and use the algorithms I added in previous edits to produce the PEM file. I'll add back the methods to generate the file at some point. –  Jun 10 '19 at 09:10