3

I've try to create self-signed x509 v3 certificate using Bouncy Castle in C# like this

        var kpgen = new RsaKeyPairGenerator();

        kpgen.Init(new KeyGenerationParameters(new SecureRandom(new CryptoApiRandomGenerator()), 1024));

        var cerKp = kpgen.GenerateKeyPair();

        IDictionary attrs = new Hashtable();
        attrs[X509Name.E] = "E-Mail";
        attrs[X509Name.CN] = "Name";
        attrs[X509Name.O] = "SIT";
        attrs[X509Name.C] = "TH";


        IList ord = new ArrayList();
        ord.Add(X509Name.E);
        ord.Add(X509Name.CN);
        ord.Add(X509Name.O);
        ord.Add(X509Name.C);

        X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();

        certGen.SetSerialNumber(BigInteger.One);
        certGen.SetIssuerDN(new X509Name(ord, attrs));
        certGen.SetNotBefore(DateTime.Today.Subtract(new TimeSpan(1, 0, 0, 0)));
        certGen.SetNotAfter(DateTime.Today.AddDays(365));
        certGen.SetSubjectDN(new X509Name(ord, attrs));
        certGen.SetPublicKey(cerKp.Public);
        certGen.SetSignatureAlgorithm("SHA1WithRSA");
        certGen.AddExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false));
        certGen.AddExtension(X509Extensions.AuthorityKeyIdentifier, true, new AuthorityKeyIdentifier(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(cerKp.Public)));
        X509Certificate x509 = certGen.Generate(cerKp.Private);


        System.Security.Cryptography.X509Certificates.X509Certificate x509_ = DotNetUtilities.ToX509Certificate(x509.CertificateStructure);
        System.Security.Cryptography.X509Certificates.X509Certificate2 x509__ = new System.Security.Cryptography.X509Certificates.X509Certificate2(x509_);


        byte[] cert_data = x509__.Export(System.Security.Cryptography.X509Certificates.X509ContentType.Cert);
        byte[] pvk_data = x509__.Export(System.Security.Cryptography.X509Certificates.X509ContentType.Pfx, maskedTextBox1.Text);

        FileStream fs = new FileStream(certificateFileName, FileMode.CreateNew);
        fs.Write(cert_data, 0, cert_data.Length);
        fs.Flush();
        fs.Close();

        FileStream fs2 = new FileStream(privateKeyFileName, FileMode.CreateNew);
        fs2.Write(pvk_data, 0, pvk_data.Length);
        fs2.Flush();
        fs2.Close();

but when I try to use the certificate to sign an file there's a problem

        X509Certificate2 cert = new X509Certificate2(privatekeyfile, password);
        RSACryptoServiceProvider RSA = (RSACryptoServiceProvider)cert.PrivateKey;

the RSA is null so the cert seem to be incorrect

carryall
  • 482
  • 3
  • 10
  • 21
  • Oh Thanks, I've already got the answer from the same link – carryall Sep 01 '11 at 15:57
  • [here][1] is the answer [1]: http://stackoverflow.com/questions/3770233/is-it-possible-to-programmatically-generate-an-x509-certificate-using-only-c/3771913#3771913 – carryall Sep 01 '11 at 16:00
  • Note; `SetSignatureAlgorithm` is obsolete, use `ISignatureFactory signatureFactory = new Asn1SignatureFactory("SHA1WithRSA", issuerKeys.Private, random);` in combination with `certGen.Generate(signatureFactory)` instead – wobuntu Jan 07 '19 at 19:00

0 Answers0