我正在为Windows编写一个.NET 6应用程序,该应用程序旨在从包含RSA证书/密钥捆绑包的PFX文件中提取私钥。
public static Boolean ToCertAndKey(String pfxFilePath, String? unlockPassword, String certFilePath, String keyFilePath, String? keyPassword, out String error) {
try {
error = String.Empty;
using var bundle = new X509Certificate2(pfxFilePath, unlockPassword);
RSA key = bundle.GetRSAPrivateKey();
Byte[] publicKeyBytes = key.ExportSubjectPublicKeyInfo();
Byte[] privateKeyBytes;
//We fail here.
if (String.IsNullOrEmpty(keyPassword)) {
privateKeyBytes = key.ExportPkcs8PrivateKey();
} else {
privateKeyBytes = key.ExportEncryptedPkcs8PrivateKey(keyPassword,
new PbeParameters(
PbeEncryptionAlgorithm.Aes256Cbc,
HashAlgorithmName.SHA256,
iterationCount: 1));
}
String encodedCert = new(PemEncoding.Write("PUBLIC KEY", publicKeyBytes));
File.WriteAllText(certFilePath, encodedCert);
String encodedKey = new(PemEncoding.Write("PRIVATE KEY", privateKeyBytes));
File.WriteAllText(keyFilePath, encodedKey);
return true;
} catch (Exception ex) {
error = $"An exception occurred: '{ex.Message}'rnrnStack Trace:rn{ex.StackTrace}";
return false;
}
}
它在ExportPkcs8PrivateKey(当我没有指定密码来加密密钥时(和ExportEncryptedPkcs8PrivateKey(当我指定密码时(都失败,并且出现相同的异常文本:
WindowsCryptographicException: The requested operation is not supported
然而,我遇到了这个答案,我仍然在RSA.ExportEncryptedPkcs8PrivateKey收到同样的异常。
我一直在测试的PFX文件似乎没有任何问题;我可以通过UI或PowerShell将它们导入到我的证书库中,而不会出现任何问题。
希望其他人遇到这个问题。
您需要将密钥标记为可导出。
更改
using var bundle = new X509Certificate2(pfxFilePath, unlockPassword);
至
using var bundle = new X509Certificate2(pfxFilePath, unlockPassword, X509KeyStorageFlags.Exportable);