An X509 certificate should only contain a public key. It binds the public key to an identity and is signed. RFC 5280 contains the details on X509 certificates.
However, the X509Certificate2
object can contain a private key according to the MSDN documentation.
Also, a keystore, such as a PKCS12 keystore can contain a private key and a corresponding certificate.
PKCS7 is a specification for signing and encrypting messages.
PKCS8 is a specification for private keys.
See PKCS for the differences between different PKCS standards.
The MSDN link above has some example C# code to encrypt and decrypt files. It also has an example makecert
command line to generate a certificate. However this certificate and associated private key is stored in the Windows local user store, so I'm not sure if that will translate correctly to Ubuntu.
There is also some discussion in this SO question about using PKCS12 keystores to instantiate the X509Certificate2
object and then to access the private key. This might be the better way for you to accomplish your goal. You can use openssl to generate a private key, a signed certificate, and import them into a PKCS12 keystore. You can create a PKCS12 keystore using the commands here. For example, create a text file (file.pem) containing both the PEM format of your private key and corresponding X509 certificate. Then run this command:
openssl pkcs12 -export -in file.pem -out file.p12 -name "My Certificate"
Also on the makecert
documentation page, it says, "for testing purposes only". So I wouldn't depend on those certificates for a production secure server.