Trying to create a Private Key and Certificate Request with Bouncycastle .net

StackOverflow https://stackoverflow.com/questions/22880772

Pregunta

I am trying to create a tool for the people in my company to easily create a private key and a certificate request that I can sign with our inhouse CA. Creating the Certificate Request and signing it works good (Using easy-rsa and Openssl on a CentOS server). But When testing the key created OpenSSL is not able to load the key...

I am using BouncyCastle with VB.Net and this code:

Private Sub cmdGenerate_Click(sender As Object, e As EventArgs) Handles cmdGenerate.Click
    Dim c = Me.Cursor
    Me.Cursor = Cursors.WaitCursor
    Dim rsa As New Crypto.Generators.RsaKeyPairGenerator()
    rsa.Init(New Crypto.KeyGenerationParameters(New Security.SecureRandom, 2048))
    Dim keyPair = rsa.GenerateKeyPair
    Dim Name As String = "Richard"
    Dim Folder As String = "C:"
    Dim filename_csr = Folder & "\" & Name & ".csr"
    Dim filename_key = Folder & "\" & Name & ".key"

    'CSR Request
    Dim x509Navn As New Asn1.X509.X509Name("CN=" & txtNavn.Text)
    Dim csr = New Pkcs.Pkcs10CertificationRequest("SHA1WITHRSA", x509Navn, keyPair.Public, Nothing, keyPair.Private)

    Dim IO As New FileStream(filename_csr, FileMode.Create, FileAccess.Write)
    Dim pemWr As New PemWriter(New StreamWriter(IO))
    Dim pemObj As New Utilities.IO.Pem.PemObject("CERTIFICATE REQUEST", csr.GetEncoded())
    pemWr.WriteObject(pemObj)
    pemWr.Writer.Close()

    'Private key
    IO = New FileStream(filename_key, FileMode.Create, FileAccess.Write)
    pemWr = New PemWriter(New StreamWriter(IO))
    Dim priv As Parameters.RsaPrivateCrtKeyParameters = keyPair.Private
    Dim pStruct As RsaPublicKeyStructure = New RsaPublicKeyStructure(priv.Modulus, priv.Exponent)
    pStruct.ToAsn1Object().GetDerEncoded()
    pemObj = New Utilities.IO.Pem.PemObject("PRIVATE KEY", pStruct.ToAsn1Object().GetDerEncoded())
    pemWr.WriteObject(pemObj)
    pemWr.Writer.Close()

    'Show the files
    Process.Start("explorer.exe", "/select," & filename_csr)

    Me.Cursor = c
End Sub

With these imports:

Imports Org.BouncyCastle
Imports Org.BouncyCastle.Pkcs
Imports Org.BouncyCastle.Asn1.Pkcs
Imports Org.BouncyCastle.Asn1.X509
Imports Org.BouncyCastle.X509
Imports Org.BouncyCastle.Crypto
Imports Org.BouncyCastle.Security
Imports Org.BouncyCastle.OpenSsl
Imports System.Text
Imports System.IO

What I notice is that the private key seems wery small compared to keys created with easy-rsa/openssl Here is a sample privatekey/csr

-----BEGIN CERTIFICATE REQUEST-----
MIICWzCCAUMCAQAwGDEWMBQGA1UEAwwNU3RhY2tPdmVyZmxvdzCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBAIcgrpqVckegSCm+V6qY1O4sfdmPEn5MXgxe
nenBIH7pkBTB5EMOZtEC9p5XdSoCVU2F4g64mn43jcHzP+nucqFLICy9hn+CABvT
n5+wj2anHt0RZaxpuDtrFVzXQyXJ2UcxV8xzMHrqOUtwoMAvNS001K0PRra1e8Nu
5lQV2mj9/VfnY6wCsKj8iRDpK0m+R5Wv7IO0TVzPcwHWNFiWl21AV9ForRIHSiSQ
rRSZjCIkIchKsjmXgD3y869bAOG7M66Oix+CDN1Zd0sH7bUqzUbrpTP0wtmGZlJV
ir2YLqTy6gAIJtu7BfLfmnEEd3n9/YH/WGGBEaHGZj584aEADaUCAwEAATANBgkq
hkiG9w0BAQUFAAOCAQEAJS0k1pCC7gd2hBcswhidoSBldY8JWpYcC8rZeyAjX7mc
fVuPbVBXBabtsUyhbol8eyo5RNJAdzcBNAXEZIyVYePy1UAAJqOjyBFlCk7sL7Gr
dXEiJa/hS7+AS8YvwnFKDw1wQ+CEQLFyLed5OgnFYqmzARwcR15rf2CVsoEjhNJW
h0siG4Un2mfLqePgayLErtOH7RsdD+skUaPbcscrTsHOqqo1OUdURL+iR6kTUC7B
pQSchDysYijgMHsv9dtwzBUnqYmOLUSnXQmafDzQ0wylvqY9gzgJhMZFj9rDPU4Z
druRu/cc/nkKZdweHBMZtzFdr3PmHpJOCL4iF0Tpmg==
-----END CERTIFICATE REQUEST-----

And the Private Key:

-----BEGIN PRIVATE KEY-----
MIICCQKCAQEAhyCumpVyR6BIKb5XqpjU7ix92Y8SfkxeDF6d6cEgfumQFMHkQw5m
0QL2nld1KgJVTYXiDriafjeNwfM/6e5yoUsgLL2Gf4IAG9Ofn7CPZqce3RFlrGm4
O2sVXNdDJcnZRzFXzHMweuo5S3CgwC81LTTUrQ9GtrV7w27mVBXaaP39V+djrAKw
qPyJEOkrSb5Hla/sg7RNXM9zAdY0WJaXbUBX0WitEgdKJJCtFJmMIiQhyEqyOZeA
PfLzr1sA4bszro6LH4IM3Vl3SwfttSrNRuulM/TC2YZmUlWKvZgupPLqAAgm27sF
8t+acQR3ef39gf9YYYERocZmPnzhoQANpQKCAQBeXFcxgaz1EZty8wV7DxCaZZ1Y
gI10ftWqI6R4aLHNjkJcDG3e2b64tC4NspsRw+FXqmeKyiSwgRDP4JLARA/uTGzi
cVLr1ZdH10b/l6b8EzX9QDnU5VqOu5+GXpf4WnUNPwrFraasHsX1xWer7QtgTyU4
2JMT4bXUaqwTCdOkPryFzT2mhF3SSJiYw5n0K03fmX1eQf587r0TAPgtPIM/Nd6f
MCPzoqWlc2ey4zZny631D9/hUpSZqC3vkPXe+8nQgVnwB+LG/UGARp3k1X6WNzHp
puU1ARRxScce9THCx0JNndsvFIWF+px7+vfwytdHTgbdyiF3vJTwRES2lzaB
-----END PRIVATE KEY-----

Error messages returned by OpenSSL when trying to decrypt a file is this:

# openssl smime -decrypt -binary -in test.txt.enc -out test.txt -aes256 -recip stackoverflow.crt -inkey stackoverflow.key
unable to load signing key file
139728669665096:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1319:
139728669665096:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:381:Type=X509_ALGOR
139728669665096:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:751:Field=pkeyalg, Type=PKCS8_PRIV_KEY_INFO
139728669665096:error:0907B00D:PEM routines:PEM_READ_BIO_PRIVATEKEY:ASN1 lib:pem_pkey.c:132:

Command when encrypting file:

# openssl smime -encrypt -binary -in test.txt -out test.txt.enc -aes256 stackoverflow.crt

Best Regards, Richard Hagen

¿Fue útil?

Solución

I solved the issue with Pkcs8Generator.Generate() instead of creating my own PemObject, works like a charm! :D

    'Private key
    Dim pkcs8 As New OpenSsl.Pkcs8Generator(keyPair.Private)
    IO = New FileStream(filename_key, FileMode.Create, FileAccess.Write)
    pemWr = New PemWriter(New StreamWriter(IO))
    pemWr.WriteObject(pkcs8.Generate())
    pemWr.Writer.Close()
Licenciado bajo: CC-BY-SA con atribución
No afiliado a StackOverflow
scroll top