3

Here is the scenario:

I have several .pfx files and I need to store them in a MySQL DB.

I already tried to store the RawData thing, but when I try to sign a xml using the reconstructed certificate I get:

Signing key is not loaded.

Well so I tried to store the private key, using the function ToXmlString to generate a string from the private key and FromXmlString to load the new string, but then I get:

Object contains only the public half of a key pair. A private key must also be provided.

The point is, how to correctly store the certificate and its keys in the DB in a way that I can reconstruct it and use it for digital signing documents?

Update:

Already tried this and didn't work: Store an X509Certificate2 in DB

Don't Panic
  • 13,965
  • 5
  • 32
  • 51
Alan Araya
  • 701
  • 1
  • 12
  • 27

1 Answers1

4

The certificate only includes the public key, so storing only that won't work.

On the other hand, cert.PrivateKey.ToXmlString(true) should work. Are you sure that you remembered to call it with the includePrivateParameters argument set to true and that you imported it as exportable?

X509Certificate2 cert = new X509Certificate2("key.pfx", "password", X509KeyStorageFlags.Exportable);
string xml = cert.PrivateKey.ToXmlString(true);

Alternatively, you could just store the entire pfx in the database.

Rasmus Faber
  • 48,631
  • 24
  • 141
  • 189
  • it gave me an error trying set the private parameters to true.How to store the whole pfx? serialize it? it doesn´t loose the keys... properties and etc? – Alan Araya Jul 04 '12 at 21:26
  • @AlanAraya: I would just store the raw contents of the pfx file. Alternatively, check the way you imported the pfx file (see the edited answer). – Rasmus Faber Jul 04 '12 at 21:37
  • Yeah thanks Faber.....it was missing the X509KeyStorageFlags.Exportable parameter.....Don´t know, but withought it just don´t work... – Alan Araya Jul 05 '12 at 10:54