4

I'm trying to re-use the key pair I generated for creating a PKCS10 Certificate Signing request, but I cannot figure out what the format of this private key is.

To create the key, I'm using the CERTENROLLLib CX509PrivateKey class.

I've set the Private Key ProviderType to XCV_PROV_RSA_FULL, and when I export it (trying to figure out what format it is) I use 

Export("PRIVATEBLOB", EncodingType.XCN_CRYPT_STRING_BASE64)

When I export it, the private key always starts with "BwIAAACkAABSU0E"

Does anyone know what format this is? I thought ANS.1 DER Encoding always started with "MII" or someting like that.

N Kumar
  • 1,302
  • 1
  • 18
  • 25
Zach
  • 183
  • 1
  • 8

1 Answers1

4

I think I answered my own question:

The command

Export("PRIVATEBLOB", EncodingType.XCN_CRYPT_STRING_BASE64)

exports the private key as a BASE64 encoded CSP blob. In order to import is using the C# RSA libraries I had to use the following:

RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
byte[] CryptoKey = Convert.FromBase64String(base64CspBlob);
rsa.ImportCspBlob(CryptoKey);

That did it!

Zach
  • 183
  • 1
  • 8
  • 1
    Thanks for reporting back. I guessed as much but I wasn't able to test, ran out of time. Horrible API documentation, glad you figured it out. – Maarten Bodewes Jan 21 '16 at 22:38