0

We have a secure key store which features a PKCS#11 interface. We access keys on it using the PKCS#11 Interop Library for .NET. We also need to import keys from certificates. How to import the PrivateKey of an X509Certificate2 via our PKCS#11 interface into our key store?

var key = x509Certificate2.PrivateKey;

var attributes = new List<ObjectAttribute>();

// What to do here? How to fill in the key into those attributes?

pkcs11Session.CreateObject(attributes);
D.R.
  • 20,268
  • 21
  • 102
  • 205
  • What's the concrete question? What attributes you need? Or how you get the actual key from the `AsymmetricAlgorithm` object? – Fabian Schmied Dec 12 '18 at 07:55
  • Both, I guess. I can obtain a "CSP blob" from the AsymmetricAlgorithm object by casting it to `RSACryptoServiceProvider`, however, I don't know how to convert the CSP blob into a list of object attributes which make up a key in terms of PKCS#11. – D.R. Dec 12 '18 at 07:58

1 Answers1

0

If your question is about how to actually extract the private key details from an X509Certificate2.PrivateKey, here is an example with a PFX file:

var certificate = new X509Certificate2(@"self-signed.pfx", "password", X509KeyStorageFlags.Exportable);
var rsaPrivateKey = certificate.GetRSAPrivateKey();
var parameters = rsaPrivateKey.ExportParameters(true);

However, the exact code depends on a few things, namely

  • how the certificate is created and whether it actually contains a private key reference (in this case, yes, imported from PFX),
  • whether the key is exportable (in this case, yes), and
  • the type of private key (in this case, RSA).

I can't help you about how to convert that into the attributes required by your library, though, maybe someone else can chime in here.

Fabian Schmied
  • 3,885
  • 3
  • 30
  • 49