0

I have this piece of code where its been generated a public and private key using Bouncy Castle API:

        RsaKeyPairGenerator g = new RsaKeyPairGenerator();
        g.Init(new KeyGenerationParameters(new SecureRandom(), 2048));
        AsymmetricCipherKeyPair keyPair = g.GenerateKeyPair();

        RsaKeyParameters privateKey = (RsaKeyParameters)keyPair.Private;
        RsaKeyParameters publicKey = (RsaKeyParameters)keyPair.Public;

I need to export my keys for an ASC file, for example:

  • PublicKey.asc
  • PrivateKey.asc

At the moment, I'm using the code below to create the ASC files:

        TextWriter tw = new StringWriter();
        PemWriter pw = new PemWriter(tw);
        pw.WriteObject(publicKey);
        pw.Writer.Flush();
        string printPublicKey = tw.ToString();
        Console.WriteLine(printPublicKey);

        byte[] pbkasc = Encoding.ASCII.GetBytes(printPublicKey); 
        File.WriteAllBytes("c:\\temp\\PublicKey.asc", pbkasc);

        pw.WriteObject(privateKey);
        pw.Writer.Flush();
        string printPrivateKey = tw.ToString();
        Console.WriteLine(printPrivateKey);

        byte[] pvkasc = Encoding.ASCII.GetBytes(printPrivateKey);
        File.WriteAllBytes("c:\\temp\\PublicKey.asc", pvkasc);

But when I try to import them, to a third party software, Kleopatra for example, I'm receiving the error below:

Error here

I'm beginner with all this encryption stuff. So, I need to know if I'm doing that in the correct way or if there is any other to generate those asc files. I did some research and I find this certificate generator:

        //// Create PFX (PKCS #12) with private key
        //File.WriteAllBytes("c:\\temp\\capronizera.pfx", cert.Export(X509ContentType.Pfx, "senha"));

        //// Create Base 64 encoded CER (public key only)
        //File.WriteAllText("c:\\temp\\mycert.cer",
        //    "-----BEGIN CERTIFICATE-----\r\n"
        //    + Convert.ToBase64String(cert.Export(X509ContentType.Cert), Base64FormattingOptions.InsertLineBreaks)
        //    + "\r\n-----END CERTIFICATE-----");

But unfortunately, it doesn't apply for my issue/question/doubt.

Thanks. :-)

miguelito
  • 111
  • 1
  • 10
  • 1
    The '.asc' suffix is used for PGP 'armor' which is NOT PEM although it looks _similar_, and PGP keys are NOT just the cryptographic key. You need to convert your raw keys to PGP key objects and then write to an ArmoredOutputStream, much like https://stackoverflow.com/questions/21937369/can-i-create-a-reproducible-pgp-keypair-with-a-passphrase-using-bouncycastle-for but without the cooked generation, or more completely https://stackoverflow.com/questions/17953852/ (master+sub) crossed with https://stackoverflow.com/questions/20409819/ . ... – dave_thompson_085 Jun 21 '22 at 05:49
  • 1
    ... Incidentally, Kleopatra and more generally GnuPG do _not_ require asc, they accept binary PGP files including keys just fine. PFX/PKCS12 files and PEM type `-----BEGIN/END CERTIFICATE-----` are used for things based on X.509 certificates, which are NOT the same as and not in any way compatible with PGP (although _GnuPG_ supports _both_ PGP in program `gpg` _and_ X.509/SMIME in _different_ program `gpgsm`). – dave_thompson_085 Jun 21 '22 at 05:51
  • Thanks for the update. So just to make sure I understood correctly, the keys I'm generating with the code above, are raw keys, after generating the raw keys, I need to convert those keys for PGP Objects, and then write to an ArmoredOutPutStream? Need to clarify what I need to do for do not waste time. But for uploading on Kleopatra, I can upload normally the PGP? What suffix should I save to accept on Kleopatra? .pfx, .crt, cer, .pem... – miguelito Jun 22 '22 at 01:47

0 Answers0