Search code examples
java.netwcfwcf-securitypublic-key-encryption

How can I convert a private key file from Java into .net x509Certificate2

I am writing a .NET client app that consumes a Java web service and need to sign sent requests (related to this other question).

I have been supplied with a private.key file (and a .X509 certificate) and a Java source example. The certificate looks like the public key of service, and the private.key is what I use to sign requests.

In the Java source, I can see they convert the file to a byte array and pass it into the constructor of the PKCS8EncodedKeySpec class.

A bit of googling suggests this file is a private key hash (though I may be wrong).

Is there any way to use this in .Net or convert it to something .Net can use?

This link mentions converting a public/private key, but I don't have both, or if it would work. Does anyone have more information to work on? such as what this file is exactly?

If I read this in as a byte array and convert it to a string, I get a load of HEX (e.g. AA-BB-06 etc) but I can't convert this to anything useful no matter the encoding I use.

This documentation suggests it is in PKCS #8 standard.

I tried (suggested by @gtrig) the command:

openssl rsa -in pkcs8privatekey.der -inform der -out privatekey.pem

but this gives me the following:

unable to load Private Key
32096:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1306:
32096:error:0D06C03A:asn1 encoding routines:ASN1_D2I_EX_PRIMITIVE:nested asn1 error:tasn_dec.c:830:
32096:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:749:Field=n, Type=RSA
32096:error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib:d2i_pr.c:99:

I also get similar errors with NET and PEM -inform args.

and:

openssl asn1parse -in private.key

gives me the error: 

"Error: offset too large"

I've just found that if I convert it to a base 64 string

  Dim ba As Byte() = IO.File.ReadAllBytes("C:\private.key")
  Dim toString1 As String = System.Convert.ToBase64String(ba)

which gives me a string which starts MIICdgIBADANB and is 924 characters long.

trying the following command gives me

openssl rsa -in private.key -text -noout

unable to load Private Key
17978:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:647:Expec                            ting: ANY PRIVATE KEY

Any further suggestions?

Solution

  • The following commands turn this into a format usable in windows:

    Convert the private key from pkcs8/DER to a PEM file format

    openssl pkcs8 -nocrypt -in dealerPrivate.key -inform der -outform pem -out private.pem

    Convert the certificate from x509/DER to a PEM file format

    openssl x509 -inform der -in dealerCertificate.x509 -out public.pem

    Merge the two files into a pkcs12 file – you will be prompted for password to protect the p12 with

    openssl pkcs12 -export -inkey private.pem -in public.pem -out mycert.p12

    pkcs12 can be used directly in windows.