How can I export CngKey to PKCS#8 with encryption?
static void Main(string[] args)
{
CngKeyCreationParameters ckcParams = new CngKeyCreationParameters()
{
ExportPolicy = CngExportPolicies.AllowExport,
KeyCreationOptions = CngKeyCreationOptions.None,
KeyUsage = CngKeyUsages.AllUsages,
};
ckcParams.Parameters.Add(new CngProperty("Length", BitConverter.GetBytes(2048), CngPropertyOptions.None));
myCngKey = CngKey.Create(CngAlgorithm.Rsa, "theCngKey", ckcParams);
byte[] privatePlainTextBlob = myCngKey.Export(CngKeyBlobFormat.Pkcs8PrivateBlob);
}
Setting the ExportPolicy to AllowPlainTextExport allows the key to be exported, but only in plain text. I would like to create a PCKS8 blob which is encrypted with a symmetric key.
Thanks
Since CngKey.Export doesn't accept a password, you'd have to manually P/Invoke to NCryptExportKey, providing a NCRYPTBUFFER_PKCS_SECRET value (Unicode/UCS-2 encoded password with explicit null terminator).
http://source.dot.net/#System.Security.Cryptography.Cng/Common/System/Security/Cryptography/ECCng.ImportExport.cs,8b172741466df7a1 can be used as an example of building the parameter list. It's not fun.