I need to convert a generated BouncyCastle X509Certificate to X509Certificate2 with the private key getting loaded in the resulting .NET Standard X509Certificate2 object. Is that possible?
There is an answer for a similar question https://stackoverflow.com/a/8150799/5048935 , but after generating a BouncyCastle certificate and converting it to .NET X509Certificate2 the resulting object has its HasPrivateKey property set to "false".
I need to load a certificate and a private key (separate Base64 strings without headers and footers) to a X509Certificate2 object to pass it on to the app from a .NET Standard 1.6 library. The problem is, there is no PrivateKey property in the X509Certificate2 class in .NET Standard! So the only way for me to actually load the private key in a X509Certificate2 object is to combine it with the certificate itself in a .pfx file and load it like that in a constructor.
I've got suggestions to use BouncyCastle for that ( https://stackoverflow.com/a/44465965/5048935 ), so I first generate a BouncyCastle X509Certificate from the Base64 strings and then try to convert it to X509Certificate2 while retaining the private key.
The best way I've found is to go through an in-memory PFX stream. Assuming you've already loaded your Bouncy Castle cert in bcCert. Note: If you are going to be saving the .NET X509Certificate2 anywhere, the "alias" is what it's going to be called in the UI later, otherwise it's irrelevant (other than it needs to be the same for both calls).
using Org.BouncyCastle.Pkcs;
using Org.BouncyCastle.Security;
using System.IO;
using System.Security.Cryptography.X509Certificates
var pkcs12Store = new Pkcs12Store();
var certEntry = new X509CertificateEntry(bcCert);
pkcs12Store.SetCertificateEntry(alias, certEntry);
pkcs12Store.SetKeyEntry(alias, new AsymmetricKeyEntry(certKey.Private), new[] { certEntry });
X509Certificate2 keyedCert;
using (MemoryStream pfxStream = new MemoryStream())
{
pkcs12Store.Save(pfxStream, null, new SecureRandom());
pfxStream.Seek(0, SeekOrigin.Begin);
keyedCert = new X509Certificate2(pfxStream.ToArray());
}