I created a self signed PFX X509Certificate2 (using this answer) but for some reason, the private key of the certificate is throwing a NotSupportedException despiste a true HasPrivateKey property.
string password = "MyPassword";
ECDsa ecdsa = ECDsa.Create();
CertificateRequest certificateRequest = new CertificateRequest("cn=foobar", ecdsa, HashAlgorithmName.SHA256);
X509Certificate2 cert = certificateRequest.CreateSelfSigned(DateTimeOffset.Now, DateTimeOffset.Now.AddYears(5));
File.WriteAllBytes("e:\\mycert.pfx", cert.Export(X509ContentType.Pfx, password));
//I tried to load the with every flag without success...
X509Certificate2 loadedCert = new X509Certificate2("e:\\mycert.pfx", password);
if (loadedCert.HasPrivateKey)
{
//loadedCert.HasPrivateKey is true but loadedCert.PrivateKey raise a NotSupportedException...
using (RSACryptoServiceProvider rsa = (RSACryptoServiceProvider)loadedCert.PrivateKey)
{
byte[] encryptedBytes = rsa.Encrypt(Encoding.UTF8.GetBytes("Hello"), false);
byte[] decryptedBytes = rsa.Decrypt(encryptedBytes, false);
string result = Encoding.UTF8.GetString(decryptedBytes);
}
}
Some have mentioned that calling the Export of the certificate would fix the private key but it didn't work for me. I'm probably missing something but I can't figure what it could be. Is there a missing parameter somewhere?
You are creating ECDSA key pair, while X509Certificate2.PrivateKey supports only DSA and RSA private keys that are stored in legacy cryptographic service provider (CSP). ECDSA is always stored in key storage provider (KSP) which is not supported by this property. Instead, you must use GetECDsaPrivateKey extension method: GetECDsaPrivateKey(X509Certificate2)