I created a ECDsa private with this command:
openssl ecparam -name prime256v1 -genkey -out private-key-02.der -outform DER -noout
and want to import it like this:
let es = ECDsa.Create()
let privKey = System.IO.File.ReadAllBytes "Path\To\file\priate-key-02.der"
es.ImportPkcs8PrivateKey privKey |> ignore
when I run the last line, I get this error:
System.Security.Cryptography.CryptographicException: ASN1 corrupted data.
---> System.Formats.Asn1.AsnContentException: The provided data is tagged with 'Universal' class value '4', but it should have been 'Universal' class value '16'.
at System.Formats.Asn1.AsnDecoder.CheckExpectedTag(Asn1Tag tag, Asn1Tag expectedTag, UniversalTagNumber tagNumber)
at System.Formats.Asn1.AsnDecoder.ReadSequence(ReadOnlySpan`1 source, AsnEncodingRules ruleSet, Int32& contentOffset, Int32& contentLength, Int32& bytesConsumed, Nullable`1 expectedTag)
at System.Formats.Asn1.AsnValueReader.ReadSequence(Nullable`1 expectedTag)
at System.Security.Cryptography.Asn1.AlgorithmIdentifierAsn.DecodeCore(AsnValueReader& reader, Asn1Tag expectedTag, ReadOnlyMemory`1 rebind, AlgorithmIdentifierAsn& decoded)
at System.Security.Cryptography.Asn1.AlgorithmIdentifierAsn.Decode(AsnValueReader& reader, Asn1Tag expectedTag, ReadOnlyMemory`1 rebind, AlgorithmIdentifierAsn& decoded)
--- End of inner exception stack trace ---
at System.Security.Cryptography.Asn1.AlgorithmIdentifierAsn.Decode(AsnValueReader& reader, Asn1Tag expectedTag, ReadOnlyMemory`1 rebind, AlgorithmIdentifierAsn& decoded)
at System.Security.Cryptography.Asn1.AlgorithmIdentifierAsn.Decode(AsnValueReader& reader, ReadOnlyMemory`1 rebind, AlgorithmIdentifierAsn& decoded)
at System.Security.Cryptography.Asn1.PrivateKeyInfoAsn.DecodeCore(AsnValueReader& reader, Asn1Tag expectedTag, ReadOnlyMemory`1 rebind, PrivateKeyInfoAsn& decoded)
at System.Security.Cryptography.Asn1.PrivateKeyInfoAsn.Decode(Asn1Tag expectedTag, ReadOnlyMemory`1 encoded, AsnEncodingRules ruleSet)
at System.Security.Cryptography.Asn1.PrivateKeyInfoAsn.Decode(ReadOnlyMemory`1 encoded, AsnEncodingRules ruleSet)
at System.Security.Cryptography.CngPkcs8.RewritePkcs8ECPrivateKeyWithZeroPublicKey(ReadOnlySpan`1 source)
at System.Security.Cryptography.CngPkcs8.ImportPkcs8PrivateKey(ReadOnlySpan`1 source, Int32& bytesRead)
at System.Security.Cryptography.ECDsaImplementation.ECDsaCng.ImportPkcs8PrivateKey(ReadOnlySpan`1 source, Int32& bytesRead)
at <StartupCode$FSI_0011>.$FSI_0011.main@() in c:\Users\xxx.fs:line 13
Stopped due to error
I am creating the ECDsa private key wrong or do I use the ECDsa class incorrectly?
The OpenSSL statement generates a private EC key in SEC1 format, while ImportPkcs8PrivateKey imports a private key in PKCS#8 format.
A SEC1 key can be imported with ImportECPrivateKey, i.e. replace ImportPkcs8PrivateKey with ImportECPrivateKey in the F# code.
Alternatively, the SEC1 key can be converted to a PKCS#8 key using OpenSSL:
openssl pkcs8 -topk8 -nocrypt -in <path to input-sec1-der> -inform DER -out <path to output-pkcs8-der> -outform DER