Search code examples
c#bouncycastlepublic-keycsr

Creating CSR with named curve


I have a CSR generated by OpenSSL command, and I want to generate the same CSR structure using Bouncy castle.

But I have one issue described in the screenshot:

enter image description here

The Bouncy castle CSR is generated by the following code:

var curve = ECNamedCurveTable.GetByName("secp256k1");
var domainParams = new ECDomainParameters(curve.Curve, curve.G, curve.N, curve.H, curve.GetSeed());

var secureRandom = new SecureRandom();
var keyParams = new ECKeyGenerationParameters(domainParams, secureRandom);

var generator = new ECKeyPairGenerator("ECDSA");
generator.Init(keyParams);

var keyPair = generator.GenerateKeyPair();

var privateKey = keyPair.Private as ECPrivateKeyParameters;
var publicKey = keyPair.Public as ECPublicKeyParameters;

IDictionary subjectAttributes = new Hashtable();
subjectAttributes.Add(X509Name.CN, "Test1");
subjectAttributes.Add(X509Name.O, "Test2");
subjectAttributes.Add(X509Name.OU, "Test3");
subjectAttributes.Add(X509Name.C, "SA");
            
DerObjectIdentifier RegisteredAddress = new DerObjectIdentifier("2.5.4.26");

IDictionary subjectAlternativeNameAttributes = new Hashtable();
subjectAlternativeNameAttributes.Add(X509Name.Surname, "TestSN");
subjectAlternativeNameAttributes.Add(X509Name.UID, "010101010101010");
subjectAlternativeNameAttributes.Add(X509Name.T, "1100");
subjectAlternativeNameAttributes.Add(RegisteredAddress, "Test Address");
subjectAlternativeNameAttributes.Add(X509Name.BusinessCategory, "IT");

var subjectName = new X509Name(new ArrayList(subjectAttributes.Keys), subjectAttributes);
var subjectAltNames = new X509Name(new ArrayList(subjectAlternativeNameAttributes.Keys), subjectAlternativeNameAttributes);
var generalNames = new GeneralNames(new[] { new GeneralName(subjectAltNames) });

var extensionsGenerator = new X509ExtensionsGenerator();
extensionsGenerator.AddExtension(MicrosoftObjectIdentifiers.MicrosoftCertTemplateV1, false,
                new DerOctetString(new DisplayText(4, "Test-Signing")));
extensionsGenerator.AddExtension(X509Extensions.SubjectAlternativeName, false, generalNames);

var extensions = extensionsGenerator.Generate();

var signatureFactory = new Asn1SignatureFactory("SHA256WITHECDSA", keyPair.Private);

var attributes = new AttributeX509(PkcsObjectIdentifiers.Pkcs9AtExtensionRequest, new DerSet(extensions));

var requestAttributeSet = new DerSet(attributes);

var certificateRequest = new Pkcs10CertificationRequest(signatureFactory, subjectName, keyPair.Public, requestAttributeSet);

Can you guide me where and what I should change in my code to get the same output as with OpenSSL ? Thanks

any help is appreciated


Solution

  • This code work for me. (C#, MVC)

     ECKeyPairGenerator keyPairGenerator = new ECKeyPairGenerator("ECDSA");
            ECKeyGenerationParameters keyGenParams = new 
     ECKeyGenerationParameters(SecObjectIdentifiers.SecP256k1, new SecureRandom());
            keyPairGenerator.Init(keyGenParams);
            AsymmetricCipherKeyPair keyPairTest = keyPairGenerator.GenerateKeyPair();