Search code examples
encryptioncertificatep7b

Encrypt data with p7b

How to encrypt byte array with p7b cert in .net6? I have to do it 'on the fly', without installing cert on my machine. I can store byte64 string in config, but what next? I've tried with X509Certificate2(certBytes) but does not work for me. Any ideas or examples?

Solution

  • For the import of a PKCS#7/.p7b file, SignedCms.Decode() can be used.

    The Certificates property provides a list of the certificates contained, from which the certificate in question can be determined.

    The public key can then be extracted from this, which can finally be used for encryption.

    Sample code:

    using System.Security.Cryptography;
using System.Security.Cryptography.Pkcs;
using System.Security.Cryptography.X509Certificates;

...

string certPkcs7Pem = @"-----BEGIN PKCS7-----
MIIDnAYJKoZIhvcNAQcCoIIDjTCCA4kCAQExADALBgkqhkiG9w0BBwGgggNvMIID
azCCAlOgAwIBAgIUZHKTKuZUNTr2YOAjYcIGL8BA/uYwDQYJKoZIhvcNAQELBQAw
RTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGElu
dGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yMzExMjAxNzA4NTdaFw0yNDExMTkx
NzA4NTdaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYD
VQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDPnM9a8TNIT8fcj/QcG5AQ/Hghs3PQNSpX52oPoEVq4fNf
3O1gNDVRWU/A5jZyevho7CN5eLu66MNmuVWlB8uUKjOAdV9lZfGBG/RHaUgAjxjz
vr6FJUDGYKeBs2La0h5wVnznA2PrTeDygdsjk4EwjCqGZLBm9/MzEDjmJGX8g3rx
cDRqtj0dGMoEAKb8Qe7of+/7gMAdL/e4ah5I8pn6S+yklcizPMs6lgNzGsnOa29V
6h65HdkZ3MuxeDPLH7Z8l4ka+frDTv2y53d99d/X5BcmOO1l7LrgirXhfrfqgZN9
qqefmwQb48BUiEI7s+8bJskdkc9/2dekLo5VgtpfAgMBAAGjUzBRMB0GA1UdDgQW
BBRfeiVpG6aM8da1mtUOjyym0EAwGDAfBgNVHSMEGDAWgBRfeiVpG6aM8da1mtUO
jyym0EAwGDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBk4ePL
NagcsTa1mRNND1NqTRd2ziaygiszxBXI5l7kqKXhhWaEVd3zJqQhnKuH0S7VnoW9
oxUhIBmYFl9Bl5yg22YIrypdWjp1ZggrbnsSBGZiMzEuD/q/9CfduON0FVWc2LVA
XxNCUHis3BwCrs0943L9yd4Nzpp083Fq8tDSrNBvYHCrYgpealV1ynYK7XKKrYVJ
sEc0XU8obqUcsAVxmyOW9cA0D7lBYu6efqwkfOQCFp/HVOrKyBjAja0KeW0zb0Q3
1mXNerqx7Z4w1iE+0jKIWXCYhMNb4RQ4YUKahPos5TD5VDRVSzMTGqZuxqvCIJHp
EHIkK0Zod+1tgsE3oQAxAA==
-----END PKCS7-----";

// PEM -> DER
PemFields pemFields = PemEncoding.Find(certPkcs7Pem);
byte[] cert = Convert.FromBase64String(certPkcs7Pem[pemFields.Base64Data]);

// Import PKCS#7 certificate
SignedCms signedCms = new SignedCms();
signedCms.Decode(cert);
X509Certificate2Collection x509Certificate2Collection = signedCms.Certificates; 
using X509Certificate2 x509Certificate2 = x509Certificate2Collection[0];

// Extract public key
using RSA rsa = x509Certificate2.GetRSAPublicKey();

// Encrypt 
byte[] ciphertext = rsa.Encrypt(Encoding.UTF8.GetBytes("The quick brown fox jumps over the lazy dog"), RSAEncryptionPadding.Pkcs1);
Console.WriteLine(Convert.ToBase64String(ciphertext));