Get Private Key from BouncyCastle X509 Certificate? C#

Question

Normally when I grab an X509Certificate2 out of my keystore I can call .PrivateKey to retrieve the cert\'s private key as an AsymmetricAlgorithm<

Answer 1

Akp = Org.BouncyCastle.Security.DotNetUtilities.GetKeyPair(this.Certificate.PrivateKey).Private;

Answer 2

Find .NET X509Certificate2:

X509Certificate2 cert = this.FindCertificate(certificateFriendlyName);

Parse it to BouncyCastle certificate and use X509Certificate2Signature to get signature:

var parser = new X509CertificateParser();
var bouncyCertificate = parser.ReadCertificate(cert.RawData);
var algorithm = DigestAlgorithms.GetDigest(bouncyCertificate.SigAlgOid);
var signature = new X509Certificate2Signature(cert, algorithm);

Answer 3

Don't know BouncyCastle that much but it seems to me that the simple thing to do is to recreate the key based on the key parameters.

    public static AsymmetricKeyParameter TransformRSAPrivateKey(AsymmetricAlgorithm privateKey)
    {
        RSACryptoServiceProvider prov = privateKey as RSACryptoServiceProvider;
        RSAParameters parameters = prov.ExportParameters(true);

        return new RsaPrivateCrtKeyParameters(
            new BigInteger(1,parameters.Modulus),
            new BigInteger(1,parameters.Exponent),
            new BigInteger(1,parameters.D),
            new BigInteger(1,parameters.P),
            new BigInteger(1,parameters.Q),
            new BigInteger(1,parameters.DP),
            new BigInteger(1,parameters.DQ),
            new BigInteger(1,parameters.InverseQ));
    }

You can call the code by using

AsymmetricKeyParameter bouncyCastlePrivateKey = TransformRSAPrivateKey(mycert.PrivateKey);

Obviously this assumes that the certificate includes a RSA Key but the same result can be achieved for DSA with DSACryptoServiceProvider and DSAParameters