我需要将 ECC 证书导入 C# 中的 Windows 密钥库。作为第一步,我使用 BouncyCastle 生成 EC 密钥对,使用公钥创建 X509 证书,并使用 ECDSA 和私钥对其进行签名,即:
var ecKeyPairGenerator = new ECKeyPairGenerator("ECDSA");
ECKeyGenerationParameters ecKeyGenParams =
new ECKeyGenerationParameters(SecObjectIdentifiers.SecP384r1, new SecureRandom());
ecKeyPairGenerator.Init(ecKeyGenParams);
AsymmetricCipherKeyPair pair = ecKeyPairGenerator.GenerateKeyPair();
PrivateKeyInfo privKeyInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(pair.Private);
SubjectPublicKeyInfo pubKeyInfo = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(pair.Public);
X509V3CertificateGenerator bcX509Gen = new X509V3CertificateGenerator();
// set cert fields
...
bcX509Gen.SetPublicKey(pair.Public);
Asn1SignatureFactory bcSigFactory =
new Asn1SignatureFactory(X9ObjectIdentifiers.ECDsaWithSha384.Id, pair.Private);
X509Certificate bcCert = bcX509Gen.Generate(bcSigFactory);
然后,我使用上面创建的证书创建一个 X509Certificate2,即:
SystemX509.X509Certificate2 msCert2 =
new SystemX509.X509Certificate2(bcCert.GetEncoded(), (string)null);
但是,在创建 X509Certificate2 时会引发异常:
'msCert2.PublicKey.Key' threw an exception of type 'System.NotSupportedException'
"The …