时间戳

首页 > 解决方案 > Generating keys for RSA dotnet core

.net-core - Generating keys for RSA dotnet core

问题描述

I'm attempting to import an RSA Public key into dotnet with the following:

var rsa = RSA.Create();
rsa.ImportRSAPublicKey(Convert.FromBase64String(PublicKey), out _);

key was was generated with:

openssl genrsa -out name_of_private_key.pem 2048
openssl rsa -in name_of_private_key.pem -pubout > name_of_public_key.pem

output:

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtZL7iKRPSxrCflER6j/I
wB9fODXJgfxR4UBSU3oUJ8tIaBBnDrcutfXDfc7lZ9HcCZccvUsMzFKGJuvHthCE
/LNJmZtRRd02aLynoZSWqDBerCdRqXHbecMfK8KPxQSsWfinNiyFG76vTX2+V8P6
t4Cu8bM8j7foSBgOmECCSOjTuCG4bvKVS3bnu2lSBNgCjEMltk9W/3oSzKbN/mwn
GfViaXU5a1Zps3jLbx/z58o3Sb25QfQKU4xeohcx+Wj6d14lI80RErS1QTqSQ1rz
10Cs/Q1MudWstckqyE/u048GtXzQCzQOe4hWlyrcFqfiEAbV2jPLU61oer4/wT+0
7QIDAQAB
-----END PUBLIC KEY-----

However this returns

System.Security.Cryptography.CryptographicException: ASN1 corrupted data.

To import the key I'm taking the text between the headers and removing newlines, nothing else. I have noticed that rsa.ImportSubjectPublicKeyInfo DOES appear to work, however I'm not attempting to generate an X.509 key, I would like a PKCS#1 key so I can use the code above.

Guessing I've messed up the openssl commands?

标签: .net-corersaasp.net-core-3.1

解决方案

您可以使用以下 OpenSSL 语句将发布的 X.509/SPKI 密钥转换为 PKCS#1 公钥:

openssl rsa -pubin -RSAPublicKey_out -in name_of_public_key.pem > name_of_public_key_conv_pkcs1.pem

这将为name_of_public_key_conv_pkcs1.pem返回以下密钥:

-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAtZL7iKRPSxrCflER6j/IwB9fODXJgfxR4UBSU3oUJ8tIaBBnDrcu
tfXDfc7lZ9HcCZccvUsMzFKGJuvHthCE/LNJmZtRRd02aLynoZSWqDBerCdRqXHb
ecMfK8KPxQSsWfinNiyFG76vTX2+V8P6t4Cu8bM8j7foSBgOmECCSOjTuCG4bvKV
S3bnu2lSBNgCjEMltk9W/3oSzKbN/mwnGfViaXU5a1Zps3jLbx/z58o3Sb25QfQK
U4xeohcx+Wj6d14lI80RErS1QTqSQ1rz10Cs/Q1MudWstckqyE/u048GtXzQCzQO
e4hWlyrcFqfiEAbV2jPLU61oer4/wT+07QIDAQAB
-----END RSA PUBLIC KEY-----

或者,您可以使用以下 OpenSSL 语句直接生成 PKCS#1 公钥:

openssl genrsa -out name_of_private_key.pem 2048
openssl rsa -in name_of_private_key.pem -RSAPublicKey_out > name_of_public_key_pkcs1.pem

可以使用您发布的代码导入 PKCS#1 格式的公钥,例如

var PublicKey = @"-----BEGIN RSA PUBLIC KEY-----
                MIIBCgKCAQEAtZL7iKRPSxrCflER6j/IwB9fODXJgfxR4UBSU3oUJ8tIaBBnDrcu
                tfXDfc7lZ9HcCZccvUsMzFKGJuvHthCE/LNJmZtRRd02aLynoZSWqDBerCdRqXHb
                ecMfK8KPxQSsWfinNiyFG76vTX2+V8P6t4Cu8bM8j7foSBgOmECCSOjTuCG4bvKV
                S3bnu2lSBNgCjEMltk9W/3oSzKbN/mwnGfViaXU5a1Zps3jLbx/z58o3Sb25QfQK
                U4xeohcx+Wj6d14lI80RErS1QTqSQ1rz10Cs/Q1MudWstckqyE/u048GtXzQCzQO
                e4hWlyrcFqfiEAbV2jPLU61oer4/wT+07QIDAQAB
                -----END RSA PUBLIC KEY-----".
                Replace("-----BEGIN RSA PUBLIC KEY-----", "").
                Replace("-----END RSA PUBLIC KEY-----", "").
                Replace("\r\n", "");
var rsa = RSA.Create();
rsa.ImportRSAPublicKey(Convert.FromBase64String(PublicKey), out _);

RSAParameters parameters = rsa.ExportParameters(false);
Console.WriteLine(new BigInteger(parameters.Exponent, true, true)); // 65537
Console.WriteLine(new BigInteger(parameters.Modulus, true, true));  // 22921612997464368147681940553984745387167552018036344531503795467063837226615581953768444015539628345845035732103113334279875993301411098168640007990192163617624452836576802897196284289413557038039593995983320236405640276117810563150914793233680115042600127677172037054986051882799772185194759951925398974095268701931531156047608941244890064857847352301510189736406400522269201574332107656671336685945934753045233371160604896169352804846566979618872110365310073347596127824815830796826711019699206801083371733500629381548849681219453339114997443300562712444634750316194264179142382642144192449752430619501209065600237

推荐阅读