How to import PKCS1 keys from a PEM file containing Private / Public keys in .Net Core





.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box;
}







0















I am trying to load the Private and Public keys from a PEM file using .Net Core.
My code looks like this:



var localPath = Path.GetDirectoryName(System.Reflection.Assembly.GetExecutingAssembly().Location);
var path = Path.Combine(localPath, this._configManager.JwtPem);
var rsaCryptoServiceProvider = new RSACryptoServiceProvider();

var linesList = File.ReadAllLines(path).ToList();
var line = string.Concat(linesList.GetRange(1, linesList.Count - 2));

rsaCryptoServiceProvider.ImportCspBlob(Convert.FromBase64String(line));


The exception I am getting is:



Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException : Bad Version of provider
at Internal.NativeCrypto.CapiHelper.ImportKeyBlob(SafeProvHandle saveProvHandle, CspProviderFlags flags, Boolean addNoSaltFlag, Byte keyBlob, SafeKeyHandle& safeKeyHandle)
at System.Security.Cryptography.RSACryptoServiceProvider.ImportCspBlob(Byte keyBlob)
at StepNexusCA.ServiceLayer.Authorization.TokenService.GenerateToken(List`1 claims)


The PEM file containing the PKCS1 format of my development Private/Public keys is here:



-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAwgs8kmIwk+4geRO7dGZjzYpgD2OiaUrnOOIk+ObXt/CcjhwX
lSst+jBmfMF1Wp/mF4aUQsePxN59MYV2BsqPLEkzVdq/fb/7V2wbZcooJAQKkJwT
emtYHrBN00KBBeu9uQZlFOw365ij4GrbP7mcr4tNFZ3TPnRFUUFqhvB6mEG1aZsb
lOn1lgL34tAycQHNxttXz/aGfPyTefQ+yISvSY2n8288OVlyfu6wKDONQYS+/stC
tCV+a+/dDUSUjaZsXM1+BMSflsINqIcCTCMvPa6fb5Z+USfPDcDNwzUyX20LBzH5
wFwPLIvuoqJeeczcaHaT+dS2ZZREj6kgUsdC+QIBAwKCAQEAgVzTDEF1t/QVpg0n
ou7tM7GVX5fBm4dE0JbDUJnlJUsTCWgPuMdz/CBEUyujkb/uulm4LIUKgz7+IQOk
BIcKHYYiOTx/qSqnj51nmTFwGAKxtb1iUZzlacrejNcArp0pJgRDY0glR7sX6vHn
f9ETH7IzY76M1E2Di4Dxr0r8ZX/3ozsrSXp+GMJLeN9sCjKSyxoE5Y71eDBTCX2N
tShJJjhqUDz61bhKlX9j5c3jWvTXx46dE8wjoJ/BW1XJo5J1gzHQ/OLYeOXIdxlj
jVSlEuU69UT588B7UEEK9N9xK5K/c0Yw5gd02RUv/o7qdpYQICeGtQMMaFkm75xy
nUOxwwKBgQD/orUvgNJfFKyvGY8XJTuek5q8IcFD8AFO3b7pNnPynw8llyEpACAv
Onf9aJSPZvtrabSqrpO8k8Ijyhe2Ino39GuRV8RURl46GmFN31RoYV1wHI4K7Emh
68cdKbCEBudog+kImImldBAfo+QmBtqhS+u4B5qQwwnFa8DriQoiYwKBgQDCUg0r
Jd/ZXDLXk/H5PHpTApmUVd7SWLLIDfkBAlRO8Sni4/Ka+KTTZDec5uoo0hoP6cCs
Z9+MZz4XOiwv9dCEI5czMawGmwsm23+fGM/PP/lW4yD8dz10KZggKjWElymDVl+n
zsc6ctwHAOfYwREi7E+R4rWTBgTEvH2I3deV8wKBgQCqbHjKVeGUuHMfZl9kw30U
YmcoFoDX9VY0k9SbeaKhv19uZMDGABV00aVTmw2071JHm83HHw0oYoFtMWUkFvwl
TZ0Lj9g4Lul8EZYz6jhFlj5KvbQHSDEWnS9oxnWtWe+bAptbEFvDorVqbULEBJHA
3UfQBRG111vY8oCdBgbBlwKBgQCBjAjHbpU7ksyPt/amKFGMrGZi4+nhkHcwCVCr
VuLfS3FB7UxnUG3iQs+970bF4Wa1RoBy7+pdmilk0XLKo+BYF7oiIR1ZvLIZ56pq
EIqKKqY57MCoT35NcRAVcXkDD3ECOZUaidom9z1aAJqQgLYXSDUL7HkMrq3YfakF
6Tpj9wKBgEPCSW7EMFjK2NzmB+4b+skxXcfCZ0ldNtwoUDijuAMFg8ueC3j2qFUX
bAXSApi3mQMow1/JwQxiZ+b+GDLdTcE/PrBVBRkL/5RkmnVagbjBrdZhVjpC+dUo
eEkCChClGGpRyPJ+DYYRyX1Fk9Und8Xbd49Vv+/6RL76ys3gGQl8
-----END RSA PRIVATE KEY-----


Why can't I import the key using ImportCspBlob(...)? I have not found much info online regarding the exception but where is my code wrong? I am aware of BouncyCastle but I am trying to do this natively using .Net Core.










share|improve this question























  • Very simply, you can't import it because it is not a supported format.

    – James K Polk
    Nov 22 '18 at 16:34











  • But then what is the format supported? Not so clear here. docs.microsoft.com/en-us/dotnet/api/…

    – VasilisP
    Nov 22 '18 at 16:40











  • Not clear at all, is it? I believe the format is a Microsoft proprietary format that you'd get by calling ExportCspBlob. I'm not sure how to get from what you have, which is a PKCS#1 RSAPrivateKey object, into RSACryptoServiceProvider.

    – James K Polk
    Nov 22 '18 at 16:48













  • If you are referring to the XML format and I have it all working using it. However the PKCS#1 format is industry accepted. I do not understand why MS is not supporting it...

    – VasilisP
    Nov 22 '18 at 16:57






  • 1





    I think I read somewhere that one of these upcoming versions of .NET will support some of these more widely used formats, but I don't recall the details.

    – James K Polk
    Nov 22 '18 at 17:02


















0















I am trying to load the Private and Public keys from a PEM file using .Net Core.
My code looks like this:



var localPath = Path.GetDirectoryName(System.Reflection.Assembly.GetExecutingAssembly().Location);
var path = Path.Combine(localPath, this._configManager.JwtPem);
var rsaCryptoServiceProvider = new RSACryptoServiceProvider();

var linesList = File.ReadAllLines(path).ToList();
var line = string.Concat(linesList.GetRange(1, linesList.Count - 2));

rsaCryptoServiceProvider.ImportCspBlob(Convert.FromBase64String(line));


The exception I am getting is:



Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException : Bad Version of provider
at Internal.NativeCrypto.CapiHelper.ImportKeyBlob(SafeProvHandle saveProvHandle, CspProviderFlags flags, Boolean addNoSaltFlag, Byte keyBlob, SafeKeyHandle& safeKeyHandle)
at System.Security.Cryptography.RSACryptoServiceProvider.ImportCspBlob(Byte keyBlob)
at StepNexusCA.ServiceLayer.Authorization.TokenService.GenerateToken(List`1 claims)


The PEM file containing the PKCS1 format of my development Private/Public keys is here:



-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAwgs8kmIwk+4geRO7dGZjzYpgD2OiaUrnOOIk+ObXt/CcjhwX
lSst+jBmfMF1Wp/mF4aUQsePxN59MYV2BsqPLEkzVdq/fb/7V2wbZcooJAQKkJwT
emtYHrBN00KBBeu9uQZlFOw365ij4GrbP7mcr4tNFZ3TPnRFUUFqhvB6mEG1aZsb
lOn1lgL34tAycQHNxttXz/aGfPyTefQ+yISvSY2n8288OVlyfu6wKDONQYS+/stC
tCV+a+/dDUSUjaZsXM1+BMSflsINqIcCTCMvPa6fb5Z+USfPDcDNwzUyX20LBzH5
wFwPLIvuoqJeeczcaHaT+dS2ZZREj6kgUsdC+QIBAwKCAQEAgVzTDEF1t/QVpg0n
ou7tM7GVX5fBm4dE0JbDUJnlJUsTCWgPuMdz/CBEUyujkb/uulm4LIUKgz7+IQOk
BIcKHYYiOTx/qSqnj51nmTFwGAKxtb1iUZzlacrejNcArp0pJgRDY0glR7sX6vHn
f9ETH7IzY76M1E2Di4Dxr0r8ZX/3ozsrSXp+GMJLeN9sCjKSyxoE5Y71eDBTCX2N
tShJJjhqUDz61bhKlX9j5c3jWvTXx46dE8wjoJ/BW1XJo5J1gzHQ/OLYeOXIdxlj
jVSlEuU69UT588B7UEEK9N9xK5K/c0Yw5gd02RUv/o7qdpYQICeGtQMMaFkm75xy
nUOxwwKBgQD/orUvgNJfFKyvGY8XJTuek5q8IcFD8AFO3b7pNnPynw8llyEpACAv
Onf9aJSPZvtrabSqrpO8k8Ijyhe2Ino39GuRV8RURl46GmFN31RoYV1wHI4K7Emh
68cdKbCEBudog+kImImldBAfo+QmBtqhS+u4B5qQwwnFa8DriQoiYwKBgQDCUg0r
Jd/ZXDLXk/H5PHpTApmUVd7SWLLIDfkBAlRO8Sni4/Ka+KTTZDec5uoo0hoP6cCs
Z9+MZz4XOiwv9dCEI5czMawGmwsm23+fGM/PP/lW4yD8dz10KZggKjWElymDVl+n
zsc6ctwHAOfYwREi7E+R4rWTBgTEvH2I3deV8wKBgQCqbHjKVeGUuHMfZl9kw30U
YmcoFoDX9VY0k9SbeaKhv19uZMDGABV00aVTmw2071JHm83HHw0oYoFtMWUkFvwl
TZ0Lj9g4Lul8EZYz6jhFlj5KvbQHSDEWnS9oxnWtWe+bAptbEFvDorVqbULEBJHA
3UfQBRG111vY8oCdBgbBlwKBgQCBjAjHbpU7ksyPt/amKFGMrGZi4+nhkHcwCVCr
VuLfS3FB7UxnUG3iQs+970bF4Wa1RoBy7+pdmilk0XLKo+BYF7oiIR1ZvLIZ56pq
EIqKKqY57MCoT35NcRAVcXkDD3ECOZUaidom9z1aAJqQgLYXSDUL7HkMrq3YfakF
6Tpj9wKBgEPCSW7EMFjK2NzmB+4b+skxXcfCZ0ldNtwoUDijuAMFg8ueC3j2qFUX
bAXSApi3mQMow1/JwQxiZ+b+GDLdTcE/PrBVBRkL/5RkmnVagbjBrdZhVjpC+dUo
eEkCChClGGpRyPJ+DYYRyX1Fk9Und8Xbd49Vv+/6RL76ys3gGQl8
-----END RSA PRIVATE KEY-----


Why can't I import the key using ImportCspBlob(...)? I have not found much info online regarding the exception but where is my code wrong? I am aware of BouncyCastle but I am trying to do this natively using .Net Core.










share|improve this question























  • Very simply, you can't import it because it is not a supported format.

    – James K Polk
    Nov 22 '18 at 16:34











  • But then what is the format supported? Not so clear here. docs.microsoft.com/en-us/dotnet/api/…

    – VasilisP
    Nov 22 '18 at 16:40











  • Not clear at all, is it? I believe the format is a Microsoft proprietary format that you'd get by calling ExportCspBlob. I'm not sure how to get from what you have, which is a PKCS#1 RSAPrivateKey object, into RSACryptoServiceProvider.

    – James K Polk
    Nov 22 '18 at 16:48













  • If you are referring to the XML format and I have it all working using it. However the PKCS#1 format is industry accepted. I do not understand why MS is not supporting it...

    – VasilisP
    Nov 22 '18 at 16:57






  • 1





    I think I read somewhere that one of these upcoming versions of .NET will support some of these more widely used formats, but I don't recall the details.

    – James K Polk
    Nov 22 '18 at 17:02














0












0








0


1






I am trying to load the Private and Public keys from a PEM file using .Net Core.
My code looks like this:



var localPath = Path.GetDirectoryName(System.Reflection.Assembly.GetExecutingAssembly().Location);
var path = Path.Combine(localPath, this._configManager.JwtPem);
var rsaCryptoServiceProvider = new RSACryptoServiceProvider();

var linesList = File.ReadAllLines(path).ToList();
var line = string.Concat(linesList.GetRange(1, linesList.Count - 2));

rsaCryptoServiceProvider.ImportCspBlob(Convert.FromBase64String(line));


The exception I am getting is:



Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException : Bad Version of provider
at Internal.NativeCrypto.CapiHelper.ImportKeyBlob(SafeProvHandle saveProvHandle, CspProviderFlags flags, Boolean addNoSaltFlag, Byte keyBlob, SafeKeyHandle& safeKeyHandle)
at System.Security.Cryptography.RSACryptoServiceProvider.ImportCspBlob(Byte keyBlob)
at StepNexusCA.ServiceLayer.Authorization.TokenService.GenerateToken(List`1 claims)


The PEM file containing the PKCS1 format of my development Private/Public keys is here:



-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAwgs8kmIwk+4geRO7dGZjzYpgD2OiaUrnOOIk+ObXt/CcjhwX
lSst+jBmfMF1Wp/mF4aUQsePxN59MYV2BsqPLEkzVdq/fb/7V2wbZcooJAQKkJwT
emtYHrBN00KBBeu9uQZlFOw365ij4GrbP7mcr4tNFZ3TPnRFUUFqhvB6mEG1aZsb
lOn1lgL34tAycQHNxttXz/aGfPyTefQ+yISvSY2n8288OVlyfu6wKDONQYS+/stC
tCV+a+/dDUSUjaZsXM1+BMSflsINqIcCTCMvPa6fb5Z+USfPDcDNwzUyX20LBzH5
wFwPLIvuoqJeeczcaHaT+dS2ZZREj6kgUsdC+QIBAwKCAQEAgVzTDEF1t/QVpg0n
ou7tM7GVX5fBm4dE0JbDUJnlJUsTCWgPuMdz/CBEUyujkb/uulm4LIUKgz7+IQOk
BIcKHYYiOTx/qSqnj51nmTFwGAKxtb1iUZzlacrejNcArp0pJgRDY0glR7sX6vHn
f9ETH7IzY76M1E2Di4Dxr0r8ZX/3ozsrSXp+GMJLeN9sCjKSyxoE5Y71eDBTCX2N
tShJJjhqUDz61bhKlX9j5c3jWvTXx46dE8wjoJ/BW1XJo5J1gzHQ/OLYeOXIdxlj
jVSlEuU69UT588B7UEEK9N9xK5K/c0Yw5gd02RUv/o7qdpYQICeGtQMMaFkm75xy
nUOxwwKBgQD/orUvgNJfFKyvGY8XJTuek5q8IcFD8AFO3b7pNnPynw8llyEpACAv
Onf9aJSPZvtrabSqrpO8k8Ijyhe2Ino39GuRV8RURl46GmFN31RoYV1wHI4K7Emh
68cdKbCEBudog+kImImldBAfo+QmBtqhS+u4B5qQwwnFa8DriQoiYwKBgQDCUg0r
Jd/ZXDLXk/H5PHpTApmUVd7SWLLIDfkBAlRO8Sni4/Ka+KTTZDec5uoo0hoP6cCs
Z9+MZz4XOiwv9dCEI5czMawGmwsm23+fGM/PP/lW4yD8dz10KZggKjWElymDVl+n
zsc6ctwHAOfYwREi7E+R4rWTBgTEvH2I3deV8wKBgQCqbHjKVeGUuHMfZl9kw30U
YmcoFoDX9VY0k9SbeaKhv19uZMDGABV00aVTmw2071JHm83HHw0oYoFtMWUkFvwl
TZ0Lj9g4Lul8EZYz6jhFlj5KvbQHSDEWnS9oxnWtWe+bAptbEFvDorVqbULEBJHA
3UfQBRG111vY8oCdBgbBlwKBgQCBjAjHbpU7ksyPt/amKFGMrGZi4+nhkHcwCVCr
VuLfS3FB7UxnUG3iQs+970bF4Wa1RoBy7+pdmilk0XLKo+BYF7oiIR1ZvLIZ56pq
EIqKKqY57MCoT35NcRAVcXkDD3ECOZUaidom9z1aAJqQgLYXSDUL7HkMrq3YfakF
6Tpj9wKBgEPCSW7EMFjK2NzmB+4b+skxXcfCZ0ldNtwoUDijuAMFg8ueC3j2qFUX
bAXSApi3mQMow1/JwQxiZ+b+GDLdTcE/PrBVBRkL/5RkmnVagbjBrdZhVjpC+dUo
eEkCChClGGpRyPJ+DYYRyX1Fk9Und8Xbd49Vv+/6RL76ys3gGQl8
-----END RSA PRIVATE KEY-----


Why can't I import the key using ImportCspBlob(...)? I have not found much info online regarding the exception but where is my code wrong? I am aware of BouncyCastle but I am trying to do this natively using .Net Core.










share|improve this question














I am trying to load the Private and Public keys from a PEM file using .Net Core.
My code looks like this:



var localPath = Path.GetDirectoryName(System.Reflection.Assembly.GetExecutingAssembly().Location);
var path = Path.Combine(localPath, this._configManager.JwtPem);
var rsaCryptoServiceProvider = new RSACryptoServiceProvider();

var linesList = File.ReadAllLines(path).ToList();
var line = string.Concat(linesList.GetRange(1, linesList.Count - 2));

rsaCryptoServiceProvider.ImportCspBlob(Convert.FromBase64String(line));


The exception I am getting is:



Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException : Bad Version of provider
at Internal.NativeCrypto.CapiHelper.ImportKeyBlob(SafeProvHandle saveProvHandle, CspProviderFlags flags, Boolean addNoSaltFlag, Byte keyBlob, SafeKeyHandle& safeKeyHandle)
at System.Security.Cryptography.RSACryptoServiceProvider.ImportCspBlob(Byte keyBlob)
at StepNexusCA.ServiceLayer.Authorization.TokenService.GenerateToken(List`1 claims)


The PEM file containing the PKCS1 format of my development Private/Public keys is here:



-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAwgs8kmIwk+4geRO7dGZjzYpgD2OiaUrnOOIk+ObXt/CcjhwX
lSst+jBmfMF1Wp/mF4aUQsePxN59MYV2BsqPLEkzVdq/fb/7V2wbZcooJAQKkJwT
emtYHrBN00KBBeu9uQZlFOw365ij4GrbP7mcr4tNFZ3TPnRFUUFqhvB6mEG1aZsb
lOn1lgL34tAycQHNxttXz/aGfPyTefQ+yISvSY2n8288OVlyfu6wKDONQYS+/stC
tCV+a+/dDUSUjaZsXM1+BMSflsINqIcCTCMvPa6fb5Z+USfPDcDNwzUyX20LBzH5
wFwPLIvuoqJeeczcaHaT+dS2ZZREj6kgUsdC+QIBAwKCAQEAgVzTDEF1t/QVpg0n
ou7tM7GVX5fBm4dE0JbDUJnlJUsTCWgPuMdz/CBEUyujkb/uulm4LIUKgz7+IQOk
BIcKHYYiOTx/qSqnj51nmTFwGAKxtb1iUZzlacrejNcArp0pJgRDY0glR7sX6vHn
f9ETH7IzY76M1E2Di4Dxr0r8ZX/3ozsrSXp+GMJLeN9sCjKSyxoE5Y71eDBTCX2N
tShJJjhqUDz61bhKlX9j5c3jWvTXx46dE8wjoJ/BW1XJo5J1gzHQ/OLYeOXIdxlj
jVSlEuU69UT588B7UEEK9N9xK5K/c0Yw5gd02RUv/o7qdpYQICeGtQMMaFkm75xy
nUOxwwKBgQD/orUvgNJfFKyvGY8XJTuek5q8IcFD8AFO3b7pNnPynw8llyEpACAv
Onf9aJSPZvtrabSqrpO8k8Ijyhe2Ino39GuRV8RURl46GmFN31RoYV1wHI4K7Emh
68cdKbCEBudog+kImImldBAfo+QmBtqhS+u4B5qQwwnFa8DriQoiYwKBgQDCUg0r
Jd/ZXDLXk/H5PHpTApmUVd7SWLLIDfkBAlRO8Sni4/Ka+KTTZDec5uoo0hoP6cCs
Z9+MZz4XOiwv9dCEI5czMawGmwsm23+fGM/PP/lW4yD8dz10KZggKjWElymDVl+n
zsc6ctwHAOfYwREi7E+R4rWTBgTEvH2I3deV8wKBgQCqbHjKVeGUuHMfZl9kw30U
YmcoFoDX9VY0k9SbeaKhv19uZMDGABV00aVTmw2071JHm83HHw0oYoFtMWUkFvwl
TZ0Lj9g4Lul8EZYz6jhFlj5KvbQHSDEWnS9oxnWtWe+bAptbEFvDorVqbULEBJHA
3UfQBRG111vY8oCdBgbBlwKBgQCBjAjHbpU7ksyPt/amKFGMrGZi4+nhkHcwCVCr
VuLfS3FB7UxnUG3iQs+970bF4Wa1RoBy7+pdmilk0XLKo+BYF7oiIR1ZvLIZ56pq
EIqKKqY57MCoT35NcRAVcXkDD3ECOZUaidom9z1aAJqQgLYXSDUL7HkMrq3YfakF
6Tpj9wKBgEPCSW7EMFjK2NzmB+4b+skxXcfCZ0ldNtwoUDijuAMFg8ueC3j2qFUX
bAXSApi3mQMow1/JwQxiZ+b+GDLdTcE/PrBVBRkL/5RkmnVagbjBrdZhVjpC+dUo
eEkCChClGGpRyPJ+DYYRyX1Fk9Und8Xbd49Vv+/6RL76ys3gGQl8
-----END RSA PRIVATE KEY-----


Why can't I import the key using ImportCspBlob(...)? I have not found much info online regarding the exception but where is my code wrong? I am aware of BouncyCastle but I am trying to do this natively using .Net Core.







security .net-core openssl rsa pem






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Nov 22 '18 at 15:21









VasilisPVasilisP

527




527













  • Very simply, you can't import it because it is not a supported format.

    – James K Polk
    Nov 22 '18 at 16:34











  • But then what is the format supported? Not so clear here. docs.microsoft.com/en-us/dotnet/api/…

    – VasilisP
    Nov 22 '18 at 16:40











  • Not clear at all, is it? I believe the format is a Microsoft proprietary format that you'd get by calling ExportCspBlob. I'm not sure how to get from what you have, which is a PKCS#1 RSAPrivateKey object, into RSACryptoServiceProvider.

    – James K Polk
    Nov 22 '18 at 16:48













  • If you are referring to the XML format and I have it all working using it. However the PKCS#1 format is industry accepted. I do not understand why MS is not supporting it...

    – VasilisP
    Nov 22 '18 at 16:57






  • 1





    I think I read somewhere that one of these upcoming versions of .NET will support some of these more widely used formats, but I don't recall the details.

    – James K Polk
    Nov 22 '18 at 17:02



















  • Very simply, you can't import it because it is not a supported format.

    – James K Polk
    Nov 22 '18 at 16:34











  • But then what is the format supported? Not so clear here. docs.microsoft.com/en-us/dotnet/api/…

    – VasilisP
    Nov 22 '18 at 16:40











  • Not clear at all, is it? I believe the format is a Microsoft proprietary format that you'd get by calling ExportCspBlob. I'm not sure how to get from what you have, which is a PKCS#1 RSAPrivateKey object, into RSACryptoServiceProvider.

    – James K Polk
    Nov 22 '18 at 16:48













  • If you are referring to the XML format and I have it all working using it. However the PKCS#1 format is industry accepted. I do not understand why MS is not supporting it...

    – VasilisP
    Nov 22 '18 at 16:57






  • 1





    I think I read somewhere that one of these upcoming versions of .NET will support some of these more widely used formats, but I don't recall the details.

    – James K Polk
    Nov 22 '18 at 17:02

















Very simply, you can't import it because it is not a supported format.

– James K Polk
Nov 22 '18 at 16:34





Very simply, you can't import it because it is not a supported format.

– James K Polk
Nov 22 '18 at 16:34













But then what is the format supported? Not so clear here. docs.microsoft.com/en-us/dotnet/api/…

– VasilisP
Nov 22 '18 at 16:40





But then what is the format supported? Not so clear here. docs.microsoft.com/en-us/dotnet/api/…

– VasilisP
Nov 22 '18 at 16:40













Not clear at all, is it? I believe the format is a Microsoft proprietary format that you'd get by calling ExportCspBlob. I'm not sure how to get from what you have, which is a PKCS#1 RSAPrivateKey object, into RSACryptoServiceProvider.

– James K Polk
Nov 22 '18 at 16:48







Not clear at all, is it? I believe the format is a Microsoft proprietary format that you'd get by calling ExportCspBlob. I'm not sure how to get from what you have, which is a PKCS#1 RSAPrivateKey object, into RSACryptoServiceProvider.

– James K Polk
Nov 22 '18 at 16:48















If you are referring to the XML format and I have it all working using it. However the PKCS#1 format is industry accepted. I do not understand why MS is not supporting it...

– VasilisP
Nov 22 '18 at 16:57





If you are referring to the XML format and I have it all working using it. However the PKCS#1 format is industry accepted. I do not understand why MS is not supporting it...

– VasilisP
Nov 22 '18 at 16:57




1




1





I think I read somewhere that one of these upcoming versions of .NET will support some of these more widely used formats, but I don't recall the details.

– James K Polk
Nov 22 '18 at 17:02





I think I read somewhere that one of these upcoming versions of .NET will support some of these more widely used formats, but I don't recall the details.

– James K Polk
Nov 22 '18 at 17:02












3 Answers
3






active

oldest

votes


















2














The format for ImportCspBlob is the format from ExportCspBlob, which is the PRIVATEKEY blob format required by CryptImportKey. Since .NET just transparently passes that on to Windows CAPI, the ImportCspBlob method throws on non-Windows platforms.



Another answer that I've given in the past for importing private keys (including PKCS#1 RSAPrivateKey) is a bit of a meta-answer, which includes links to just get things working: Digital signature in c# without using BouncyCastle.



.NET Core 3.0's daily builds have the functionality built-in. Mostly. The PEM format is easy in practice, but somewhat annoying in the spec, so the methods leave it up to the caller to "un-PEM" the data... for the default formatting on a single-value payload with no attributes (like you have in your example) you can do it with daily builds via



private static RSA ReadKeyFromFile(string filename)
{
string pemContents = System.IO.File.ReadAllText(filename);
const string RsaPrivateKeyHeader = "-----BEGIN RSA PRIVATE KEY-----";
const string RsaPrivateKeyFooter = "-----END RSA PRIVATE KEY-----";

if (pemContents.StartsWith(RsaPrivateKeyHeader))
{
int endIdx = pemContents.IndexOf(
RsaPrivateKeyFooter,
RsaPrivateKeyHeader.Length,
StringComparison.Ordinal);

string base64 = pemContents.Substring(
RsaPrivateKeyHeader.Length,
endIdx - RsaPrivateKeyHeader.Length);

byte der = Convert.FromBase64String(base64);
RSA rsa = RSA.Create();
rsa.ImportRSAPrivateKey(der, out _);
return rsa;
}

// "BEGIN PRIVATE KEY" (ImportPkcs8PrivateKey),
// "BEGIN ENCRYPTED PRIVATE KEY" (ImportEncryptedPkcs8PrivateKey),
// "BEGIN PUBLIC KEY" (ImportSubjectPublicKeyInfo),
// "BEGIN RSA PUBLIC KEY" (ImportRSAPublicKey)
// could any/all be handled here.
throw new InvalidOperationException();
}


Daily builds of the .NET Core SDK can be obtained from https://github.com/dotnet/core-sdk/#installers-and-binaries






share|improve this answer
























  • Thanks for the answer. Are you suggesting this is not possible with .Net Core 2.1? Is that why I cannot resolve ImportRSAPrivateKey(...) or is that your own extension method?

    – VasilisP
    Nov 23 '18 at 15:57











  • The method is new in .NET Core 3.0; .NET Core 2.1 doesn’t have built in public API for it

    – bartonjs
    Nov 23 '18 at 17:16











  • Thank you. Obviously, that means I have to rely on a beta release to go to production. I expect once v3 is out, I will revisit this area. Thank you for your help.

    – VasilisP
    Nov 29 '18 at 16:56





















0














If you don't need to convert from PEM to DER in the code, you can use openssl to get the DER encoded private key file:



openssl rsa -in key.pem -out key.der -outform der






share|improve this answer


























  • I am trying to do this programmatically...

    – VasilisP
    Nov 23 '18 at 14:22



















0














The .Net Cryptographic API does not support the industry widely used PEM files so we need to convert it to the XML format, introduced by Microsoft. Basically, the solution was found in another similar question here C# Extract public key from RSA PEM private key.






share|improve this answer
























    Your Answer






    StackExchange.ifUsing("editor", function () {
    StackExchange.using("externalEditor", function () {
    StackExchange.using("snippets", function () {
    StackExchange.snippets.init();
    });
    });
    }, "code-snippets");

    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "1"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53434030%2fhow-to-import-pkcs1-keys-from-a-pem-file-containing-private-public-keys-in-ne%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    3 Answers
    3






    active

    oldest

    votes








    3 Answers
    3






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    2














    The format for ImportCspBlob is the format from ExportCspBlob, which is the PRIVATEKEY blob format required by CryptImportKey. Since .NET just transparently passes that on to Windows CAPI, the ImportCspBlob method throws on non-Windows platforms.



    Another answer that I've given in the past for importing private keys (including PKCS#1 RSAPrivateKey) is a bit of a meta-answer, which includes links to just get things working: Digital signature in c# without using BouncyCastle.



    .NET Core 3.0's daily builds have the functionality built-in. Mostly. The PEM format is easy in practice, but somewhat annoying in the spec, so the methods leave it up to the caller to "un-PEM" the data... for the default formatting on a single-value payload with no attributes (like you have in your example) you can do it with daily builds via



    private static RSA ReadKeyFromFile(string filename)
    {
    string pemContents = System.IO.File.ReadAllText(filename);
    const string RsaPrivateKeyHeader = "-----BEGIN RSA PRIVATE KEY-----";
    const string RsaPrivateKeyFooter = "-----END RSA PRIVATE KEY-----";

    if (pemContents.StartsWith(RsaPrivateKeyHeader))
    {
    int endIdx = pemContents.IndexOf(
    RsaPrivateKeyFooter,
    RsaPrivateKeyHeader.Length,
    StringComparison.Ordinal);

    string base64 = pemContents.Substring(
    RsaPrivateKeyHeader.Length,
    endIdx - RsaPrivateKeyHeader.Length);

    byte der = Convert.FromBase64String(base64);
    RSA rsa = RSA.Create();
    rsa.ImportRSAPrivateKey(der, out _);
    return rsa;
    }

    // "BEGIN PRIVATE KEY" (ImportPkcs8PrivateKey),
    // "BEGIN ENCRYPTED PRIVATE KEY" (ImportEncryptedPkcs8PrivateKey),
    // "BEGIN PUBLIC KEY" (ImportSubjectPublicKeyInfo),
    // "BEGIN RSA PUBLIC KEY" (ImportRSAPublicKey)
    // could any/all be handled here.
    throw new InvalidOperationException();
    }


    Daily builds of the .NET Core SDK can be obtained from https://github.com/dotnet/core-sdk/#installers-and-binaries






    share|improve this answer
























    • Thanks for the answer. Are you suggesting this is not possible with .Net Core 2.1? Is that why I cannot resolve ImportRSAPrivateKey(...) or is that your own extension method?

      – VasilisP
      Nov 23 '18 at 15:57











    • The method is new in .NET Core 3.0; .NET Core 2.1 doesn’t have built in public API for it

      – bartonjs
      Nov 23 '18 at 17:16











    • Thank you. Obviously, that means I have to rely on a beta release to go to production. I expect once v3 is out, I will revisit this area. Thank you for your help.

      – VasilisP
      Nov 29 '18 at 16:56


















    2














    The format for ImportCspBlob is the format from ExportCspBlob, which is the PRIVATEKEY blob format required by CryptImportKey. Since .NET just transparently passes that on to Windows CAPI, the ImportCspBlob method throws on non-Windows platforms.



    Another answer that I've given in the past for importing private keys (including PKCS#1 RSAPrivateKey) is a bit of a meta-answer, which includes links to just get things working: Digital signature in c# without using BouncyCastle.



    .NET Core 3.0's daily builds have the functionality built-in. Mostly. The PEM format is easy in practice, but somewhat annoying in the spec, so the methods leave it up to the caller to "un-PEM" the data... for the default formatting on a single-value payload with no attributes (like you have in your example) you can do it with daily builds via



    private static RSA ReadKeyFromFile(string filename)
    {
    string pemContents = System.IO.File.ReadAllText(filename);
    const string RsaPrivateKeyHeader = "-----BEGIN RSA PRIVATE KEY-----";
    const string RsaPrivateKeyFooter = "-----END RSA PRIVATE KEY-----";

    if (pemContents.StartsWith(RsaPrivateKeyHeader))
    {
    int endIdx = pemContents.IndexOf(
    RsaPrivateKeyFooter,
    RsaPrivateKeyHeader.Length,
    StringComparison.Ordinal);

    string base64 = pemContents.Substring(
    RsaPrivateKeyHeader.Length,
    endIdx - RsaPrivateKeyHeader.Length);

    byte der = Convert.FromBase64String(base64);
    RSA rsa = RSA.Create();
    rsa.ImportRSAPrivateKey(der, out _);
    return rsa;
    }

    // "BEGIN PRIVATE KEY" (ImportPkcs8PrivateKey),
    // "BEGIN ENCRYPTED PRIVATE KEY" (ImportEncryptedPkcs8PrivateKey),
    // "BEGIN PUBLIC KEY" (ImportSubjectPublicKeyInfo),
    // "BEGIN RSA PUBLIC KEY" (ImportRSAPublicKey)
    // could any/all be handled here.
    throw new InvalidOperationException();
    }


    Daily builds of the .NET Core SDK can be obtained from https://github.com/dotnet/core-sdk/#installers-and-binaries






    share|improve this answer
























    • Thanks for the answer. Are you suggesting this is not possible with .Net Core 2.1? Is that why I cannot resolve ImportRSAPrivateKey(...) or is that your own extension method?

      – VasilisP
      Nov 23 '18 at 15:57











    • The method is new in .NET Core 3.0; .NET Core 2.1 doesn’t have built in public API for it

      – bartonjs
      Nov 23 '18 at 17:16











    • Thank you. Obviously, that means I have to rely on a beta release to go to production. I expect once v3 is out, I will revisit this area. Thank you for your help.

      – VasilisP
      Nov 29 '18 at 16:56
















    2












    2








    2







    The format for ImportCspBlob is the format from ExportCspBlob, which is the PRIVATEKEY blob format required by CryptImportKey. Since .NET just transparently passes that on to Windows CAPI, the ImportCspBlob method throws on non-Windows platforms.



    Another answer that I've given in the past for importing private keys (including PKCS#1 RSAPrivateKey) is a bit of a meta-answer, which includes links to just get things working: Digital signature in c# without using BouncyCastle.



    .NET Core 3.0's daily builds have the functionality built-in. Mostly. The PEM format is easy in practice, but somewhat annoying in the spec, so the methods leave it up to the caller to "un-PEM" the data... for the default formatting on a single-value payload with no attributes (like you have in your example) you can do it with daily builds via



    private static RSA ReadKeyFromFile(string filename)
    {
    string pemContents = System.IO.File.ReadAllText(filename);
    const string RsaPrivateKeyHeader = "-----BEGIN RSA PRIVATE KEY-----";
    const string RsaPrivateKeyFooter = "-----END RSA PRIVATE KEY-----";

    if (pemContents.StartsWith(RsaPrivateKeyHeader))
    {
    int endIdx = pemContents.IndexOf(
    RsaPrivateKeyFooter,
    RsaPrivateKeyHeader.Length,
    StringComparison.Ordinal);

    string base64 = pemContents.Substring(
    RsaPrivateKeyHeader.Length,
    endIdx - RsaPrivateKeyHeader.Length);

    byte der = Convert.FromBase64String(base64);
    RSA rsa = RSA.Create();
    rsa.ImportRSAPrivateKey(der, out _);
    return rsa;
    }

    // "BEGIN PRIVATE KEY" (ImportPkcs8PrivateKey),
    // "BEGIN ENCRYPTED PRIVATE KEY" (ImportEncryptedPkcs8PrivateKey),
    // "BEGIN PUBLIC KEY" (ImportSubjectPublicKeyInfo),
    // "BEGIN RSA PUBLIC KEY" (ImportRSAPublicKey)
    // could any/all be handled here.
    throw new InvalidOperationException();
    }


    Daily builds of the .NET Core SDK can be obtained from https://github.com/dotnet/core-sdk/#installers-and-binaries






    share|improve this answer













    The format for ImportCspBlob is the format from ExportCspBlob, which is the PRIVATEKEY blob format required by CryptImportKey. Since .NET just transparently passes that on to Windows CAPI, the ImportCspBlob method throws on non-Windows platforms.



    Another answer that I've given in the past for importing private keys (including PKCS#1 RSAPrivateKey) is a bit of a meta-answer, which includes links to just get things working: Digital signature in c# without using BouncyCastle.



    .NET Core 3.0's daily builds have the functionality built-in. Mostly. The PEM format is easy in practice, but somewhat annoying in the spec, so the methods leave it up to the caller to "un-PEM" the data... for the default formatting on a single-value payload with no attributes (like you have in your example) you can do it with daily builds via



    private static RSA ReadKeyFromFile(string filename)
    {
    string pemContents = System.IO.File.ReadAllText(filename);
    const string RsaPrivateKeyHeader = "-----BEGIN RSA PRIVATE KEY-----";
    const string RsaPrivateKeyFooter = "-----END RSA PRIVATE KEY-----";

    if (pemContents.StartsWith(RsaPrivateKeyHeader))
    {
    int endIdx = pemContents.IndexOf(
    RsaPrivateKeyFooter,
    RsaPrivateKeyHeader.Length,
    StringComparison.Ordinal);

    string base64 = pemContents.Substring(
    RsaPrivateKeyHeader.Length,
    endIdx - RsaPrivateKeyHeader.Length);

    byte der = Convert.FromBase64String(base64);
    RSA rsa = RSA.Create();
    rsa.ImportRSAPrivateKey(der, out _);
    return rsa;
    }

    // "BEGIN PRIVATE KEY" (ImportPkcs8PrivateKey),
    // "BEGIN ENCRYPTED PRIVATE KEY" (ImportEncryptedPkcs8PrivateKey),
    // "BEGIN PUBLIC KEY" (ImportSubjectPublicKeyInfo),
    // "BEGIN RSA PUBLIC KEY" (ImportRSAPublicKey)
    // could any/all be handled here.
    throw new InvalidOperationException();
    }


    Daily builds of the .NET Core SDK can be obtained from https://github.com/dotnet/core-sdk/#installers-and-binaries







    share|improve this answer












    share|improve this answer



    share|improve this answer










    answered Nov 23 '18 at 0:18









    bartonjsbartonjs

    14.3k12760




    14.3k12760













    • Thanks for the answer. Are you suggesting this is not possible with .Net Core 2.1? Is that why I cannot resolve ImportRSAPrivateKey(...) or is that your own extension method?

      – VasilisP
      Nov 23 '18 at 15:57











    • The method is new in .NET Core 3.0; .NET Core 2.1 doesn’t have built in public API for it

      – bartonjs
      Nov 23 '18 at 17:16











    • Thank you. Obviously, that means I have to rely on a beta release to go to production. I expect once v3 is out, I will revisit this area. Thank you for your help.

      – VasilisP
      Nov 29 '18 at 16:56





















    • Thanks for the answer. Are you suggesting this is not possible with .Net Core 2.1? Is that why I cannot resolve ImportRSAPrivateKey(...) or is that your own extension method?

      – VasilisP
      Nov 23 '18 at 15:57











    • The method is new in .NET Core 3.0; .NET Core 2.1 doesn’t have built in public API for it

      – bartonjs
      Nov 23 '18 at 17:16











    • Thank you. Obviously, that means I have to rely on a beta release to go to production. I expect once v3 is out, I will revisit this area. Thank you for your help.

      – VasilisP
      Nov 29 '18 at 16:56



















    Thanks for the answer. Are you suggesting this is not possible with .Net Core 2.1? Is that why I cannot resolve ImportRSAPrivateKey(...) or is that your own extension method?

    – VasilisP
    Nov 23 '18 at 15:57





    Thanks for the answer. Are you suggesting this is not possible with .Net Core 2.1? Is that why I cannot resolve ImportRSAPrivateKey(...) or is that your own extension method?

    – VasilisP
    Nov 23 '18 at 15:57













    The method is new in .NET Core 3.0; .NET Core 2.1 doesn’t have built in public API for it

    – bartonjs
    Nov 23 '18 at 17:16





    The method is new in .NET Core 3.0; .NET Core 2.1 doesn’t have built in public API for it

    – bartonjs
    Nov 23 '18 at 17:16













    Thank you. Obviously, that means I have to rely on a beta release to go to production. I expect once v3 is out, I will revisit this area. Thank you for your help.

    – VasilisP
    Nov 29 '18 at 16:56







    Thank you. Obviously, that means I have to rely on a beta release to go to production. I expect once v3 is out, I will revisit this area. Thank you for your help.

    – VasilisP
    Nov 29 '18 at 16:56















    0














    If you don't need to convert from PEM to DER in the code, you can use openssl to get the DER encoded private key file:



    openssl rsa -in key.pem -out key.der -outform der






    share|improve this answer


























    • I am trying to do this programmatically...

      – VasilisP
      Nov 23 '18 at 14:22
















    0














    If you don't need to convert from PEM to DER in the code, you can use openssl to get the DER encoded private key file:



    openssl rsa -in key.pem -out key.der -outform der






    share|improve this answer


























    • I am trying to do this programmatically...

      – VasilisP
      Nov 23 '18 at 14:22














    0












    0








    0







    If you don't need to convert from PEM to DER in the code, you can use openssl to get the DER encoded private key file:



    openssl rsa -in key.pem -out key.der -outform der






    share|improve this answer















    If you don't need to convert from PEM to DER in the code, you can use openssl to get the DER encoded private key file:



    openssl rsa -in key.pem -out key.der -outform der







    share|improve this answer














    share|improve this answer



    share|improve this answer








    edited Nov 23 '18 at 1:25

























    answered Nov 23 '18 at 1:19









    Lucas MartinsLucas Martins

    586




    586













    • I am trying to do this programmatically...

      – VasilisP
      Nov 23 '18 at 14:22



















    • I am trying to do this programmatically...

      – VasilisP
      Nov 23 '18 at 14:22

















    I am trying to do this programmatically...

    – VasilisP
    Nov 23 '18 at 14:22





    I am trying to do this programmatically...

    – VasilisP
    Nov 23 '18 at 14:22











    0














    The .Net Cryptographic API does not support the industry widely used PEM files so we need to convert it to the XML format, introduced by Microsoft. Basically, the solution was found in another similar question here C# Extract public key from RSA PEM private key.






    share|improve this answer




























      0














      The .Net Cryptographic API does not support the industry widely used PEM files so we need to convert it to the XML format, introduced by Microsoft. Basically, the solution was found in another similar question here C# Extract public key from RSA PEM private key.






      share|improve this answer


























        0












        0








        0







        The .Net Cryptographic API does not support the industry widely used PEM files so we need to convert it to the XML format, introduced by Microsoft. Basically, the solution was found in another similar question here C# Extract public key from RSA PEM private key.






        share|improve this answer













        The .Net Cryptographic API does not support the industry widely used PEM files so we need to convert it to the XML format, introduced by Microsoft. Basically, the solution was found in another similar question here C# Extract public key from RSA PEM private key.







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Nov 29 '18 at 14:48









        VasilisPVasilisP

        527




        527






























            draft saved

            draft discarded




















































            Thanks for contributing an answer to Stack Overflow!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53434030%2fhow-to-import-pkcs1-keys-from-a-pem-file-containing-private-public-keys-in-ne%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            Popular posts from this blog

            mysqli_query(): Empty query in /home/lucindabrummitt/public_html/blog/wp-includes/wp-db.php on line 1924

            How to change which sound is reproduced for terminal bell?

            Can I use Tabulator js library in my java Spring + Thymeleaf project?