C# Export Private/Public RSA key from RSACryptoServiceProvider to PEM string

by

Please note: The code below is for exporting a private key. If you are looking to export the public key, please refer to my answer given here.

The PEM format is simply the ASN.1 DER encoding of the key (per PKCS#1) converted to Base64. Given the limited number of fields needed to represent the key, it’s pretty straightforward to create quick-and-dirty DER encoder to output the appropriate format then Base64 encode it. As such, the code that follows is not particularly elegant, but does the job:

private static void ExportPrivateKey(RSACryptoServiceProvider csp, TextWriter outputStream)
{
    if (csp.PublicOnly) throw new ArgumentException("CSP does not contain a private key", "csp");
    var parameters = csp.ExportParameters(true);
    using (var stream = new MemoryStream())
    {
        var writer = new BinaryWriter(stream);
        writer.Write((byte)0x30); // SEQUENCE
        using (var innerStream = new MemoryStream())
        {
            var innerWriter = new BinaryWriter(innerStream);
            EncodeIntegerBigEndian(innerWriter, new byte[] { 0x00 }); // Version
            EncodeIntegerBigEndian(innerWriter, parameters.Modulus);
            EncodeIntegerBigEndian(innerWriter, parameters.Exponent);
            EncodeIntegerBigEndian(innerWriter, parameters.D);
            EncodeIntegerBigEndian(innerWriter, parameters.P);
            EncodeIntegerBigEndian(innerWriter, parameters.Q);
            EncodeIntegerBigEndian(innerWriter, parameters.DP);
            EncodeIntegerBigEndian(innerWriter, parameters.DQ);
            EncodeIntegerBigEndian(innerWriter, parameters.InverseQ);
            var length = (int)innerStream.Length;
            EncodeLength(writer, length);
            writer.Write(innerStream.GetBuffer(), 0, length);
        }

        var base64 = Convert.ToBase64String(stream.GetBuffer(), 0, (int)stream.Length).ToCharArray();
        outputStream.WriteLine("-----BEGIN RSA PRIVATE KEY-----");
        // Output as Base64 with lines chopped at 64 characters
        for (var i = 0; i < base64.Length; i += 64)
        {
            outputStream.WriteLine(base64, i, Math.Min(64, base64.Length - i));
        }
        outputStream.WriteLine("-----END RSA PRIVATE KEY-----");
    }
}

private static void EncodeLength(BinaryWriter stream, int length)
{
    if (length < 0) throw new ArgumentOutOfRangeException("length", "Length must be non-negative");
    if (length < 0x80)
    {
        // Short form
        stream.Write((byte)length);
    }
    else
    {
        // Long form
        var temp = length;
        var bytesRequired = 0;
        while (temp > 0)
        {
            temp >>= 8;
            bytesRequired++;
        }
        stream.Write((byte)(bytesRequired | 0x80));
        for (var i = bytesRequired - 1; i >= 0; i--)
        {
            stream.Write((byte)(length >> (8 * i) & 0xff));
        }
    }
}

private static void EncodeIntegerBigEndian(BinaryWriter stream, byte[] value, bool forceUnsigned = true)
{
    stream.Write((byte)0x02); // INTEGER
    var prefixZeros = 0;
    for (var i = 0; i < value.Length; i++)
    {
        if (value[i] != 0) break;
        prefixZeros++;
    }
    if (value.Length - prefixZeros == 0)
    {
        EncodeLength(stream, 1);
        stream.Write((byte)0);
    }
    else
    {
        if (forceUnsigned && value[prefixZeros] > 0x7f)
        {
            // Add a prefix zero to force unsigned if the MSB is 1
            EncodeLength(stream, value.Length - prefixZeros + 1);
            stream.Write((byte)0);
        }
        else
        {
            EncodeLength(stream, value.Length - prefixZeros);
        }
        for (var i = prefixZeros; i < value.Length; i++)
        {
            stream.Write(value[i]);
        }
    }
}

More Related Contents:

  1. How to read a PEM RSA private key from .NET
  2. C# RSA encryption/decryption with transmission
  3. C# RSA Public Key Output Not Correct
  4. Correctly create RSACryptoServiceProvider from public key
  5. How to store/retrieve RSA public/private key
  6. how to use RSA to encrypt files (huge data) in C#
  7. Encrypting/Decrypting large files (.NET)
  8. How to Generate Unique Public and Private Key via RSA
  9. Calculate primes p and q from private exponent (d), public exponent (e) and the modulus (n)
  10. CryptographicException “Key not valid for use in specified state.” while trying to export RSAParameters of a X509 private key
  11. Encrypt and decrypt a string in C#? [closed]
  12. Using AES encryption in C#
  13. Padding is invalid and cannot be removed?
  14. Generate and Sign Certificate Request using pure .net Framework
  15. How to load the RSA public key from file in C#
  16. Verifying JWT signed with the RS256 algorithm using public key in C#
  17. Why use the C# class System.Random at all instead of System.Security.Cryptography.RandomNumberGenerator?
  18. How can I generate a cryptographically secure pseudorandom number in C#?
  19. Encrypt cookies in ASP.NET
  20. How to validate signature of JWT from jwks without x5c
  21. RSA Encryption, getting bad length
  22. Calculating HMACSHA256 using c# to match payment provider example
  23. ‘Malformed Reference Element’ when adding a reference based on an Id attribute with SignedXml class
  24. Compare password hashes between C# and ColdFusion (CFMX_COMPAT)
  25. Error occurred while decoding OAEP padding
  26. find certificate on smartcard currently on reader
  27. Load an PEM encoded X.509 certificate into Windows CryptoAPI
  28. SHA1 hashing in SQLite: how?
  29. Import a Public key from somewhere else to CngKey?
  30. Export private/public keys from X509 certificate to PEM

Leave a Comment