Short answer: You can starting in .NET Framework 4.7.2. This functionality was originally added to .NET Core 2.0 in the form of the CertificateRequest class, which can build a PKCS#10 certification signing request or an X.509 (self-signed or chained) public key certificate. The classes for that feature were made available in .NET Framework 4.7.2. using … Read more
Here’s some code for the new non-deprecated BouncyCastle API. You’ll need both bcmail and bcprov distributions. X509Certificate cert = …; X500Name x500name = new JcaX509CertificateHolder(cert).getSubject(); RDN cn = x500name.getRDNs(BCStyle.CN)[0]; return IETFUtils.valueToString(cn.getFirst().getValue());
You can do this conversion with the OpenSSL library. Windows binaries can be found here. Once you have the library installed, the command you need to issue is: openssl x509 -in mycert.crt -out mycert.pem -outform PEM
I wanted to help explain what’s going on here. An RSA “Public Key” consists of two numbers: the modulus (e.g. a 2,048 bit number) the exponent (usually 65,537) Using your RSA public key as an example, the two numbers are: Modulus: 297,056,429,939,040,947,991,047,334,197,581,225,628,107,021,573,849,359,042,679,698,093,131,908,015,712,695,688,944,173,317,630,555,849,768,647,118,986,535,684,992,447,654,339,728,777,985,990,170,679,511,111,819,558,063,246,667,855,023,730,127,805,401,069,042,322,764,200,545,883,378,826,983,730,553,730,138,478,384,327,116,513,143,842,816,383,440,639,376,515,039,682,874,046,227,217,032,079,079,790,098,143,158,087,443,017,552,531,393,264,852,461,292,775,129,262,080,851,633,535,934,010,704,122,673,027,067,442,627,059,982,393,297,716,922,243,940,155,855,127,430,302,323,883,824,137,412,883,916,794,359,982,603,439,112,095,116,831,297,809,626,059,569,444,750,808,699,678,211,904,501,083,183,234,323,797,142,810,155,862,553,705,570,600,021,649,944,369,726,123,996,534,870,137,000,784,980,673,984,909,570,977,377,882,585,701 Exponent: 65,537 The question then becomes how do we want to store these … Read more
Try this class. package groovy; import java.io.BufferedReader; import java.io.FileReader; import java.io.IOException; import java.io.UnsupportedEncodingException; import java.security.GeneralSecurityException; import java.security.InvalidKeyException; import java.security.KeyFactory; import java.security.NoSuchAlgorithmException; import java.security.PrivateKey; import java.security.PublicKey; import java.security.Signature; import java.security.SignatureException; import java.security.interfaces.RSAPrivateKey; import java.security.interfaces.RSAPublicKey; import java.security.spec.PKCS8EncodedKeySpec; import java.security.spec.X509EncodedKeySpec; import javax.crypto.Cipher; import org.apache.commons.codec.binary.Base64; public class RSA { private static String getKey(String filename) throws IOException { // Read … Read more
Can someone help me with the exact syntax? It’s a three-step process, and it involves modifying the openssl.cnf file. You might be able to do it with only command line options, but I don’t do it that way. Find your openssl.cnf file. It is likely located in /usr/lib/ssl/openssl.cnf: $ find /usr/lib -name openssl.cnf /usr/lib/openssl.cnf /usr/lib/openssh/openssl.cnf … Read more
This is PKCS#1 format of a private key. Try this code. It doesn’t use Bouncy Castle or other third-party crypto providers. Just java.security and sun.security for DER sequece parsing. Also it supports parsing of a private key in PKCS#8 format (PEM file that has a header “—–BEGIN PRIVATE KEY—–“). import sun.security.util.DerInputStream; import sun.security.util.DerValue; import java.io.File; … Read more