How to import PKCS1 keys from a PEM file containing Private / Public keys in .Net Core











up vote
0
down vote

favorite
1












I am trying to load the Private and Public keys from a PEM file using .Net Core.
My code looks like this:



var localPath = Path.GetDirectoryName(System.Reflection.Assembly.GetExecutingAssembly().Location);
var path = Path.Combine(localPath, this._configManager.JwtPem);
var rsaCryptoServiceProvider = new RSACryptoServiceProvider();

var linesList = File.ReadAllLines(path).ToList();
var line = string.Concat(linesList.GetRange(1, linesList.Count - 2));

rsaCryptoServiceProvider.ImportCspBlob(Convert.FromBase64String(line));


The exception I am getting is:



Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException : Bad Version of provider
at Internal.NativeCrypto.CapiHelper.ImportKeyBlob(SafeProvHandle saveProvHandle, CspProviderFlags flags, Boolean addNoSaltFlag, Byte keyBlob, SafeKeyHandle& safeKeyHandle)
at System.Security.Cryptography.RSACryptoServiceProvider.ImportCspBlob(Byte keyBlob)
at StepNexusCA.ServiceLayer.Authorization.TokenService.GenerateToken(List`1 claims)


The PEM file containing the PKCS1 format of my development Private/Public keys is here:



-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAwgs8kmIwk+4geRO7dGZjzYpgD2OiaUrnOOIk+ObXt/CcjhwX
lSst+jBmfMF1Wp/mF4aUQsePxN59MYV2BsqPLEkzVdq/fb/7V2wbZcooJAQKkJwT
emtYHrBN00KBBeu9uQZlFOw365ij4GrbP7mcr4tNFZ3TPnRFUUFqhvB6mEG1aZsb
lOn1lgL34tAycQHNxttXz/aGfPyTefQ+yISvSY2n8288OVlyfu6wKDONQYS+/stC
tCV+a+/dDUSUjaZsXM1+BMSflsINqIcCTCMvPa6fb5Z+USfPDcDNwzUyX20LBzH5
wFwPLIvuoqJeeczcaHaT+dS2ZZREj6kgUsdC+QIBAwKCAQEAgVzTDEF1t/QVpg0n
ou7tM7GVX5fBm4dE0JbDUJnlJUsTCWgPuMdz/CBEUyujkb/uulm4LIUKgz7+IQOk
BIcKHYYiOTx/qSqnj51nmTFwGAKxtb1iUZzlacrejNcArp0pJgRDY0glR7sX6vHn
f9ETH7IzY76M1E2Di4Dxr0r8ZX/3ozsrSXp+GMJLeN9sCjKSyxoE5Y71eDBTCX2N
tShJJjhqUDz61bhKlX9j5c3jWvTXx46dE8wjoJ/BW1XJo5J1gzHQ/OLYeOXIdxlj
jVSlEuU69UT588B7UEEK9N9xK5K/c0Yw5gd02RUv/o7qdpYQICeGtQMMaFkm75xy
nUOxwwKBgQD/orUvgNJfFKyvGY8XJTuek5q8IcFD8AFO3b7pNnPynw8llyEpACAv
Onf9aJSPZvtrabSqrpO8k8Ijyhe2Ino39GuRV8RURl46GmFN31RoYV1wHI4K7Emh
68cdKbCEBudog+kImImldBAfo+QmBtqhS+u4B5qQwwnFa8DriQoiYwKBgQDCUg0r
Jd/ZXDLXk/H5PHpTApmUVd7SWLLIDfkBAlRO8Sni4/Ka+KTTZDec5uoo0hoP6cCs
Z9+MZz4XOiwv9dCEI5czMawGmwsm23+fGM/PP/lW4yD8dz10KZggKjWElymDVl+n
zsc6ctwHAOfYwREi7E+R4rWTBgTEvH2I3deV8wKBgQCqbHjKVeGUuHMfZl9kw30U
YmcoFoDX9VY0k9SbeaKhv19uZMDGABV00aVTmw2071JHm83HHw0oYoFtMWUkFvwl
TZ0Lj9g4Lul8EZYz6jhFlj5KvbQHSDEWnS9oxnWtWe+bAptbEFvDorVqbULEBJHA
3UfQBRG111vY8oCdBgbBlwKBgQCBjAjHbpU7ksyPt/amKFGMrGZi4+nhkHcwCVCr
VuLfS3FB7UxnUG3iQs+970bF4Wa1RoBy7+pdmilk0XLKo+BYF7oiIR1ZvLIZ56pq
EIqKKqY57MCoT35NcRAVcXkDD3ECOZUaidom9z1aAJqQgLYXSDUL7HkMrq3YfakF
6Tpj9wKBgEPCSW7EMFjK2NzmB+4b+skxXcfCZ0ldNtwoUDijuAMFg8ueC3j2qFUX
bAXSApi3mQMow1/JwQxiZ+b+GDLdTcE/PrBVBRkL/5RkmnVagbjBrdZhVjpC+dUo
eEkCChClGGpRyPJ+DYYRyX1Fk9Und8Xbd49Vv+/6RL76ys3gGQl8
-----END RSA PRIVATE KEY-----


Why can't I import the key using ImportCspBlob(...)? I have not found much info online regarding the exception but where is my code wrong? I am aware of BouncyCastle but I am trying to do this natively using .Net Core.










share|improve this question






















  • Very simply, you can't import it because it is not a supported format.
    – James K Polk
    Nov 22 at 16:34










  • But then what is the format supported? Not so clear here. docs.microsoft.com/en-us/dotnet/api/…
    – VasilisP
    Nov 22 at 16:40










  • Not clear at all, is it? I believe the format is a Microsoft proprietary format that you'd get by calling ExportCspBlob. I'm not sure how to get from what you have, which is a PKCS#1 RSAPrivateKey object, into RSACryptoServiceProvider.
    – James K Polk
    Nov 22 at 16:48












  • If you are referring to the XML format and I have it all working using it. However the PKCS#1 format is industry accepted. I do not understand why MS is not supporting it...
    – VasilisP
    Nov 22 at 16:57






  • 1




    I think I read somewhere that one of these upcoming versions of .NET will support some of these more widely used formats, but I don't recall the details.
    – James K Polk
    Nov 22 at 17:02















up vote
0
down vote

favorite
1












I am trying to load the Private and Public keys from a PEM file using .Net Core.
My code looks like this:



var localPath = Path.GetDirectoryName(System.Reflection.Assembly.GetExecutingAssembly().Location);
var path = Path.Combine(localPath, this._configManager.JwtPem);
var rsaCryptoServiceProvider = new RSACryptoServiceProvider();

var linesList = File.ReadAllLines(path).ToList();
var line = string.Concat(linesList.GetRange(1, linesList.Count - 2));

rsaCryptoServiceProvider.ImportCspBlob(Convert.FromBase64String(line));


The exception I am getting is:



Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException : Bad Version of provider
at Internal.NativeCrypto.CapiHelper.ImportKeyBlob(SafeProvHandle saveProvHandle, CspProviderFlags flags, Boolean addNoSaltFlag, Byte keyBlob, SafeKeyHandle& safeKeyHandle)
at System.Security.Cryptography.RSACryptoServiceProvider.ImportCspBlob(Byte keyBlob)
at StepNexusCA.ServiceLayer.Authorization.TokenService.GenerateToken(List`1 claims)


The PEM file containing the PKCS1 format of my development Private/Public keys is here:



-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAwgs8kmIwk+4geRO7dGZjzYpgD2OiaUrnOOIk+ObXt/CcjhwX
lSst+jBmfMF1Wp/mF4aUQsePxN59MYV2BsqPLEkzVdq/fb/7V2wbZcooJAQKkJwT
emtYHrBN00KBBeu9uQZlFOw365ij4GrbP7mcr4tNFZ3TPnRFUUFqhvB6mEG1aZsb
lOn1lgL34tAycQHNxttXz/aGfPyTefQ+yISvSY2n8288OVlyfu6wKDONQYS+/stC
tCV+a+/dDUSUjaZsXM1+BMSflsINqIcCTCMvPa6fb5Z+USfPDcDNwzUyX20LBzH5
wFwPLIvuoqJeeczcaHaT+dS2ZZREj6kgUsdC+QIBAwKCAQEAgVzTDEF1t/QVpg0n
ou7tM7GVX5fBm4dE0JbDUJnlJUsTCWgPuMdz/CBEUyujkb/uulm4LIUKgz7+IQOk
BIcKHYYiOTx/qSqnj51nmTFwGAKxtb1iUZzlacrejNcArp0pJgRDY0glR7sX6vHn
f9ETH7IzY76M1E2Di4Dxr0r8ZX/3ozsrSXp+GMJLeN9sCjKSyxoE5Y71eDBTCX2N
tShJJjhqUDz61bhKlX9j5c3jWvTXx46dE8wjoJ/BW1XJo5J1gzHQ/OLYeOXIdxlj
jVSlEuU69UT588B7UEEK9N9xK5K/c0Yw5gd02RUv/o7qdpYQICeGtQMMaFkm75xy
nUOxwwKBgQD/orUvgNJfFKyvGY8XJTuek5q8IcFD8AFO3b7pNnPynw8llyEpACAv
Onf9aJSPZvtrabSqrpO8k8Ijyhe2Ino39GuRV8RURl46GmFN31RoYV1wHI4K7Emh
68cdKbCEBudog+kImImldBAfo+QmBtqhS+u4B5qQwwnFa8DriQoiYwKBgQDCUg0r
Jd/ZXDLXk/H5PHpTApmUVd7SWLLIDfkBAlRO8Sni4/Ka+KTTZDec5uoo0hoP6cCs
Z9+MZz4XOiwv9dCEI5czMawGmwsm23+fGM/PP/lW4yD8dz10KZggKjWElymDVl+n
zsc6ctwHAOfYwREi7E+R4rWTBgTEvH2I3deV8wKBgQCqbHjKVeGUuHMfZl9kw30U
YmcoFoDX9VY0k9SbeaKhv19uZMDGABV00aVTmw2071JHm83HHw0oYoFtMWUkFvwl
TZ0Lj9g4Lul8EZYz6jhFlj5KvbQHSDEWnS9oxnWtWe+bAptbEFvDorVqbULEBJHA
3UfQBRG111vY8oCdBgbBlwKBgQCBjAjHbpU7ksyPt/amKFGMrGZi4+nhkHcwCVCr
VuLfS3FB7UxnUG3iQs+970bF4Wa1RoBy7+pdmilk0XLKo+BYF7oiIR1ZvLIZ56pq
EIqKKqY57MCoT35NcRAVcXkDD3ECOZUaidom9z1aAJqQgLYXSDUL7HkMrq3YfakF
6Tpj9wKBgEPCSW7EMFjK2NzmB+4b+skxXcfCZ0ldNtwoUDijuAMFg8ueC3j2qFUX
bAXSApi3mQMow1/JwQxiZ+b+GDLdTcE/PrBVBRkL/5RkmnVagbjBrdZhVjpC+dUo
eEkCChClGGpRyPJ+DYYRyX1Fk9Und8Xbd49Vv+/6RL76ys3gGQl8
-----END RSA PRIVATE KEY-----


Why can't I import the key using ImportCspBlob(...)? I have not found much info online regarding the exception but where is my code wrong? I am aware of BouncyCastle but I am trying to do this natively using .Net Core.










share|improve this question






















  • Very simply, you can't import it because it is not a supported format.
    – James K Polk
    Nov 22 at 16:34










  • But then what is the format supported? Not so clear here. docs.microsoft.com/en-us/dotnet/api/…
    – VasilisP
    Nov 22 at 16:40










  • Not clear at all, is it? I believe the format is a Microsoft proprietary format that you'd get by calling ExportCspBlob. I'm not sure how to get from what you have, which is a PKCS#1 RSAPrivateKey object, into RSACryptoServiceProvider.
    – James K Polk
    Nov 22 at 16:48












  • If you are referring to the XML format and I have it all working using it. However the PKCS#1 format is industry accepted. I do not understand why MS is not supporting it...
    – VasilisP
    Nov 22 at 16:57






  • 1




    I think I read somewhere that one of these upcoming versions of .NET will support some of these more widely used formats, but I don't recall the details.
    – James K Polk
    Nov 22 at 17:02













up vote
0
down vote

favorite
1









up vote
0
down vote

favorite
1






1





I am trying to load the Private and Public keys from a PEM file using .Net Core.
My code looks like this:



var localPath = Path.GetDirectoryName(System.Reflection.Assembly.GetExecutingAssembly().Location);
var path = Path.Combine(localPath, this._configManager.JwtPem);
var rsaCryptoServiceProvider = new RSACryptoServiceProvider();

var linesList = File.ReadAllLines(path).ToList();
var line = string.Concat(linesList.GetRange(1, linesList.Count - 2));

rsaCryptoServiceProvider.ImportCspBlob(Convert.FromBase64String(line));


The exception I am getting is:



Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException : Bad Version of provider
at Internal.NativeCrypto.CapiHelper.ImportKeyBlob(SafeProvHandle saveProvHandle, CspProviderFlags flags, Boolean addNoSaltFlag, Byte keyBlob, SafeKeyHandle& safeKeyHandle)
at System.Security.Cryptography.RSACryptoServiceProvider.ImportCspBlob(Byte keyBlob)
at StepNexusCA.ServiceLayer.Authorization.TokenService.GenerateToken(List`1 claims)


The PEM file containing the PKCS1 format of my development Private/Public keys is here:



-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAwgs8kmIwk+4geRO7dGZjzYpgD2OiaUrnOOIk+ObXt/CcjhwX
lSst+jBmfMF1Wp/mF4aUQsePxN59MYV2BsqPLEkzVdq/fb/7V2wbZcooJAQKkJwT
emtYHrBN00KBBeu9uQZlFOw365ij4GrbP7mcr4tNFZ3TPnRFUUFqhvB6mEG1aZsb
lOn1lgL34tAycQHNxttXz/aGfPyTefQ+yISvSY2n8288OVlyfu6wKDONQYS+/stC
tCV+a+/dDUSUjaZsXM1+BMSflsINqIcCTCMvPa6fb5Z+USfPDcDNwzUyX20LBzH5
wFwPLIvuoqJeeczcaHaT+dS2ZZREj6kgUsdC+QIBAwKCAQEAgVzTDEF1t/QVpg0n
ou7tM7GVX5fBm4dE0JbDUJnlJUsTCWgPuMdz/CBEUyujkb/uulm4LIUKgz7+IQOk
BIcKHYYiOTx/qSqnj51nmTFwGAKxtb1iUZzlacrejNcArp0pJgRDY0glR7sX6vHn
f9ETH7IzY76M1E2Di4Dxr0r8ZX/3ozsrSXp+GMJLeN9sCjKSyxoE5Y71eDBTCX2N
tShJJjhqUDz61bhKlX9j5c3jWvTXx46dE8wjoJ/BW1XJo5J1gzHQ/OLYeOXIdxlj
jVSlEuU69UT588B7UEEK9N9xK5K/c0Yw5gd02RUv/o7qdpYQICeGtQMMaFkm75xy
nUOxwwKBgQD/orUvgNJfFKyvGY8XJTuek5q8IcFD8AFO3b7pNnPynw8llyEpACAv
Onf9aJSPZvtrabSqrpO8k8Ijyhe2Ino39GuRV8RURl46GmFN31RoYV1wHI4K7Emh
68cdKbCEBudog+kImImldBAfo+QmBtqhS+u4B5qQwwnFa8DriQoiYwKBgQDCUg0r
Jd/ZXDLXk/H5PHpTApmUVd7SWLLIDfkBAlRO8Sni4/Ka+KTTZDec5uoo0hoP6cCs
Z9+MZz4XOiwv9dCEI5czMawGmwsm23+fGM/PP/lW4yD8dz10KZggKjWElymDVl+n
zsc6ctwHAOfYwREi7E+R4rWTBgTEvH2I3deV8wKBgQCqbHjKVeGUuHMfZl9kw30U
YmcoFoDX9VY0k9SbeaKhv19uZMDGABV00aVTmw2071JHm83HHw0oYoFtMWUkFvwl
TZ0Lj9g4Lul8EZYz6jhFlj5KvbQHSDEWnS9oxnWtWe+bAptbEFvDorVqbULEBJHA
3UfQBRG111vY8oCdBgbBlwKBgQCBjAjHbpU7ksyPt/amKFGMrGZi4+nhkHcwCVCr
VuLfS3FB7UxnUG3iQs+970bF4Wa1RoBy7+pdmilk0XLKo+BYF7oiIR1ZvLIZ56pq
EIqKKqY57MCoT35NcRAVcXkDD3ECOZUaidom9z1aAJqQgLYXSDUL7HkMrq3YfakF
6Tpj9wKBgEPCSW7EMFjK2NzmB+4b+skxXcfCZ0ldNtwoUDijuAMFg8ueC3j2qFUX
bAXSApi3mQMow1/JwQxiZ+b+GDLdTcE/PrBVBRkL/5RkmnVagbjBrdZhVjpC+dUo
eEkCChClGGpRyPJ+DYYRyX1Fk9Und8Xbd49Vv+/6RL76ys3gGQl8
-----END RSA PRIVATE KEY-----


Why can't I import the key using ImportCspBlob(...)? I have not found much info online regarding the exception but where is my code wrong? I am aware of BouncyCastle but I am trying to do this natively using .Net Core.










share|improve this question













I am trying to load the Private and Public keys from a PEM file using .Net Core.
My code looks like this:



var localPath = Path.GetDirectoryName(System.Reflection.Assembly.GetExecutingAssembly().Location);
var path = Path.Combine(localPath, this._configManager.JwtPem);
var rsaCryptoServiceProvider = new RSACryptoServiceProvider();

var linesList = File.ReadAllLines(path).ToList();
var line = string.Concat(linesList.GetRange(1, linesList.Count - 2));

rsaCryptoServiceProvider.ImportCspBlob(Convert.FromBase64String(line));


The exception I am getting is:



Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException : Bad Version of provider
at Internal.NativeCrypto.CapiHelper.ImportKeyBlob(SafeProvHandle saveProvHandle, CspProviderFlags flags, Boolean addNoSaltFlag, Byte keyBlob, SafeKeyHandle& safeKeyHandle)
at System.Security.Cryptography.RSACryptoServiceProvider.ImportCspBlob(Byte keyBlob)
at StepNexusCA.ServiceLayer.Authorization.TokenService.GenerateToken(List`1 claims)


The PEM file containing the PKCS1 format of my development Private/Public keys is here:



-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAwgs8kmIwk+4geRO7dGZjzYpgD2OiaUrnOOIk+ObXt/CcjhwX
lSst+jBmfMF1Wp/mF4aUQsePxN59MYV2BsqPLEkzVdq/fb/7V2wbZcooJAQKkJwT
emtYHrBN00KBBeu9uQZlFOw365ij4GrbP7mcr4tNFZ3TPnRFUUFqhvB6mEG1aZsb
lOn1lgL34tAycQHNxttXz/aGfPyTefQ+yISvSY2n8288OVlyfu6wKDONQYS+/stC
tCV+a+/dDUSUjaZsXM1+BMSflsINqIcCTCMvPa6fb5Z+USfPDcDNwzUyX20LBzH5
wFwPLIvuoqJeeczcaHaT+dS2ZZREj6kgUsdC+QIBAwKCAQEAgVzTDEF1t/QVpg0n
ou7tM7GVX5fBm4dE0JbDUJnlJUsTCWgPuMdz/CBEUyujkb/uulm4LIUKgz7+IQOk
BIcKHYYiOTx/qSqnj51nmTFwGAKxtb1iUZzlacrejNcArp0pJgRDY0glR7sX6vHn
f9ETH7IzY76M1E2Di4Dxr0r8ZX/3ozsrSXp+GMJLeN9sCjKSyxoE5Y71eDBTCX2N
tShJJjhqUDz61bhKlX9j5c3jWvTXx46dE8wjoJ/BW1XJo5J1gzHQ/OLYeOXIdxlj
jVSlEuU69UT588B7UEEK9N9xK5K/c0Yw5gd02RUv/o7qdpYQICeGtQMMaFkm75xy
nUOxwwKBgQD/orUvgNJfFKyvGY8XJTuek5q8IcFD8AFO3b7pNnPynw8llyEpACAv
Onf9aJSPZvtrabSqrpO8k8Ijyhe2Ino39GuRV8RURl46GmFN31RoYV1wHI4K7Emh
68cdKbCEBudog+kImImldBAfo+QmBtqhS+u4B5qQwwnFa8DriQoiYwKBgQDCUg0r
Jd/ZXDLXk/H5PHpTApmUVd7SWLLIDfkBAlRO8Sni4/Ka+KTTZDec5uoo0hoP6cCs
Z9+MZz4XOiwv9dCEI5czMawGmwsm23+fGM/PP/lW4yD8dz10KZggKjWElymDVl+n
zsc6ctwHAOfYwREi7E+R4rWTBgTEvH2I3deV8wKBgQCqbHjKVeGUuHMfZl9kw30U
YmcoFoDX9VY0k9SbeaKhv19uZMDGABV00aVTmw2071JHm83HHw0oYoFtMWUkFvwl
TZ0Lj9g4Lul8EZYz6jhFlj5KvbQHSDEWnS9oxnWtWe+bAptbEFvDorVqbULEBJHA
3UfQBRG111vY8oCdBgbBlwKBgQCBjAjHbpU7ksyPt/amKFGMrGZi4+nhkHcwCVCr
VuLfS3FB7UxnUG3iQs+970bF4Wa1RoBy7+pdmilk0XLKo+BYF7oiIR1ZvLIZ56pq
EIqKKqY57MCoT35NcRAVcXkDD3ECOZUaidom9z1aAJqQgLYXSDUL7HkMrq3YfakF
6Tpj9wKBgEPCSW7EMFjK2NzmB+4b+skxXcfCZ0ldNtwoUDijuAMFg8ueC3j2qFUX
bAXSApi3mQMow1/JwQxiZ+b+GDLdTcE/PrBVBRkL/5RkmnVagbjBrdZhVjpC+dUo
eEkCChClGGpRyPJ+DYYRyX1Fk9Und8Xbd49Vv+/6RL76ys3gGQl8
-----END RSA PRIVATE KEY-----


Why can't I import the key using ImportCspBlob(...)? I have not found much info online regarding the exception but where is my code wrong? I am aware of BouncyCastle but I am trying to do this natively using .Net Core.







security .net-core openssl rsa pem






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Nov 22 at 15:21









VasilisP

527




527












  • Very simply, you can't import it because it is not a supported format.
    – James K Polk
    Nov 22 at 16:34










  • But then what is the format supported? Not so clear here. docs.microsoft.com/en-us/dotnet/api/…
    – VasilisP
    Nov 22 at 16:40










  • Not clear at all, is it? I believe the format is a Microsoft proprietary format that you'd get by calling ExportCspBlob. I'm not sure how to get from what you have, which is a PKCS#1 RSAPrivateKey object, into RSACryptoServiceProvider.
    – James K Polk
    Nov 22 at 16:48












  • If you are referring to the XML format and I have it all working using it. However the PKCS#1 format is industry accepted. I do not understand why MS is not supporting it...
    – VasilisP
    Nov 22 at 16:57






  • 1




    I think I read somewhere that one of these upcoming versions of .NET will support some of these more widely used formats, but I don't recall the details.
    – James K Polk
    Nov 22 at 17:02


















  • Very simply, you can't import it because it is not a supported format.
    – James K Polk
    Nov 22 at 16:34










  • But then what is the format supported? Not so clear here. docs.microsoft.com/en-us/dotnet/api/…
    – VasilisP
    Nov 22 at 16:40










  • Not clear at all, is it? I believe the format is a Microsoft proprietary format that you'd get by calling ExportCspBlob. I'm not sure how to get from what you have, which is a PKCS#1 RSAPrivateKey object, into RSACryptoServiceProvider.
    – James K Polk
    Nov 22 at 16:48












  • If you are referring to the XML format and I have it all working using it. However the PKCS#1 format is industry accepted. I do not understand why MS is not supporting it...
    – VasilisP
    Nov 22 at 16:57






  • 1




    I think I read somewhere that one of these upcoming versions of .NET will support some of these more widely used formats, but I don't recall the details.
    – James K Polk
    Nov 22 at 17:02
















Very simply, you can't import it because it is not a supported format.
– James K Polk
Nov 22 at 16:34




Very simply, you can't import it because it is not a supported format.
– James K Polk
Nov 22 at 16:34












But then what is the format supported? Not so clear here. docs.microsoft.com/en-us/dotnet/api/…
– VasilisP
Nov 22 at 16:40




But then what is the format supported? Not so clear here. docs.microsoft.com/en-us/dotnet/api/…
– VasilisP
Nov 22 at 16:40












Not clear at all, is it? I believe the format is a Microsoft proprietary format that you'd get by calling ExportCspBlob. I'm not sure how to get from what you have, which is a PKCS#1 RSAPrivateKey object, into RSACryptoServiceProvider.
– James K Polk
Nov 22 at 16:48






Not clear at all, is it? I believe the format is a Microsoft proprietary format that you'd get by calling ExportCspBlob. I'm not sure how to get from what you have, which is a PKCS#1 RSAPrivateKey object, into RSACryptoServiceProvider.
– James K Polk
Nov 22 at 16:48














If you are referring to the XML format and I have it all working using it. However the PKCS#1 format is industry accepted. I do not understand why MS is not supporting it...
– VasilisP
Nov 22 at 16:57




If you are referring to the XML format and I have it all working using it. However the PKCS#1 format is industry accepted. I do not understand why MS is not supporting it...
– VasilisP
Nov 22 at 16:57




1




1




I think I read somewhere that one of these upcoming versions of .NET will support some of these more widely used formats, but I don't recall the details.
– James K Polk
Nov 22 at 17:02




I think I read somewhere that one of these upcoming versions of .NET will support some of these more widely used formats, but I don't recall the details.
– James K Polk
Nov 22 at 17:02












3 Answers
3






active

oldest

votes

















up vote
1
down vote



accepted










The format for ImportCspBlob is the format from ExportCspBlob, which is the PRIVATEKEY blob format required by CryptImportKey. Since .NET just transparently passes that on to Windows CAPI, the ImportCspBlob method throws on non-Windows platforms.



Another answer that I've given in the past for importing private keys (including PKCS#1 RSAPrivateKey) is a bit of a meta-answer, which includes links to just get things working: Digital signature in c# without using BouncyCastle.



.NET Core 3.0's daily builds have the functionality built-in. Mostly. The PEM format is easy in practice, but somewhat annoying in the spec, so the methods leave it up to the caller to "un-PEM" the data... for the default formatting on a single-value payload with no attributes (like you have in your example) you can do it with daily builds via



private static RSA ReadKeyFromFile(string filename)
{
string pemContents = System.IO.File.ReadAllText(filename);
const string RsaPrivateKeyHeader = "-----BEGIN RSA PRIVATE KEY-----";
const string RsaPrivateKeyFooter = "-----END RSA PRIVATE KEY-----";

if (pemContents.StartsWith(RsaPrivateKeyHeader))
{
int endIdx = pemContents.IndexOf(
RsaPrivateKeyFooter,
RsaPrivateKeyHeader.Length,
StringComparison.Ordinal);

string base64 = pemContents.Substring(
RsaPrivateKeyHeader.Length,
endIdx - RsaPrivateKeyHeader.Length);

byte der = Convert.FromBase64String(base64);
RSA rsa = RSA.Create();
rsa.ImportRSAPrivateKey(der, out _);
return rsa;
}

// "BEGIN PRIVATE KEY" (ImportPkcs8PrivateKey),
// "BEGIN ENCRYPTED PRIVATE KEY" (ImportEncryptedPkcs8PrivateKey),
// "BEGIN PUBLIC KEY" (ImportSubjectPublicKeyInfo),
// "BEGIN RSA PUBLIC KEY" (ImportRSAPublicKey)
// could any/all be handled here.
throw new InvalidOperationException();
}


Daily builds of the .NET Core SDK can be obtained from https://github.com/dotnet/core-sdk/#installers-and-binaries






share|improve this answer





















  • Thanks for the answer. Are you suggesting this is not possible with .Net Core 2.1? Is that why I cannot resolve ImportRSAPrivateKey(...) or is that your own extension method?
    – VasilisP
    Nov 23 at 15:57










  • The method is new in .NET Core 3.0; .NET Core 2.1 doesn’t have built in public API for it
    – bartonjs
    Nov 23 at 17:16










  • Thank you. Obviously, that means I have to rely on a beta release to go to production. I expect once v3 is out, I will revisit this area. Thank you for your help.
    – VasilisP
    Nov 29 at 16:56




















up vote
0
down vote













If you don't need to convert from PEM to DER in the code, you can use openssl to get the DER encoded private key file:



openssl rsa -in key.pem -out key.der -outform der






share|improve this answer























  • I am trying to do this programmatically...
    – VasilisP
    Nov 23 at 14:22


















up vote
0
down vote













The .Net Cryptographic API does not support the industry widely used PEM files so we need to convert it to the XML format, introduced by Microsoft. Basically, the solution was found in another similar question here C# Extract public key from RSA PEM private key.






share|improve this answer





















    Your Answer






    StackExchange.ifUsing("editor", function () {
    StackExchange.using("externalEditor", function () {
    StackExchange.using("snippets", function () {
    StackExchange.snippets.init();
    });
    });
    }, "code-snippets");

    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "1"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53434030%2fhow-to-import-pkcs1-keys-from-a-pem-file-containing-private-public-keys-in-ne%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    3 Answers
    3






    active

    oldest

    votes








    3 Answers
    3






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes








    up vote
    1
    down vote



    accepted










    The format for ImportCspBlob is the format from ExportCspBlob, which is the PRIVATEKEY blob format required by CryptImportKey. Since .NET just transparently passes that on to Windows CAPI, the ImportCspBlob method throws on non-Windows platforms.



    Another answer that I've given in the past for importing private keys (including PKCS#1 RSAPrivateKey) is a bit of a meta-answer, which includes links to just get things working: Digital signature in c# without using BouncyCastle.



    .NET Core 3.0's daily builds have the functionality built-in. Mostly. The PEM format is easy in practice, but somewhat annoying in the spec, so the methods leave it up to the caller to "un-PEM" the data... for the default formatting on a single-value payload with no attributes (like you have in your example) you can do it with daily builds via



    private static RSA ReadKeyFromFile(string filename)
    {
    string pemContents = System.IO.File.ReadAllText(filename);
    const string RsaPrivateKeyHeader = "-----BEGIN RSA PRIVATE KEY-----";
    const string RsaPrivateKeyFooter = "-----END RSA PRIVATE KEY-----";

    if (pemContents.StartsWith(RsaPrivateKeyHeader))
    {
    int endIdx = pemContents.IndexOf(
    RsaPrivateKeyFooter,
    RsaPrivateKeyHeader.Length,
    StringComparison.Ordinal);

    string base64 = pemContents.Substring(
    RsaPrivateKeyHeader.Length,
    endIdx - RsaPrivateKeyHeader.Length);

    byte der = Convert.FromBase64String(base64);
    RSA rsa = RSA.Create();
    rsa.ImportRSAPrivateKey(der, out _);
    return rsa;
    }

    // "BEGIN PRIVATE KEY" (ImportPkcs8PrivateKey),
    // "BEGIN ENCRYPTED PRIVATE KEY" (ImportEncryptedPkcs8PrivateKey),
    // "BEGIN PUBLIC KEY" (ImportSubjectPublicKeyInfo),
    // "BEGIN RSA PUBLIC KEY" (ImportRSAPublicKey)
    // could any/all be handled here.
    throw new InvalidOperationException();
    }


    Daily builds of the .NET Core SDK can be obtained from https://github.com/dotnet/core-sdk/#installers-and-binaries






    share|improve this answer





















    • Thanks for the answer. Are you suggesting this is not possible with .Net Core 2.1? Is that why I cannot resolve ImportRSAPrivateKey(...) or is that your own extension method?
      – VasilisP
      Nov 23 at 15:57










    • The method is new in .NET Core 3.0; .NET Core 2.1 doesn’t have built in public API for it
      – bartonjs
      Nov 23 at 17:16










    • Thank you. Obviously, that means I have to rely on a beta release to go to production. I expect once v3 is out, I will revisit this area. Thank you for your help.
      – VasilisP
      Nov 29 at 16:56

















    up vote
    1
    down vote



    accepted










    The format for ImportCspBlob is the format from ExportCspBlob, which is the PRIVATEKEY blob format required by CryptImportKey. Since .NET just transparently passes that on to Windows CAPI, the ImportCspBlob method throws on non-Windows platforms.



    Another answer that I've given in the past for importing private keys (including PKCS#1 RSAPrivateKey) is a bit of a meta-answer, which includes links to just get things working: Digital signature in c# without using BouncyCastle.



    .NET Core 3.0's daily builds have the functionality built-in. Mostly. The PEM format is easy in practice, but somewhat annoying in the spec, so the methods leave it up to the caller to "un-PEM" the data... for the default formatting on a single-value payload with no attributes (like you have in your example) you can do it with daily builds via



    private static RSA ReadKeyFromFile(string filename)
    {
    string pemContents = System.IO.File.ReadAllText(filename);
    const string RsaPrivateKeyHeader = "-----BEGIN RSA PRIVATE KEY-----";
    const string RsaPrivateKeyFooter = "-----END RSA PRIVATE KEY-----";

    if (pemContents.StartsWith(RsaPrivateKeyHeader))
    {
    int endIdx = pemContents.IndexOf(
    RsaPrivateKeyFooter,
    RsaPrivateKeyHeader.Length,
    StringComparison.Ordinal);

    string base64 = pemContents.Substring(
    RsaPrivateKeyHeader.Length,
    endIdx - RsaPrivateKeyHeader.Length);

    byte der = Convert.FromBase64String(base64);
    RSA rsa = RSA.Create();
    rsa.ImportRSAPrivateKey(der, out _);
    return rsa;
    }

    // "BEGIN PRIVATE KEY" (ImportPkcs8PrivateKey),
    // "BEGIN ENCRYPTED PRIVATE KEY" (ImportEncryptedPkcs8PrivateKey),
    // "BEGIN PUBLIC KEY" (ImportSubjectPublicKeyInfo),
    // "BEGIN RSA PUBLIC KEY" (ImportRSAPublicKey)
    // could any/all be handled here.
    throw new InvalidOperationException();
    }


    Daily builds of the .NET Core SDK can be obtained from https://github.com/dotnet/core-sdk/#installers-and-binaries






    share|improve this answer





















    • Thanks for the answer. Are you suggesting this is not possible with .Net Core 2.1? Is that why I cannot resolve ImportRSAPrivateKey(...) or is that your own extension method?
      – VasilisP
      Nov 23 at 15:57










    • The method is new in .NET Core 3.0; .NET Core 2.1 doesn’t have built in public API for it
      – bartonjs
      Nov 23 at 17:16










    • Thank you. Obviously, that means I have to rely on a beta release to go to production. I expect once v3 is out, I will revisit this area. Thank you for your help.
      – VasilisP
      Nov 29 at 16:56















    up vote
    1
    down vote



    accepted







    up vote
    1
    down vote



    accepted






    The format for ImportCspBlob is the format from ExportCspBlob, which is the PRIVATEKEY blob format required by CryptImportKey. Since .NET just transparently passes that on to Windows CAPI, the ImportCspBlob method throws on non-Windows platforms.



    Another answer that I've given in the past for importing private keys (including PKCS#1 RSAPrivateKey) is a bit of a meta-answer, which includes links to just get things working: Digital signature in c# without using BouncyCastle.



    .NET Core 3.0's daily builds have the functionality built-in. Mostly. The PEM format is easy in practice, but somewhat annoying in the spec, so the methods leave it up to the caller to "un-PEM" the data... for the default formatting on a single-value payload with no attributes (like you have in your example) you can do it with daily builds via



    private static RSA ReadKeyFromFile(string filename)
    {
    string pemContents = System.IO.File.ReadAllText(filename);
    const string RsaPrivateKeyHeader = "-----BEGIN RSA PRIVATE KEY-----";
    const string RsaPrivateKeyFooter = "-----END RSA PRIVATE KEY-----";

    if (pemContents.StartsWith(RsaPrivateKeyHeader))
    {
    int endIdx = pemContents.IndexOf(
    RsaPrivateKeyFooter,
    RsaPrivateKeyHeader.Length,
    StringComparison.Ordinal);

    string base64 = pemContents.Substring(
    RsaPrivateKeyHeader.Length,
    endIdx - RsaPrivateKeyHeader.Length);

    byte der = Convert.FromBase64String(base64);
    RSA rsa = RSA.Create();
    rsa.ImportRSAPrivateKey(der, out _);
    return rsa;
    }

    // "BEGIN PRIVATE KEY" (ImportPkcs8PrivateKey),
    // "BEGIN ENCRYPTED PRIVATE KEY" (ImportEncryptedPkcs8PrivateKey),
    // "BEGIN PUBLIC KEY" (ImportSubjectPublicKeyInfo),
    // "BEGIN RSA PUBLIC KEY" (ImportRSAPublicKey)
    // could any/all be handled here.
    throw new InvalidOperationException();
    }


    Daily builds of the .NET Core SDK can be obtained from https://github.com/dotnet/core-sdk/#installers-and-binaries






    share|improve this answer












    The format for ImportCspBlob is the format from ExportCspBlob, which is the PRIVATEKEY blob format required by CryptImportKey. Since .NET just transparently passes that on to Windows CAPI, the ImportCspBlob method throws on non-Windows platforms.



    Another answer that I've given in the past for importing private keys (including PKCS#1 RSAPrivateKey) is a bit of a meta-answer, which includes links to just get things working: Digital signature in c# without using BouncyCastle.



    .NET Core 3.0's daily builds have the functionality built-in. Mostly. The PEM format is easy in practice, but somewhat annoying in the spec, so the methods leave it up to the caller to "un-PEM" the data... for the default formatting on a single-value payload with no attributes (like you have in your example) you can do it with daily builds via



    private static RSA ReadKeyFromFile(string filename)
    {
    string pemContents = System.IO.File.ReadAllText(filename);
    const string RsaPrivateKeyHeader = "-----BEGIN RSA PRIVATE KEY-----";
    const string RsaPrivateKeyFooter = "-----END RSA PRIVATE KEY-----";

    if (pemContents.StartsWith(RsaPrivateKeyHeader))
    {
    int endIdx = pemContents.IndexOf(
    RsaPrivateKeyFooter,
    RsaPrivateKeyHeader.Length,
    StringComparison.Ordinal);

    string base64 = pemContents.Substring(
    RsaPrivateKeyHeader.Length,
    endIdx - RsaPrivateKeyHeader.Length);

    byte der = Convert.FromBase64String(base64);
    RSA rsa = RSA.Create();
    rsa.ImportRSAPrivateKey(der, out _);
    return rsa;
    }

    // "BEGIN PRIVATE KEY" (ImportPkcs8PrivateKey),
    // "BEGIN ENCRYPTED PRIVATE KEY" (ImportEncryptedPkcs8PrivateKey),
    // "BEGIN PUBLIC KEY" (ImportSubjectPublicKeyInfo),
    // "BEGIN RSA PUBLIC KEY" (ImportRSAPublicKey)
    // could any/all be handled here.
    throw new InvalidOperationException();
    }


    Daily builds of the .NET Core SDK can be obtained from https://github.com/dotnet/core-sdk/#installers-and-binaries







    share|improve this answer












    share|improve this answer



    share|improve this answer










    answered Nov 23 at 0:18









    bartonjs

    12.8k12052




    12.8k12052












    • Thanks for the answer. Are you suggesting this is not possible with .Net Core 2.1? Is that why I cannot resolve ImportRSAPrivateKey(...) or is that your own extension method?
      – VasilisP
      Nov 23 at 15:57










    • The method is new in .NET Core 3.0; .NET Core 2.1 doesn’t have built in public API for it
      – bartonjs
      Nov 23 at 17:16










    • Thank you. Obviously, that means I have to rely on a beta release to go to production. I expect once v3 is out, I will revisit this area. Thank you for your help.
      – VasilisP
      Nov 29 at 16:56




















    • Thanks for the answer. Are you suggesting this is not possible with .Net Core 2.1? Is that why I cannot resolve ImportRSAPrivateKey(...) or is that your own extension method?
      – VasilisP
      Nov 23 at 15:57










    • The method is new in .NET Core 3.0; .NET Core 2.1 doesn’t have built in public API for it
      – bartonjs
      Nov 23 at 17:16










    • Thank you. Obviously, that means I have to rely on a beta release to go to production. I expect once v3 is out, I will revisit this area. Thank you for your help.
      – VasilisP
      Nov 29 at 16:56


















    Thanks for the answer. Are you suggesting this is not possible with .Net Core 2.1? Is that why I cannot resolve ImportRSAPrivateKey(...) or is that your own extension method?
    – VasilisP
    Nov 23 at 15:57




    Thanks for the answer. Are you suggesting this is not possible with .Net Core 2.1? Is that why I cannot resolve ImportRSAPrivateKey(...) or is that your own extension method?
    – VasilisP
    Nov 23 at 15:57












    The method is new in .NET Core 3.0; .NET Core 2.1 doesn’t have built in public API for it
    – bartonjs
    Nov 23 at 17:16




    The method is new in .NET Core 3.0; .NET Core 2.1 doesn’t have built in public API for it
    – bartonjs
    Nov 23 at 17:16












    Thank you. Obviously, that means I have to rely on a beta release to go to production. I expect once v3 is out, I will revisit this area. Thank you for your help.
    – VasilisP
    Nov 29 at 16:56






    Thank you. Obviously, that means I have to rely on a beta release to go to production. I expect once v3 is out, I will revisit this area. Thank you for your help.
    – VasilisP
    Nov 29 at 16:56














    up vote
    0
    down vote













    If you don't need to convert from PEM to DER in the code, you can use openssl to get the DER encoded private key file:



    openssl rsa -in key.pem -out key.der -outform der






    share|improve this answer























    • I am trying to do this programmatically...
      – VasilisP
      Nov 23 at 14:22















    up vote
    0
    down vote













    If you don't need to convert from PEM to DER in the code, you can use openssl to get the DER encoded private key file:



    openssl rsa -in key.pem -out key.der -outform der






    share|improve this answer























    • I am trying to do this programmatically...
      – VasilisP
      Nov 23 at 14:22













    up vote
    0
    down vote










    up vote
    0
    down vote









    If you don't need to convert from PEM to DER in the code, you can use openssl to get the DER encoded private key file:



    openssl rsa -in key.pem -out key.der -outform der






    share|improve this answer














    If you don't need to convert from PEM to DER in the code, you can use openssl to get the DER encoded private key file:



    openssl rsa -in key.pem -out key.der -outform der







    share|improve this answer














    share|improve this answer



    share|improve this answer








    edited Nov 23 at 1:25

























    answered Nov 23 at 1:19









    Lucas Martins

    586




    586












    • I am trying to do this programmatically...
      – VasilisP
      Nov 23 at 14:22


















    • I am trying to do this programmatically...
      – VasilisP
      Nov 23 at 14:22
















    I am trying to do this programmatically...
    – VasilisP
    Nov 23 at 14:22




    I am trying to do this programmatically...
    – VasilisP
    Nov 23 at 14:22










    up vote
    0
    down vote













    The .Net Cryptographic API does not support the industry widely used PEM files so we need to convert it to the XML format, introduced by Microsoft. Basically, the solution was found in another similar question here C# Extract public key from RSA PEM private key.






    share|improve this answer

























      up vote
      0
      down vote













      The .Net Cryptographic API does not support the industry widely used PEM files so we need to convert it to the XML format, introduced by Microsoft. Basically, the solution was found in another similar question here C# Extract public key from RSA PEM private key.






      share|improve this answer























        up vote
        0
        down vote










        up vote
        0
        down vote









        The .Net Cryptographic API does not support the industry widely used PEM files so we need to convert it to the XML format, introduced by Microsoft. Basically, the solution was found in another similar question here C# Extract public key from RSA PEM private key.






        share|improve this answer












        The .Net Cryptographic API does not support the industry widely used PEM files so we need to convert it to the XML format, introduced by Microsoft. Basically, the solution was found in another similar question here C# Extract public key from RSA PEM private key.







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Nov 29 at 14:48









        VasilisP

        527




        527






























            draft saved

            draft discarded




















































            Thanks for contributing an answer to Stack Overflow!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.





            Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


            Please pay close attention to the following guidance:


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53434030%2fhow-to-import-pkcs1-keys-from-a-pem-file-containing-private-public-keys-in-ne%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            Popular posts from this blog

            What visual should I use to simply compare current year value vs last year in Power BI desktop

            How to ignore python UserWarning in pytest?

            Alexandru Averescu