All geek questions in one place

Convert .PEM certificate to .PFX programmatically using OpenSSL

I have one . The PEM file I want to convert to a PKCS12 (PFX) file, and I know that I can easily do this using the following command openssl:

Create a PKCS#12 file:

 openssl pkcs12 -export -in file.pem -out file.p12 -name "My Certificate"

This is great, but I would like to do it programmatically using OpenSSL . Unfortunately, the documentation for OpenSSL is less than ideal.

I studied this using other libraries:

Using .NET: I can create an X509Certificate2 object from a PEM file, but it only grabs the first certificate and ignores any intermediate CA in the PEM file.

Using Mentalis.org Security Library: I can create a certificate object from a PEM file, but I see the following in the documentation:

PEM. , .

, . .

OpenSSL PEM > PFX, .

?

+3
1

BouncyCastle ( #, .NET).

, localhost.pem , , - :

using System;
using System.Collections;
using System.Linq;
using System.Text;
using System.IO;

using Org.BouncyCastle.Crypto;
using Org.BouncyCastle.OpenSsl;
using Org.BouncyCastle.Pkcs;
using Org.BouncyCastle.X509;
using Org.BouncyCastle.Security;

namespace TestApplication
{
    class Program
    {
        static void Main(string[] args)
        {
            StreamReader sr = File.OpenText("localhost.pem");
            IPasswordFinder passwordFinder = new PasswordStore("testtest".ToCharArray());
            PemReader pemReader = new PemReader(sr, passwordFinder);


            Pkcs12Store store = new Pkcs12StoreBuilder().Build();
            X509CertificateEntry[] chain = new X509CertificateEntry[1];
            AsymmetricCipherKeyPair privKey = null;

            object o;
            while ((o = pemReader.ReadObject()) != null)
            {
                if (o is X509Certificate)
                {
                    chain[0] = new X509CertificateEntry((X509Certificate)o);
                }
                else if (o is AsymmetricCipherKeyPair)
                {
                    privKey = (AsymmetricCipherKeyPair)o;
                }
            }

            store.SetKeyEntry("test", new AsymmetricKeyEntry(privKey.Private), chain);
            FileStream p12file = File.Create("localhost.p12");
            store.Save(p12file, "testtest".ToCharArray(), new SecureRandom());
            p12file.Close();
        }
    }

    class PasswordStore : IPasswordFinder
    {
        private char[] password;

        public PasswordStore(
                    char[] password)
        {
            this.password = password;
        }

        public char[] GetPassword()
        {
            return (char[])password.Clone();
        }

    }
}

, - IPasswordFinder . BouncyCastle.

+4

Source: https://habr.com/ru/post/1751299/

More articles:


All Articles