TechQA.

How to remove Subject Public Key Info in bouncy castle for CSR

26 views Asked by At

I need to generate Privatekey, Publickey & CSR in C# based on following requirement:

openssl ecparam -name secp256k1 -genkey -noout -out PrivateKey.pem
openssl req -new -sha256 -key PrivateKey.pem -extensions v3_req -config config.cnf -new_request.csr

config.cnf:

oid_section = OIDs

[ OIDs ]
certificateTemplateName= 1.3.6.1.4.1.311.20.2

[ req ]
default_bits        = 2048
emailAddress        = [email protected]
req_extensions          = v3_req
x509_extensions         = v3_ca
prompt = no
default_md = sha256
req_extensions = req_ext
distinguished_name = dn

[ dn ]
C=SA
OU=3111902937
O=ShaEk
CN=127.0.0.1


[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment

[req_ext]
certificateTemplateName = ASN1:PRINTABLESTRING:Csr-Signing
subjectAltName = dirName:alt_names

[alt_names]
SN=1-Device|2-234|3-gsgsgs
UID=3211234563
title=1000
registeredAddress=Address 12
businessCategory=Food Business3

I am able to generate all of the above but I am unable to handle the -config (extensions, oids, alt names etc). I think that I need to pass this information as the 4th argument for Pkcs10CertificationRequest but I couldn't find working example. I am using bouncy castle.

static AsymmetricCipherKeyPair GenerateKeyPair()
{
    var curve = ECNamedCurveTable.GetByName("secp256k1");
    var domainParams = new ECDomainParameters(curve.Curve, curve.G, curve.N, curve.H, curve.GetSeed());

    var secureRandom = new SecureRandom();
    var keyParams = new ECKeyGenerationParameters(domainParams, secureRandom);

    var generator = new ECKeyPairGenerator("ECDSA");
    generator.Init(keyParams);
    var keyPair = generator.GenerateKeyPair();

    return keyPair;
}

static string GenerateCertRequest(AsymmetricCipherKeyPair keyPair)
{
    var values = new Dictionary<DerObjectIdentifier, string> {
        {X509Name.C, "SA"},
        {X509Name.OU, "3111902937"},
        {X509Name.O, "Org"},
        {X509Name.CN, "127.0.0.1"},
    };

    var subject = new X509Name(values.Keys.ToList(), values);

    var extensionsGenerator = new X509ExtensionsGenerator();
    extensionsGenerator.AddExtension(MicrosoftObjectIdentifiers.MicrosoftCertTemplateV1, false,
        new DerOctetString(new DisplayText(4, "TSTZATCA-Code-Signing")));
    Dictionary< DerObjectIdentifier,string> subjectAlternativeNameAttributes = new Dictionary<DerObjectIdentifier, string>
    {
        { X509Name.Surname, "1-Device|2-234|3-gsgsgs" },
        { X509Name.UID, "311190293700003" },
        { X509Name.T, "1000" },
        { X509Name.BusinessCategory, "Food" }
    };

    var subjectAltNames = new X509Name(subjectAlternativeNameAttributes.Keys.ToList(), subjectAlternativeNameAttributes);

    var generalNames = new GeneralNames([new GeneralName(subjectAltNames)]);

    extensionsGenerator.AddExtension(X509Extensions.SubjectAlternativeName, false, generalNames);
    var attributes = new DerSet(extensionsGenerator.Generate());
    var extensions = extensionsGenerator.Generate();
    var attribute = new AttributePkcs(PkcsObjectIdentifiers.Pkcs9AtExtensionRequest, new DerSet(extensions));
    var atts = new DerSet(attribute);

    var csr = new Pkcs10CertificationRequest("SHA256withECDSA", subject, keyPair.Public, atts, keyPair.Private);

    var csrPem = new StringBuilder();
    var csrPemWriter = new Org.BouncyCastle.OpenSsl.PemWriter(new StringWriter(csrPem));
    csrPemWriter.WriteObject(csr);
    csrPemWriter.Writer.Flush();
    return csrPem.ToString();
}

The problem is that when I generate it using openssl I get:

Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (256 bit)
                pub:
                    04:a6:89:18:f6:14:16:23:55:6e:45:76:31:85:df:
                    0d:a5:fb:2a:a9:7e:13:25:62:64:c2:35:f8:d1:b8:
                    92:6a:69:1d:70:d6:34:c2:fe:27:1d:e1:88:6f:76:
                    bf:e6:67:b9:f5:dd:bd:6e:0f:dc:fe:aa:0b:85:30:
                    30:7d:42:1c:d7
                ASN1 OID: secp256k1

But the certificate I generated from the code produces:

Public Key Algorithm: id-ecPublicKey
        Public-Key: (256 bit)
        pub:
            04:d0:6e:ea:9a:75:23:9f:e7:b2:20:96:13:8d:d5:
            a1:82:c3:be:3c:a0:a2:39:68:c1:81:d1:cf:ba:30:
            d4:bc:85:70:bf:c8:0d:96:d0:6f:26:90:78:c8:50:
            79:ed:b4:c9:da:dc:b5:2f:65:de:82:a0:59:b2:3f:
            83:56:b3:6c:87
        Field Type: prime-field
        Prime:
            00:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:
            ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:fe:ff:
            ff:fc:2f
        A:    0
        B:    7 (0x7)
        Generator (uncompressed):
            04:79:be:66:7e:f9:dc:bb:ac:55:a0:62:95:ce:87:
            0b:07:02:9b:fc:db:2d:ce:28:d9:59:f2:81:5b:16:
            f8:17:98:48:3a:da:77:26:a3:c4:65:5d:a4:fb:fc:
            0e:11:08:a8:fd:17:b4:48:a6:85:54:19:9c:47:d0:
            8f:fb:10:d4:b8
        Order:
            00:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:
            ff:fe:ba:ae:dc:e6:af:48:a0:3b:bf:d2:5e:8c:d0:
            36:41:41
        Cofactor:  1 (0x1)
c# bouncycastle csr
Original Q&A
0

There are 0 answers

Related Questions in C#

Related Questions in BOUNCYCASTLE

Related Questions in CSR

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Trending Questions