Forum Cross Platform with Xamarin

Usage of elliptic curve keys in X509Certificate2

dragondx2018dragondx2018 Member

My question is about Xamarin, iOS and Android, but the following snippet is from my iOS app.

With a X509Certificate2 object, I'm trying to import a BouncyCastle PKCS12 container that contains an ecc certificate (secp384r1 curve) like this

var certEntry = new X509CertificateEntry(certificate);
string friendlyName = certificate.SubjectDN.ToString();

var builder = new Pkcs12StoreBuilder();
builder.SetUseDerEncoding(true);
var pkcs12Store = builder.Build();       
AsymmetricKeyEntry keyEntry = new AsymmetricKeyEntry(bouncyCastleKeyPair.Private); // Elliptic curve keypair
pkcs12Store.SetKeyEntry(friendlyName, keyEntry, new[] { certEntry });  

using (MemoryStream pfxStream = new MemoryStream())
{
  pkcs12Store.Save(pfxStream, "secret".ToCharArray(), new SecureRandom());
  pfxStream.Seek(0, SeekOrigin.Begin);
  var result = Pkcs12Utilities.ConvertToDefiniteLength(pfxStream.ToArray(), "secret".ToCharArray());

// Import certificate bytes in .NET X509Certificate2
  var microsoftCertificate = new X509Certificate2();
  microsoftCertificate.Import(result, "secret", X509KeyStorageFlags.PersistKeySet); // Import fails!
  return microsoftCertificate;
}

It almost works, the certificate properties like NotBefore, NotAfter are transfered correctly but I can not access the private/public key properties of my X509Certicate2 object.

But I get an CryptographicException and in the stack trace I can see that Mono tries to parse an RSA Key in the DecodeRSA Methode in PKCS8 class!?

I need to use the X509Certificate2 for client side authentication in SslStream Handshake.

Now two important questions:

  • Are elliptic curve keys in X509Certificate2 class supported in Xamarin/Mono?

  • If yes, does anybody know how I can get Mono to parse the ECC keys correctly?

Sign In or Register to comment.