Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 679
  • Last Modified:

Using C# to extract publick key from pfx file without a password

I want to know if it is possible, and how, to use C# to extract publick keys from pfx files without a password. I understand the password is there to protect the private key, so the public keys should be available without the password right?
0
itnifl
Asked:
itnifl
1 Solution
 
btanExec ConsultantCommented:
You still need password as pfx is protected by password. Your can extract if it is plain pem or crt but no pfx without password.  You should be able to get a collection object containing the certs in your .pfx file by using the X509Certificate2Collection class
string certPath = <YOUR PFX FILE PATH>;
string certPass = <YOUR PASSWORD>;

// Create a collection object and populate it using the PFX file
X509Certificate2Collection collection = new X509Certificate2Collection();
collection.Import(certPath, certPass, X509KeyStorageFlags.PersistKeySet);

foreach (X509Certificate2 cert in collection)
{
    Console.WriteLine("Subject is: '{0}'", cert.Subject);
    Console.WriteLine("Issuer is:  '{0}'", cert.Issuer);

    // Import the certificates into X509Store objects
}
In .NET, the X509Certificate2 object has properties for the PublicKey and PrivateKey. But that's largely for convenience. A certificate is something you are supposed to present to someone to prove something, and by design, it's only the public portion of the public/private key pair that is ever presented to anyone. When an X509 certificate is presented to someone, .NET of course strips out the private key. Having the private key property on the certificate object is a bit of a misrepresentation, especially since, as we'll see, there's a big difference in how the public and private key are dealt with.
http://paulstovell.com/blog/x509certificate2

May be better to use openssl
•Private key: openssl pkcs12 -in yourP12File.pfx -nocerts -out privateKey.pem

•Certificates: openssl pkcs12 -in yourP12File.pfx -clcerts -nokeys -out publicCert.pem
http://anuchandy.blogspot.sg/2012/04/extracting-public-certificate-and.html
0
 
itniflAuthor Commented:
Find it weird that OpenSSL can do it, but not .Net.
What you tell me is the same as what I found.
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now