❔ X509 Certificate from base64 string
I am trying to transform a base64 string I receive from a previous webrequest into a x509 certificate btu all I get is a . The public key I got in base64 is this one: and I intend to later use it in an RSACryptoServiceProvider to encrypt some data. I have the same code in Java working properly and can't understand what might be wrong in the C# version.
Java code from public key string into X509 cert.
C# version 1 from public key string into X509 cert with error:
C# version 2 from public key string into X509 cert with error:
I have tried other options, all of which failed so far.
32 Replies
I think you are misunderstanding something. An X509Certificate is a full certificate, not just the public key.
I tried it earlier using the key as a public key for the RSACryptoServiceProvider but it ended up creating larger encrypted files as the Java counterpart
It did encrypt what I wanted but not in the way it was required by the server
the size of the created encrypted base64 string for something like [email protected] was double the size the Java code would produce
for the X509 loding from a public key I got it from here:
https://stackoverflow.com/questions/45768210/read-rsa-public-key-from-x509-certificate-bytes-in-c-sharp
Stack Overflow
Read RSA Public Key from x509 Certificate Bytes in C#
In C#, I'm retrieving an RSA public key from a HTTP request and it gives me the key encoded in base64.
WebClient webClient = new WebClient();
string rsaPublicKeyBase64 = webClient.DownloadString("...
but when I tried using
it would get a null reference as the store couldn't find the certificate file previously saved (probably because I only have the public key data as well).
If you never saved the certificate to the certificate store then naturally it won't find it.
You can load directly from a file on disk however.
If you have the actual .pfx or .cer file
I'm trying to create the cert file and I was just following the answer from stackoverflow where they save the certFile and it magically loads into the store god knows where from (not depicted in the answer) and I can't find how to save it if I can't create the cert from the data I have (the base64 string I receive).
I don't have the cer file, that's why the example I ended up following was this simpler one:
All I need is to get that public key into the RSACryptoServiceProvider, but somehow it also needs to know it is from a x509 cert? I really am lost here..
All I have is the working Java code to follow
I was not aware you can create an X509Certificate2 instance from just a public key.
I'm still not sure it is possible as I can't understand how to translate the java thing into c#
I don't think you can
an X509Certificate holds the cert metadata
and references the keys, public and (optionally) private
that java code looks to only be dealing with a key pair
But as I have the public key I could use it directly, no? Why would this produce a different answer than what is expected?
it's reading the public key from the cert used in the response
and using that to get something to encrypt
the authorizationCodeResponse contains the key and other unrelated data
like userInfo and such
yeah, you can use it directly
I tried using it directly but it ends up creating a different sized RSA encrypted string
with double the expected size
so the server refuses it saying it is to big
it might be encoding it as unicode instead of utf-8
strings by default in .net are wchar/utf-16/unicode/whatever other term is used to described 16 byte characters)
it looks like that java code is producing something encoded with utf-8
c#
you mean before encrypting or after?
yeah
looks like before?
because they are both set to UTF 8 befure encrypting
but your guess sounds about right as it was double the size
you'd have to examine the raw output between the two
it could be that the server is complaining because it was encoded incorrectly in the request
some things like to base64 a byte array when building a json request
yeah, the userBytes is later encoded using Base64
in Java it woudl go like this:
which probably uses the default encoding of the platform
in C# it probably also uses a default encoder but they may differ
will try finding if there are different encoding options in the Convert.ToBase64String method
yeah
encoding won't come into play at that point
base64 is base64
as long as the server expects it to be base64 encoded, there shouldn't be a problem
next step is to compare the output of
Encoding.UTF8.GetBytes(user) and user.getBytes(StandardCharsets.UTF_8) at the byte levelyeah, will request the Java dude to hand me the input public key + user info and output of the java one for me to try and replicate in c# and compare byte data then..
thanks mate
you might also look into using bouncy castle for .net, it's popular in the java world, so there may be significant overlap
I'm using it already somewhere else in this project, you're telling me to use it for encryption using the public key?
it's something to try
especially if it's used by the java side as well
will do it then. Thanks again
binary data shows that the c# one has more than 64 bytes of data while java ones always have exactly 64 bytes and 90 chars
using bouncy castle did the trick
thanks Cisien
still can't wrap my head around why microsoft's encryption would not work
now how do I close this post?
bro I know its a quiet time ago but are u still there?
Im dealing with it rn, need some help
Hey man, I am here but probably won’t remember much about what I ended up doing with this certificate thing. I believe I switched the lib I was using to decode it
What is it that you need some help with?
I havent the access from pfx directory file and on google is all about it, retrieve file from path, but I cant do it using C#, its only on frontend and send to my api
my first doubt is: what format the pfx should come? FromBase64String | File ... ?
I will open this project up euther later today or tomorrow and sse if I’ve got something to help you with. I can’t for nothing remeber it properly but I’m sure it is there
I appreciate
I still keep looking for something
I think I did
Was this issue resolved? If so, run
/close - otherwise I will mark this as stale and this post will be archived until there is new activity.