Enhance PKCS#8 support: add .NET X509Certificate2 interop and fix RSA…#670
Open
KonradSop wants to merge 1 commit intobcgit:masterfrom
Open
Enhance PKCS#8 support: add .NET X509Certificate2 interop and fix RSA…#670KonradSop wants to merge 1 commit intobcgit:masterfrom
KonradSop wants to merge 1 commit intobcgit:masterfrom
Conversation
peterdettman
requested changes
Apr 17, 2026
Comment on lines
+88
to
+89
| var bcCert = FromX509Certificate(certificate); | ||
| return SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(bcCert.GetPublicKey()); |
Collaborator
There was a problem hiding this comment.
From .NET 6.0 could use:
return SubjectPublicKeyInfo.GetInstance(certificate.PublicKey.ExportSubjectPublicKeyInfo());
| /// <exception cref="ArgumentNullException">If <paramref name="certificate"/> is null.</exception> | ||
| public static byte[] GetSubjectPublicKeyInfoDer(SystemX509.X509Certificate2 certificate) | ||
| { | ||
| return GetSubjectPublicKeyInfo(certificate).GetEncoded(Asn1Encodable.Der); |
Collaborator
There was a problem hiding this comment.
From .NET 6.0 could use:
return certificate.PublicKey.ExportSubjectPublicKeyInfo();
| new X509Certificate(x509Cert.RawData); | ||
|
|
||
| /// <summary> | ||
| /// Extract the <see cref="SubjectPublicKeyInfo"/> (X.509 / PKCS#8) from a .NET <see cref="SystemX509.X509Certificate2"/>. |
Collaborator
There was a problem hiding this comment.
"PKCS#8" doesn't really belong here. SubjectPublicKeyInfo is an ASN.1 type from the X.509 standard and is used for public keys. PKCS#8 is a separate standard for private keys.
| { | ||
| /// <summary> | ||
| /// A factory to produce Public Key Info Objects. | ||
| /// A factory to produce SubjectPublicKeyInfo (X.509 / PKCS#8) objects from Bouncy Castle public key parameters. |
| /// <returns>A subject public key info object.</returns> | ||
| /// <exception cref="Exception">Throw exception if object provided is not one of the above.</exception> | ||
| /// <example> | ||
| /// Example of converting a .NET X509Certificate2 to a PKCS#8/DER byte array: |
| namespace Org.BouncyCastle.Pkcs.Tests | ||
| { | ||
| [TestFixture] | ||
| public class Pkcs8Test |
Collaborator
There was a problem hiding this comment.
This test name (because of the Pkcs8) and location makes little sense.
I suggest adding TestDotNetUtilitiesGetSubjectPublicKeyInfoDer to Org.BouncyCastle.Security.Tests.TestDotNetUtilities instead (include the whole test case under the #if). The other two could perhaps just be added to Org.BouncyCastle.Security.TestsTestEncodings or, if you prefer, a new test class in Org.BouncyCastle.X509.Tests.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
This PR addresses several issues regarding PKCS#8 and X.509 interoperability brought up in the community discussions, specifically regarding RSA key encoding and usage convenience.
Related Discussion
Changes
GetSubjectPublicKeyInfoandGetSubjectPublicKeyInfoDermethods to simplify extracting PKCS#8/X.509 public key information directly from .NETX509Certificate2objects in a single line.SubjectPublicKeyInfoFactorycorrectly includes mandatoryDER NULL (05 00)parameters for RSA AlgorithmIdentifiers (OID 1.2.840.113549.1.1.1), resolving the "missing parameter" issue some users encountered when interoping with other crypto providers.DotNetUtilities,SubjectPublicKeyInfoFactory, andPrivateKeyInfoFactory.<example>snippets for common tasks.Pkcs8Test.csto verify correct ASN.1 encoding (specifically RSA NULL parameters) and test the new utility methods across all supported .NET frameworks.Checklist before requesting a review
See also Contributing Guidelines.