Get certificate's public key in the PKCS8 format

Question

Get certificate's public key in the PKCS8 format

Dmitrii 0

Environment:

Windows 11 24H2

.Net Framework 4.8, 4.7.2

Problem:

I do not understand how to get server's certificate public key in PKCS8 format using the X509Certificate class.

Explanation:

I'm implementing the custom server's certificate check for SSL connection (aka certificate pinning) in the next way:

Create a new SSLStream:

SslStream sslStream = new SslStream(
    client.GetStream(),
    false,
    new RemoteCertificateValidationCallback(ValidateServerCertificate),
    null);

Declare the ValidateServerCertificate() method:

public static bool ValidateServerCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) {}

Get server's certificate public key

certificate.GetPublicKey()

The public key which I get is in the PKCS1 format and I can't find any function in .Net Framework to get it in the PKCS8 format or to convert from PCKS1 to PKCS8. As a fallback, I'm using the static prefix for the PKCS8 format which works well but is valid only for 2048 bits long public keys:

private static byte[] pkcs8Prefix = { 0x30, 0x82, 0x01, 0x22, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0F, 0x00 };
byte[] pkcs8PublicKey = pkcs8Prefix.Concat(certificate.GetPublicKey()).ToArray();

Which function of .Net Framework can I use to get the public key in the PKCS8 format?

Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

1 answer

Your answer

Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

Answer 1

Jiale Xue - MSFT 49,361 Microsoft External Staff

Hi @Dmitrii , Welcome to Microsoft Q&A,

In the .NET Framework, the X509Certificate class itself does not directly provide the function of converting the public key from PKCS1 format to PKCS8 format.

The official documentation currently mainly uses the PKCS7 format, X509Certificate Constructors.

Perhaps you can use the classes in the System.Security.Cryptography namespace to parse the PKCS1 format and encapsulate it into the PKCS8 format.

Extract RSAParameters from the certificate and use ASN.1 DER encoding to construct the binary format of PKCS8.

using System;
using System.Linq;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;

public class CertificateHelper
{
    public static byte[] GetPkcs8PublicKey(X509Certificate2 certificate)
    {
        using (RSA rsa = certificate.GetRSAPublicKey())
        {
            if (rsa == null)
            {
                throw new InvalidOperationException("The certificate does not contain an RSA public key.");
            }
            RSAParameters parameters = rsa.ExportParameters(false);
            return EncodePkcs8PublicKey(parameters);
        }
    }

    private static byte[] EncodePkcs8PublicKey(RSAParameters parameters)
    {
        // PKCS#8 Prefix for RSA
        byte[] pkcs8Prefix = new byte[]
        {
            0x30, 0x82, 0x01, 0x22, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86,
            0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0F, 0x00
        };

        // ASN.1 DER encoding of modulus and exponent
        byte[] modulus = parameters.Modulus;
        byte[] exponent = parameters.Exponent;

        byte[] rsaKey = EncodeRsaPublicKey(modulus, exponent);

        // Combine the PKCS#8 prefix and the RSA public key
        return pkcs8Prefix.Concat(rsaKey).ToArray();
    }

    private static byte[] EncodeRsaPublicKey(byte[] modulus, byte[] exponent)
    {
        using (var ms = new System.IO.MemoryStream())
        {
            // ASN.1 Sequence
            ms.WriteByte(0x30);
            using (var innerMs = new System.IO.MemoryStream())
            {
                // Modulus (integer)
                WriteAsn1Integer(innerMs, modulus);

                // Exponent (integer)
                WriteAsn1Integer(innerMs, exponent);

                byte[] innerContent = innerMs.ToArray();
                WriteAsn1Length(ms, innerContent.Length);
                ms.Write(innerContent, 0, innerContent.Length);
            }

            return ms.ToArray();
        }
    }

    private static void WriteAsn1Integer(System.IO.MemoryStream ms, byte[] value)
    {
        ms.WriteByte(0x02); // ASN.1 Integer type
        WriteAsn1Length(ms, value.Length);
        ms.Write(value, 0, value.Length);
    }

    private static void WriteAsn1Length(System.IO.MemoryStream ms, int length)
    {
        if (length < 128)
        {
            ms.WriteByte((byte)length);
        }
        else
        {
            int lengthOfLength = (int)Math.Ceiling(Math.Log(length, 256));
            ms.WriteByte((byte)(0x80 | lengthOfLength));
            for (int i = lengthOfLength - 1; i >= 0; i--)
            {
                ms.WriteByte((byte)(length >> (8 * i) & 0xFF));
            }
        }
    }
}

Use like this:

X509Certificate2 certificate = new X509Certificate2("path_to_certificate.cer");
byte[] pkcs8PublicKey = CertificateHelper.GetPkcs8PublicKey(certificate);

//Convert to Base64 string for visualization
string pkcs8PublicKeyBase64 = Convert.ToBase64String(pkcs8PublicKey);
Console.WriteLine(pkcs8PublicKeyBase64);

Best Regards,

Jiale

If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Dmitrii 0 Reputation points

2025-01-19T07:58:16.1766667+00:00

This answer does not help. It uses the same static prefix as I do what is wrong.
Jiale Xue - MSFT 49,361 Reputation points Microsoft External Staff

2025-01-20T08:01:05.63+00:00

At which step did you encounter the problem?
Dmitrii 0 Reputation points

2025-01-20T08:05:45.84+00:00

byte[] pkcs8Prefix = new byte[] { 0x30, 0x82, 0x01, 0x22, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0F, 0x00 };

This prefix works only for public keys which are 2048 bits long. Also it supports RSA only.
Dmitrii 0 Reputation points

2025-01-20T08:07:24.4633333+00:00

byte[] pkcs8Prefix = new byte[] { 0x30, 0x82, 0x01, 0x22, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0F, 0x00 };

This prefix works only for public keys which are 2048 bits long and use RSA encryption.
Jiale Xue - MSFT 49,361 Reputation points Microsoft External Staff

2025-01-20T08:11:43.3866667+00:00

If it is not 2048 bits and it is not RSA, you need to modify the code. So what is the length of your public key and what encryption algorithm is used?
Dmitrii 0 Reputation points

2025-01-20T08:19:55.69+00:00

I need a flexible algorithm which will support different public keys.

Jiale Xue - MSFT 49,361 Microsoft External Staff

There is currently no encapsulated API that can be used directly. Try the following code, which has more compatibility:

using System;
using System.Linq;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;

public class CertificateHelper
{
    public static byte[] GetPkcs8PublicKey(X509Certificate2 certificate)
    {
        var publicKey = certificate.PublicKey;

        // Determine the algorithm used by the public key
        string oid = publicKey.Oid.Value;

        switch (oid)
        {
            case "1.2.840.113549.1.1.1": // RSA
                return GetPkcs8RsaPublicKey(certificate);

            case "1.2.840.10045.2.1": // ECDSA
                return GetPkcs8EcdsaPublicKey(certificate);

            default:
                throw new NotSupportedException($"Unsupported public key algorithm OID: {oid}");
        }
    }

    private static byte[] GetPkcs8RsaPublicKey(X509Certificate2 certificate)
    {
        using (RSA rsa = certificate.GetRSAPublicKey())
        {
            if (rsa == null)
            {
                throw new InvalidOperationException("The certificate does not contain an RSA public key.");
            }

            RSAParameters parameters = rsa.ExportParameters(false);
            return EncodePkcs8RsaPublicKey(parameters);
        }
    }

    private static byte[] GetPkcs8EcdsaPublicKey(X509Certificate2 certificate)
    {
        using (ECDsa ecdsa = certificate.GetECDsaPublicKey())
        {
            if (ecdsa == null)
            {
                throw new InvalidOperationException("The certificate does not contain an ECDSA public key.");
            }

            ECParameters parameters = ecdsa.ExportParameters(false);
            return EncodePkcs8EcdsaPublicKey(parameters);
        }
    }

    private static byte[] EncodePkcs8RsaPublicKey(RSAParameters parameters)
    {
        // ASN.1 PKCS#8 Prefix for RSA
        byte[] pkcs8Prefix = new byte[]
        {
            0x30, 0x82, 0x01, 0x22, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86,
            0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0F, 0x00
        };

        byte[] rsaKey = EncodeRsaPublicKey(parameters.Modulus, parameters.Exponent);
        return pkcs8Prefix.Concat(rsaKey).ToArray();
    }

    private static byte[] EncodePkcs8EcdsaPublicKey(ECParameters parameters)
    {
        // ASN.1 PKCS#8 Prefix for ECDSA
        byte[] pkcs8Prefix = new byte[]
        {
            0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01,
            0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00
        };

        byte[] encodedKey = parameters.Q.X.Concat(parameters.Q.Y).ToArray();
        return pkcs8Prefix.Concat(encodedKey).ToArray();
    }

    private static byte[] EncodeRsaPublicKey(byte[] modulus, byte[] exponent)
    {
        using (var ms = new System.IO.MemoryStream())
        {
            // ASN.1 Sequence
            ms.WriteByte(0x30);
            using (var innerMs = new System.IO.MemoryStream())
            {
                // Modulus
                WriteAsn1Integer(innerMs, modulus);

                // Exponent
                WriteAsn1Integer(innerMs, exponent);

                byte[] innerContent = innerMs.ToArray();
                WriteAsn1Length(ms, innerContent.Length);
                ms.Write(innerContent, 0, innerContent.Length);
            }
            return ms.ToArray();
        }
    }

    private static void WriteAsn1Integer(System.IO.MemoryStream ms, byte[] value)
    {
        ms.WriteByte(0x02);
        WriteAsn1Length(ms, value.Length);
        ms.Write(value, 0, value.Length);
    }

    private static void WriteAsn1Length(System.IO.MemoryStream ms, int length)
    {
        if (length < 128)
        {
            ms.WriteByte((byte)length);
        }
        else
        {
            int lengthOfLength = (int)Math.Ceiling(Math.Log(length, 256));
            ms.WriteByte((byte)(0x80 | lengthOfLength));
            for (int i = lengthOfLength - 1; i >= 0; i--)
            {
                ms.WriteByte((byte)((length >> (8 * i)) & 0xFF));
            }
        }
    }
}

use like this:

X509Certificate2 certificate = new X509Certificate2("path_to_certificate.cer");

// Get the PKCS8 public key in binary format
byte[] pkcs8PublicKey = CertificateHelper.GetPkcs8PublicKey(certificate);

// Convert to Base64 for display or storage
string pkcs8PublicKeyBase64 = Convert.ToBase64String(pkcs8PublicKey);
Console.WriteLine(pkcs8PublicKeyBase64);

Share via

Get certificate's public key in the PKCS8 format

1 answer

Your answer