Getting ECDiffieHellman private key from a certificate in Windows certificate store #1537
Description
We use elliptic curve certificate for key derivation and encryption:
- A uses B's elliptic curve public key + ephemeral private key to derive an AES symmetric key.
- A encrypts data with the AES key.
- A sends encrypted data and ephemeral public key to B.
- B uses private key + ephemeral public key to derive the same AES key.
- B decrypts the data.
But we now have a problem: how to get the private ECDiffieHellman key from the certificate in Windows store? For public key, we use the following code (see https://stackoverflow.com/questions/47116611 ):
//Extension method; there is no extension method to directly get ECDiffieHellman public/private key from certificate
using (ECDsa ecdsa = certificate.GetECDsaPublicKey())
{
return ECDiffieHellman.Create(ecdsa.ExportParameters(false));
}
But we can't do the same with private key, because private key is normally not exportable for certificates in certificate store. (Mathematically, there is no difference between an ECDsa and ECDiffieHellman key).
Document Details
⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.
- ID: f593fc18-5caf-3a32-c998-9bb6411c5497
- Version Independent ID: d77e9e4f-57c7-cd16-bf5c-df800d392c95
- Content: ECDiffieHellman Class (System.Security.Cryptography)
- Content Source: xml/System.Security.Cryptography/ECDiffieHellman.xml
- Product: dotnet-api
- GitHub Login: @mairaw
- Microsoft Alias: mairaw