Can I use ECDSA key for creating sshPrivateKey?

0 votes
asked May 7, 2019 by alinizam (120 points)

I am using bouncy castle for generating ECKey pair but i am not able to create sshprivatekey from it. How can i accomplish this task?

1 Answer

0 votes
answered May 7, 2019 by Lukas Pokorny (128,290 points)

To create an SshPrivateKey from a BouncyCastle EC key pair, you have to encode the key pair into a DER-encoded PKCS #8 format - this results i na byte array (or a file) that can be loaded into SshPrivateKey.

With the C# version of BouncyCastle, this can be achieved by the following code:

public static byte[] BouncyPrivateKeyParametersToPkcs8(Org.BouncyCastle.Crypto.Parameters.ECPrivateKeyParameters parameters)
    if (parameters == null)
        throw new ArgumentNullException("parameters");

    if (parameters.AlgorithmName != "ECDSA")
        throw new CryptographicException("Not an ECDSA key.");

    if (parameters.PublicKeyParamSet == null)
        throw new CryptographicException("Not a named curve keypair.");

    var bcPrivateKeyInfo = Org.BouncyCastle.Pkcs.PrivateKeyInfoFactory.CreatePrivateKeyInfo(parameters);
    return bcPrivateKeyInfo.GetDerEncoded();

Then, just load the resulting byte array into SshPrivateKey:

byte[] pkcs8 = BouncyPrivateKeyParametersToPkcs8(bcPrivateKey);
var sshPrivateKey = new SshPrivateKey(pkcs8);
commented May 7, 2019 by alinizam (120 points)
I am getting "{"Object reference not set to an instance of an object."}" execption.

I am using below code to generate byte array in der format

        public static byte[] BouncyPrivateKeyParametersToPkcs8()
            SecureRandom secureRandom = new SecureRandom();
            var keygenParam = new KeyGenerationParameters(secureRandom, 521);
            var keyGenerator = new ECKeyPairGenerator();
            AsymmetricKeyParameter key = keyGenerator.GenerateKeyPair().Private;

            var bcPrivateKeyInfo = Org.BouncyCastle.Pkcs.PrivateKeyInfoFactory.CreatePrivateKeyInfo(key);
            byte[] stream = bcPrivateKeyInfo.GetDerEncoded();
            return stream;
commented May 7, 2019 by Lukas Pokorny (128,290 points)
Which versions of Rebex and BouncyCastle do you use? With current versions of both, your code seems to work fine. Please download my test project from and give it a try. Does this work or does it fail as well?
commented May 8, 2019 by alinizam (120 points)
edited May 8, 2019 by alinizam
I have executed the exact code you have shared but it is still giving me same exception. I am using trial version of Rebex and  BouncyCastle version
commented May 9, 2019 by Lukas Pokorny (128,290 points)
My test project above references specific versions of Rebex and BouncyCastle from Rebex.Common/Rebex.Networking 5.0.7027.0 and BouncyCastle 1.8.5. Could you please try using these versions instead of BouncyCastle
commented May 9, 2019 by alinizam (120 points)
This worked. Thanks.
commented May 10, 2019 by Lukas Pokorny (128,290 points)
Thanks for letting us know!