Private key from windows keyring

+1 vote
asked Mar 8, 2012 by sarevok (250 points)
edited Jun 11, 2012

Hello!

I am testing trial version of your SFTP library.

Is it possible to use a certificate with private key stored in Windows Certificate Store in SshPrivateKey constructor? Such certificate can be loaded to X509Certificate2 object. But i have no idea how to export the private key included in X509Certificate2 object to the byte array that is accepted by SshPrivateKey constructor and then can be used by Login(String, SshPrivateKey) method.

It would be nice if you can write code snippet with such transformation.

Best regards, Staszek

Applies to: Rebex SFTP

2 Answers

+1 vote
answered Mar 8, 2012 by Lukas Pokorny (115,370 points)
edited Jun 11, 2012

Update: This feature has been added to Rebex SFTP 2012 R2. Please check out the other answer for more information.

In the current version of Rebex SFTP, this is only possible if the certificate's private key can be exported. In that case, the following code can be used:

        X509Certificate2 cert = ...;

        // get certificate's private key RSA CSP
        RSACryptoServiceProvider rsa = (RSACryptoServiceProvider)cert.PrivateKey;

        // export parameters, including the private ones
        RSAParameters parameters = rsa.ExportParameters(true);

        // create a SSH key from the exported parameters
        SshPrivateKey key = SshPrivateKey.CreateFrom(parameters);

However, the exportable parameters requirement is only due to missing API. We could easily add a method that only takes X509Certificate2.PrivateKey on input and creates a fully working SshPrivateKey based on that, regardless the exportable status. If you can afford to wait until next week, we can add this feature straight away and send you a beta to try. Please let me know if you are interested.

commented Mar 8, 2012 by sarevok (250 points)
edited Mar 20, 2012

Thank you for a fast response. Of course I am interested in testing such modified API. It is nice that you want to add a method which makes the certificate management easier in my project. So I am waiting until you send me the beta version to try.

By the way I am considering replacing my old sftp library from another supplier with Rebex SFTP library. It is because of high transfer rate offered by your solution.

0 votes
answered Mar 14, 2012 by Lukas Pokorny (115,370 points)
edited Jun 11, 2012

The modified API is ready and I just sent a link to a beta version to your e-mail. Please give it a try and let me know how it works. Use the following code:

    X509Certificate2 cert = ...;

    // get certificate's private key RSA CSP
    RSACryptoServiceProvider rsa = (RSACryptoServiceProvider)cert.PrivateKey;

    // create a SSH key based on that RSA CSP
    SshPrivateKey key = new SshPrivateKey(rsa);

Update: This feature has been released as part of Rebex SFTP / Rebex SSH Shell 2012 R2. Once again, thanks for your suggestion!

commented Mar 21, 2012 by Lukas Pokorny (115,370 points)
edited Mar 27, 2012

I just sent you a link to the current build with POSIX rename support, please give it a try.

commented Mar 21, 2012 by sarevok (250 points)
edited Mar 21, 2012

I did not receive a mail with link to the new library version with POSIX rename. Could you send it again?

commented Mar 22, 2012 by Lukas Pokorny (115,370 points)
edited Mar 22, 2012

I already tried 3 times, but your mailserver is rejecting the message without specifying any reason. Try using the link from my previous e-mail, but replace the build number of 4457 with 4464.

To enable POSIX rename, set Sftp object's Settings.UsePosixRename property to true before calling the Rename method.

commented Mar 26, 2012 by sarevok (250 points)
edited Mar 26, 2012

Thank you for a fast implementation of the POSIX rename method. It works perfectly in our envirnoment. Now we have all SFTP functionality we need.

commented Mar 27, 2012 by Lukas Pokorny (115,370 points)
edited Mar 27, 2012

Thanks for letting us know and for testing these new features! Both POSIX rename and RSACryptoServiceProvider-based SshPrivateKey will be part of the next release (2012 R2).

...