EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Generating SSH private key from X509 certificate

Also by EldoS: MsgConnect
Cross-platform protocol-independent communication framework for building peer-to-peer and client-server applications and middleware components.
Posted: 01/07/2016 15:27:03
by Sunny Gakhar (Priority Premium support level)
Joined: 10/27/2015
Posts: 2


We are using code below to extract SSH private key out of X509 certificate. But, problem is that works for some self-signed certificate and not for others. Examples of both the certificates are attached.

X509Certificate2 x509Cert = LoadPfx("good.pfx");
TElSSHKey sshHostKey = new TElSSHKey();
byte[] pemBuffer;
TElX509Certificate cert = new TElX509Certificate();

var result = cert.SaveKeyToBufferPEM(out pemBuffer, String.Empty);

int loadKeyResult = sshHostKey.LoadPrivateKey(pemBuffer, pemBuffer.Length, String.Empty);
var isKeyValid = sshHostKey.IsKeyValid();
Console.WriteLine("Cert: {0}, Cert.IsKeyValid: {1}, sshHostKey.IsKeyValid: {2}, FP: {3}, Thumbprint: {4}",

We are using following command to generate self-signed certificates:
makecert -r -pe -n "CN=SN" -b 01/01/2016 -e 01/01/2036 -eku, -sky exchange -sp "Microsoft Enhanced RSA and AES Cryptographic Provider" -sy 24 -len 2048 -a sha256 -ss my

In above code for good.pfx results in sshHostKey.IsKeyValid() returning true.
But for bad.pfx we get false.

Also, design wise it would help us a lot as to why bad.pfx does not work. Any help on this matter is highly appreciated.
Posted: 01/07/2016 15:28:06
by Sunny Gakhar (Priority Premium support level)
Joined: 10/27/2015
Posts: 2

I got an error uploading good.pfx and bad.pfx. How can I share these files with the support team?
Posted: 01/07/2016 16:34:06
by Eugene Mayevski (EldoS Corp.)

Thank you for contacting us.

I have moved your question to the HelpDesk where you can add the PFX files, and we'll continue there.

On a side note it would help a lot if you used CODE button located above the text entry box (alternatively you can write [ CODE ] and [ /CODE ] tags by hand) to mark the beginning and the end of the code blocks in your messages. This would enable syntax highlighting and line numbering on the code and make it easier for analysis.

Sincerely yours
Eugene Mayevski



Topic viewed 663 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!