'Cannot find the requested object' exception while creating X509Certificate2 from string

c# encryption public-key-encryption x509certificate2
StepUp picture StepUp · May 18, 2017 · Viewed 20k times · Source

I am trying to create X509Certificate2 from string. Let me show an example:

string keyBase64String = Convert.ToBase64String(file.PKCS7);
var cert = new X509Certificate2(Convert.FromBase64String(keyBase64String));

and keyBase64String has a such content: "MIIF0QYJKoZI ........hvcNAQcCoIIFwjCCBb4CA0="

and file.PKCS7 is byte array which I downloaded from database.

I've got the following exception when creating X509Certificate2:

Cannot find the requested object

And the stack trace:

"Cannot find requested object" X509Certificate2 Exception "Cannot find requested object"} at System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr) at System.Security.Cryptography.X509Certificates.X509Utils._QueryCertBlobType(Byte[] rawData) at System.Security.Cryptography.X509Certificates.X509Certificate.LoadCertificateFromBlob(Byte[] rawData, Object password, X509KeyStorageFlags keyStorageFlags) at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(Byte[] rawData) at WebApp.SoupController.d__7.MoveNext() in D:\Projects\WebApp\Controllers\SoupController.cs:line 118

Please, say me what I am doing wrong. Any help would be greatly appreciated!

Answer

bartonjs picture bartonjs · May 19, 2017

If file.PKCS7 represents a PKCS#7 SignedData blob (what gets produced from X509Certificate2.Export(X509ContentType.Pkcs7) or X509Certificate2Collection.Export(X509ContentType.Pkcs7)) then there are two different ways of opening it:

  • new X509Certificate2(byte[])/new X509Certificate2(string)
    • The single certificate constructor will extract the signing certificate of the SignedData blob. If this was just being exported as a collection of certs, but not signing anything, there is no such certificate, and so it fails with Cannot find the original signer. (Win 2012r2, other versions could map it to a different string)
  • X509Certificate2Collection::Import(byte[])/X509Certificate2Collection::Import(string)
    • The collection import will consume all of the "extra" certificates, ignoring the signing certificate.

So if it's really PKCS#7 you likely want the collection Import (instance) method. If it isn't, you have some odd variable/field/property names.

Related questions

C# How to simply encrypt a text file with a PGP Public Key?

I've researched a bit about how to achieve what I said in the question and found several APIs but most of them look very complicated and since I'm just a noobie in this area I just want a simple method …

Read More
How to use public and private key encryption technique in C#

I want to encrypt data using public/private key technique. I mean, encrypt with the public key of receiver and the receiver can decrypt with their own private key. How can I do that? Do you have any suggestion or …

Read More
Create .pem file for public key RSA encryption C# .net

I want to create .pem file for the public key generated by this method public static Tuple<string, string> CreateKeyPair() { CspParameters cspParams = new CspParameters { ProviderType = 1 /* PROV_RSA_FULL */ }; RSACryptoServiceProvider rsaProvider = new RSACryptoServiceProvider(1024, cspParams); string publicKey = Convert.ToBase64String(…

Read More