c# - Error setting X509Certificate2 PrivateKey

Question

I am migrating a .NetFramework 4.6.1 library to a .NetCore 2.2. But i am unable to set x509certificate.PrivateKey as shown below.

I have read that may be due to the RSAServiceProvider but i am unaware how to set this property. Even instantiating:
x509certificate.PrivateKey = new RSACryptoServiceProvider();
throws the PlatformNotSupportedException.

// selfsign certificate
Org.BouncyCastle.X509.X509Certificate certificate = 
certificateGenerator.Generate(signatureFactory);

// correponding private key
PrivateKeyInfo info = 
PrivateKeyInfoFactory.CreatePrivateKeyInfo(subjectKeyPair.Private);

// merge into X509Certificate2
var x509certificate = new X509Certificate2(certificate.GetEncoded());

Asn1Sequence seq = (Asn1Sequence)
Asn1Object.FromByteArray(info.ParsePrivateKey().GetDerEncoded() 
);

RsaPrivateKeyStructure rsa = RsaPrivateKeyStructure.GetInstance(seq);
RsaPrivateCrtKeyParameters rsaParams = new 
RsaPrivateCrtKeyParameters(
rsa.Modulus,
rsa.PublicExponent,
rsa.PrivateExponent,
rsa.Prime1,
rsa.Prime2,
rsa.Exponent1,
rsa.Exponent2,
rsa.Coefficient);

x509certificate.PrivateKey = DotNetUtilities.ToRSA(rsaParams);

In the .NetCore library setting x509certificate.PrivateKey with the RSA from DotNetUtilities.ToRSA(rsaParams) throws an PlatformNotSupportedException.

System.PlatformNotSupportedException
  HResult=0x80131539
  Message=Operation is not supported on this platform.
  Source=System.Security.Cryptography.X509Certificates
  StackTrace:
   at System.Security.Cryptography.X509Certificates.X509Certificate2.set_PrivateKey(AsymmetricAlgorithm value)

Answer 1

As LexLi said, setting the private key on an existing certificate is not possible by design in .net core.

Following what is described here, what you can do is use the method RSACertificateExtensions.CopyWithPrivateKey.

Instead of

x509certificate.PrivateKey = DotNetUtilities.ToRSA(rsaParams);

you could have

var rsa = DotNetUtilities.ToRSA(rsaParams);
var cert = x509certificate.CopyWithPrivateKey(rsa);
return cert;

To get access to the "CopyWithPrivateKey" extension method, add this using :

using System.Security.Cryptography.X509Certificates; /* for getting access to extension methods in RSACertificateExtensions */

"(CopyWithPrivateKey) Combines a private key with the public key of an RSA certificate to generate a new RSA certificate."

https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography.x509certificates.rsacertificateextensions.copywithprivatekey?view=netcore-3.0