[Bug 49792] New: pfx import does not works
https://bugs.winehq.org/show_bug.cgi?id=49792 Bug ID: 49792 Summary: pfx import does not works Product: Wine Version: 5.16 Hardware: x86-64 OS: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: crypt32 Assignee: wine-bugs(a)winehq.org Reporter: eugene_s_s2(a)mail.ru Distribution: --- Created attachment 68106 --> https://bugs.winehq.org/attachment.cgi?id=68106 logs with WINEDEBUG=+crypt I have Debian 9 and Wine 5.0.2 (also tried 5.16) I run "wine control" to add new certificate from pfx-file (in attachment, it's not secret, password is 1) But when i try to add pfx from certificate import wizard i receive message, that file format is not supported (i do not know exact english error, because i receive it in russian). I tried to make pfx by openssl 1.0.1, also by microsoft windows built-in export-to- -pfx wizard. Also tried making pem-files, but got succesfull import only for public part of certificate. Also I tried making certificate request by windows CA and by Openssl, but still no luck. Also tried importpfx.exe -f certificate.p12 - p "1" -t USER -s MY. (With MACHINE parameter also) The output says that import suceeded. But i did not see any certificates in wine control. Importing of cer-files works. What am i doing wrong? All that i know is that from wine 5.0 (as in release notes) importing of pfx blobs is supported. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=49792 --- Comment #1 from eugene_s_s2(a)mail.ru --- Created attachment 68107 --> https://bugs.winehq.org/attachment.cgi?id=68107 certificate -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=49792 --- Comment #2 from Hans Leidekker <hans(a)meelstraat.net> --- Our certificate import wizard doesn't properly support PFX files. It should be fixed to call PFXImportCertStore, and it also needs a dialog to enter the password if the file is protected. If I work around that the import succeeds and the certificate is shown in the listview. It's not there when I open the control again, so it doesn't persist for some reason. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=49792 --- Comment #3 from Hans Leidekker <hans(a)meelstraat.net> --- (In reply to Hans Leidekker from comment #2)
Our certificate import wizard doesn't properly support PFX files. It should be fixed to call PFXImportCertStore, and it also needs a dialog to enter the password if the file is protected.
If I work around that the import succeeds and the certificate is shown in the listview. It's not there when I open the control again, so it doesn't persist for some reason.
In fact it is stored in the registry, but we fail to parse it when populating the listview from the registry. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=49792 --- Comment #4 from Hans Leidekker <hans(a)meelstraat.net> --- Created attachment 68116 --> https://bugs.winehq.org/attachment.cgi?id=68116 patch With this patch the certificate is successfully parsed. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=49792 --- Comment #5 from eugene_s_s2(a)mail.ru --- Should I apply patch myself? Or will it be on future wine releases? when? -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=49792 --- Comment #6 from eugene_s_s2(a)mail.ru --- Created attachment 68124 --> https://bugs.winehq.org/attachment.cgi?id=68124 LOG +crypt I tried to build 5.1 Wine with your patch. PFX-files still cannot be imported. Reasons are the same. log in attach. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=49792 --- Comment #7 from Hans Leidekker <hans(a)meelstraat.net> --- (In reply to eugene_s_s2 from comment #6)
Created attachment 68124 [details] LOG +crypt
I tried to build 5.1 Wine with your patch. PFX-files still cannot be imported. Reasons are the same. log in attach.
Note that this patch doesn't address the UI issue I described above. It works here if I run 'control' as a 32-bit process after importing with (32-bit) importpfx.exe. We have another parsing bug because CERT_KEY_CONTEXT struct size is different on 64-bit, which may be why you don't see the certificate in the list. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=49792 --- Comment #8 from eugene_s_s2(a)mail.ru --- Yes, it works. But it is senseless, because pfx - import usually means that you want to import private key also. Otherwise you can convert pfx to any other format and import it by wine control gui, and it is not a problem. In this scenario private key is not imported. So, private key importing is the problem now. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=49792 --- Comment #9 from Hans Leidekker <hans(a)meelstraat.net> --- (In reply to eugene_s_s2 from comment #8)
Yes, it works. But it is senseless, because pfx - import usually means that you want to import private key also. Otherwise you can convert pfx to any other format and import it by wine control gui, and it is not a problem. In this scenario private key is not imported. So, private key importing is the problem now.
The private key should be included. Why do you conclude that it's not imported? Please provide steps to reproduce. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=49792 eugene_s_s2(a)mail.ru changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #68106|0 |1 is obsolete| | Attachment #68124|0 |1 is obsolete| | --- Comment #10 from eugene_s_s2(a)mail.ru --- Created attachment 68140 --> https://bugs.winehq.org/attachment.cgi?id=68140 logs Your task is extremely difficult to do. We have medical system, which signs documents by RSA, we use microsoft api to sign, and we don't see any certificates with private key. We also disabled filter which selected only certificates with private key in our application and tried to sign. We receive message, that private key is not RSACryptoServiceProvider. The same message as we try to sign with certificate without private key(imported from cer-file). I can not simply provide this to you. There is our code in attachment, which we use to sign. I tried to use microsoft signtool, but got an exception (mssign32.dll unimplemented). It's in attachment. Also I attach +crypt logs of our application (with filter) and without, where we tried to sign) and logs of signtool (which you can get yourself with "sign /a /i" switches) -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=49792 --- Comment #11 from Hans Leidekker <hans(a)meelstraat.net> --- Commit 49165c25e8dff9ab3c49f55081669eb5d00b78b7 fixed the bug described in comment 7. Does it work for you? You don't need the patch attached to this bug. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=49792 Hans Leidekker <hans(a)meelstraat.net> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #68116|0 |1 is obsolete| | -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=49792 --- Comment #12 from eugene_s_s2(a)mail.ru --- yes -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=49792 jvm <jan-vm(a)outlook.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jan-vm(a)outlook.com -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=49792 --- Comment #13 from jvm <jan-vm(a)outlook.com> --- Created attachment 68287 --> https://bugs.winehq.org/attachment.cgi?id=68287 change between 5.17 and 5.18 I run Ubuntu 20.04. With Wine 5.17 (both staging and devel), importpfx with certificate "certificate.p12" reports success and the certificate is visible in wine control. With Wine 5.18 (both staging and devel), importpfx with "certificate.p12" reports success but the certificate is not visible in wine control. The same behaviour is observed with other pfx files. 2 logs with WINEDEBUG=+crypt in the attachment: one for Wine 5.17 and one for Wine 5.18. Each log scopes 2 commands : importpfx followed by wine control. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
participants (1)
-
WineHQ Bugzilla