[Bug 49144] New: Opening a PFX certificate in a dotnet application using X509Certificate2
https://bugs.winehq.org/show_bug.cgi?id=49144
Bug ID: 49144 Summary: Opening a PFX certificate in a dotnet application using X509Certificate2 Product: Wine Version: 5.8 Hardware: x86 OS: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: -unknown Assignee: wine-bugs@winehq.org Reporter: petrov_lv@ekra.ru Distribution: ---
Created attachment 67146 --> https://bugs.winehq.org/attachment.cgi?id=67146 output for wine
There is a crash in the test application when opening the PFX certificate. The certificate contains a private key.
Test application: using System; using System.Security.Cryptography.X509Certificates;
namespace CheckPfx { class Program { static void Main(string[] args) { if (args.Length == 2) { var fileName = args[0]; var password = args[1]; var cert2 = new X509Certificate2(fileName, password); Console.WriteLine($"HasPrivateKey: {cert2.HasPrivateKey}"); } else { Console.WriteLine("using: <appName.exe> <pfx-file> <password>"); } } } }
Сertificate creation: certtool --dsa --generate-privkey --outfile key.pem certtool --generate-self-signed --load-privkey key.pem --outfile cert.pem --template template.cfg certtool --load-certificate cert.pem --load-privkey key.pem --to-p12 --outder --outfile cert.pfx
Output for windows: HasPrivateKey: True
Output for wine: (in attached file) Unhandled Exception: System.Security.Cryptography.CryptographicException: Invalid parameter.
https://bugs.winehq.org/show_bug.cgi?id=49144
--- Comment #1 from Hans Leidekker hans@meelstraat.net --- Please attach a WINEDEBUG=+crypt trace.
https://bugs.winehq.org/show_bug.cgi?id=49144
--- Comment #2 from petrov_lv petrov_lv@ekra.ru --- Created attachment 67147 --> https://bugs.winehq.org/attachment.cgi?id=67147 WINEDEBUG=+crypt trace file
https://bugs.winehq.org/show_bug.cgi?id=49144
--- Comment #3 from Hans Leidekker hans@meelstraat.net --- (In reply to petrov_lv from comment #2)
Created attachment 67147 [details] WINEDEBUG=+crypt trace file
0024:trace:crypt:CryptQueryObject (00000001, 0xb41f08, 00001522, 0000000e, 00000000, (nil), 0x31f400, (nil), (nil), (nil), (nil)) 0024:trace:crypt:CRYPT_ReadBlobFromFile L"C:\program files\test_pfx\cert.pfx" 0024:trace:crypt:CRYPT_ReadBlobFromFile returning 0
CRYPT_ReadBlobFromFile returning 0 means it can't read the file. Make sure it exists in that place and is readable. For me it fails a little later because importing DSA keys from PFX blobs is currently not supported.
https://bugs.winehq.org/show_bug.cgi?id=49144
petrov_lv petrov_lv@ekra.ru changed:
What |Removed |Added ---------------------------------------------------------------------------- Attachment #67147|0 |1 is obsolete| |
--- Comment #4 from petrov_lv petrov_lv@ekra.ru --- Created attachment 67151 --> https://bugs.winehq.org/attachment.cgi?id=67151 +crypto_dsa_key.log
https://bugs.winehq.org/show_bug.cgi?id=49144
--- Comment #5 from petrov_lv petrov_lv@ekra.ru --- Created attachment 67152 --> https://bugs.winehq.org/attachment.cgi?id=67152 +crypto_rsa_key.log
https://bugs.winehq.org/show_bug.cgi?id=49144
--- Comment #6 from petrov_lv petrov_lv@ekra.ru --- (In reply to Hans Leidekker from comment #3)
Thank you for the quick and helpful answers.
You are right, I did not provide access to the file. I gave access and the program gave the following logs (DEBUG+crypto_dsa_key.log):
0024:fixme:crypt:import_key key algorithm 2 not supported
This line, apparently confirms your comment
importing DSA keys from PFX blobs is currently not supported.
I decided to change the method of generating a private key from DSA to RSA
certtool --rsa --bits 4096 --generate-privkey --outfile key.pem
I modified the test application. Added logging of certificate fields:
Console.WriteLine($"IssuerName: {cert2.IssuerName.Name}"); Console.WriteLine($"SubjectName: {cert2.SubjectName.Name}");
Result (DEBUG+crypto_rsa4096_key.log):
HasPrivateKey: False IssuerName: C=RU, S=Test state, O=test org., OU=test unit, CN=Test User SubjectName: C=RU, S=Test state, O=test org., OU=test unit, CN=Test User
* NO exception is thrown * private key NOT loaded
"Windows" output:
HasPrivateKey: True IssuerName: C=RU, S=Test state, O=test org., OU=test unit, CN=Test User SubjectName: C=RU, S=Test state, O=test org., OU=test unit, CN=Test User
A private key is required in the main application. Maybe I should create a new report?
https://bugs.winehq.org/show_bug.cgi?id=49144
--- Comment #7 from Hans Leidekker hans@meelstraat.net --- (In reply to petrov_lv from comment #6)
Result (DEBUG+crypto_rsa4096_key.log):
HasPrivateKey: False IssuerName: C=RU, S=Test state, O=test org., OU=test unit, CN=Test User SubjectName: C=RU, S=Test state, O=test org., OU=test unit, CN=Test User
- NO exception is thrown
- private key NOT loaded
"Windows" output:
HasPrivateKey: True IssuerName: C=RU, S=Test state, O=test org., OU=test unit, CN=Test User SubjectName: C=RU, S=Test state, O=test org., OU=test unit, CN=Test User
A private key is required in the main application. Maybe I should create a new report?
It's a different issue but DSA support is already covered in other bug reports, so we might as well continue here.
It's looking for CERT_KEY_PROV_INFO_PROP_ID on the imported cert, which isn't set.
https://bugs.winehq.org/show_bug.cgi?id=49144
jvm jan-vm@outlook.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |jan-vm@outlook.com
-
WineHQ Bugzilla