https://bugs.winehq.org/show_bug.cgi?id=49792
Bug ID: 49792 Summary: pfx import does not works Product: Wine Version: 5.16 Hardware: x86-64 OS: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: crypt32 Assignee: wine-bugs@winehq.org Reporter: eugene_s_s2@mail.ru Distribution: ---
Created attachment 68106 --> https://bugs.winehq.org/attachment.cgi?id=68106 logs with WINEDEBUG=+crypt
I have Debian 9 and Wine 5.0.2 (also tried 5.16) I run "wine control" to add new certificate from pfx-file (in attachment, it's not secret, password is 1) But when i try to add pfx from certificate import wizard i receive message, that file format is not supported (i do not know exact english error, because i receive it in russian). I tried to make pfx by openssl 1.0.1, also by microsoft windows built-in export-to- -pfx wizard. Also tried making pem-files, but got succesfull import only for public part of certificate. Also I tried making certificate request by windows CA and by Openssl, but still no luck.
Also tried importpfx.exe -f certificate.p12 - p "1" -t USER -s MY. (With MACHINE parameter also)
The output says that import suceeded. But i did not see any certificates in wine control. Importing of cer-files works.
What am i doing wrong? All that i know is that from wine 5.0 (as in release notes) importing of pfx blobs is supported.
https://bugs.winehq.org/show_bug.cgi?id=49792
--- Comment #1 from eugene_s_s2@mail.ru --- Created attachment 68107 --> https://bugs.winehq.org/attachment.cgi?id=68107 certificate
https://bugs.winehq.org/show_bug.cgi?id=49792
--- Comment #2 from Hans Leidekker hans@meelstraat.net --- Our certificate import wizard doesn't properly support PFX files. It should be fixed to call PFXImportCertStore, and it also needs a dialog to enter the password if the file is protected.
If I work around that the import succeeds and the certificate is shown in the listview. It's not there when I open the control again, so it doesn't persist for some reason.
https://bugs.winehq.org/show_bug.cgi?id=49792
--- Comment #3 from Hans Leidekker hans@meelstraat.net --- (In reply to Hans Leidekker from comment #2)
Our certificate import wizard doesn't properly support PFX files. It should be fixed to call PFXImportCertStore, and it also needs a dialog to enter the password if the file is protected.
If I work around that the import succeeds and the certificate is shown in the listview. It's not there when I open the control again, so it doesn't persist for some reason.
In fact it is stored in the registry, but we fail to parse it when populating the listview from the registry.
https://bugs.winehq.org/show_bug.cgi?id=49792
--- Comment #4 from Hans Leidekker hans@meelstraat.net --- Created attachment 68116 --> https://bugs.winehq.org/attachment.cgi?id=68116 patch
With this patch the certificate is successfully parsed.
https://bugs.winehq.org/show_bug.cgi?id=49792
--- Comment #5 from eugene_s_s2@mail.ru --- Should I apply patch myself? Or will it be on future wine releases? when?
https://bugs.winehq.org/show_bug.cgi?id=49792
--- Comment #6 from eugene_s_s2@mail.ru --- Created attachment 68124 --> https://bugs.winehq.org/attachment.cgi?id=68124 LOG +crypt
I tried to build 5.1 Wine with your patch. PFX-files still cannot be imported. Reasons are the same. log in attach.
https://bugs.winehq.org/show_bug.cgi?id=49792
--- Comment #7 from Hans Leidekker hans@meelstraat.net --- (In reply to eugene_s_s2 from comment #6)
Created attachment 68124 [details] LOG +crypt
I tried to build 5.1 Wine with your patch. PFX-files still cannot be imported. Reasons are the same. log in attach.
Note that this patch doesn't address the UI issue I described above. It works here if I run 'control' as a 32-bit process after importing with (32-bit) importpfx.exe. We have another parsing bug because CERT_KEY_CONTEXT struct size is different on 64-bit, which may be why you don't see the certificate in the list.
https://bugs.winehq.org/show_bug.cgi?id=49792
--- Comment #8 from eugene_s_s2@mail.ru --- Yes, it works. But it is senseless, because pfx - import usually means that you want to import private key also. Otherwise you can convert pfx to any other format and import it by wine control gui, and it is not a problem. In this scenario private key is not imported. So, private key importing is the problem now.
https://bugs.winehq.org/show_bug.cgi?id=49792
--- Comment #9 from Hans Leidekker hans@meelstraat.net --- (In reply to eugene_s_s2 from comment #8)
Yes, it works. But it is senseless, because pfx - import usually means that you want to import private key also. Otherwise you can convert pfx to any other format and import it by wine control gui, and it is not a problem. In this scenario private key is not imported. So, private key importing is the problem now.
The private key should be included. Why do you conclude that it's not imported? Please provide steps to reproduce.
https://bugs.winehq.org/show_bug.cgi?id=49792
eugene_s_s2@mail.ru changed:
What |Removed |Added ---------------------------------------------------------------------------- Attachment #68106|0 |1 is obsolete| | Attachment #68124|0 |1 is obsolete| |
--- Comment #10 from eugene_s_s2@mail.ru --- Created attachment 68140 --> https://bugs.winehq.org/attachment.cgi?id=68140 logs
Your task is extremely difficult to do. We have medical system, which signs documents by RSA, we use microsoft api to sign, and we don't see any certificates with private key. We also disabled filter which selected only certificates with private key in our application and tried to sign. We receive message, that private key is not RSACryptoServiceProvider. The same message as we try to sign with certificate without private key(imported from cer-file). I can not simply provide this to you. There is our code in attachment, which we use to sign. I tried to use microsoft signtool, but got an exception (mssign32.dll unimplemented). It's in attachment. Also I attach +crypt logs of our application (with filter) and without, where we tried to sign) and logs of signtool (which you can get yourself with "sign /a /i" switches)
https://bugs.winehq.org/show_bug.cgi?id=49792
--- Comment #11 from Hans Leidekker hans@meelstraat.net --- Commit 49165c25e8dff9ab3c49f55081669eb5d00b78b7 fixed the bug described in comment 7. Does it work for you? You don't need the patch attached to this bug.
https://bugs.winehq.org/show_bug.cgi?id=49792
Hans Leidekker hans@meelstraat.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Attachment #68116|0 |1 is obsolete| |
https://bugs.winehq.org/show_bug.cgi?id=49792
--- Comment #12 from eugene_s_s2@mail.ru --- yes
https://bugs.winehq.org/show_bug.cgi?id=49792
jvm jan-vm@outlook.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |jan-vm@outlook.com
https://bugs.winehq.org/show_bug.cgi?id=49792
--- Comment #13 from jvm jan-vm@outlook.com --- Created attachment 68287 --> https://bugs.winehq.org/attachment.cgi?id=68287 change between 5.17 and 5.18
I run Ubuntu 20.04.
With Wine 5.17 (both staging and devel), importpfx with certificate "certificate.p12" reports success and the certificate is visible in wine control.
With Wine 5.18 (both staging and devel), importpfx with "certificate.p12" reports success but the certificate is not visible in wine control.
The same behaviour is observed with other pfx files.
2 logs with WINEDEBUG=+crypt in the attachment: one for Wine 5.17 and one for Wine 5.18. Each log scopes 2 commands : importpfx followed by wine control.
-
WineHQ Bugzilla