Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

let PfxBuilder support setting the Cert Algorithm of PFX #323

Open
wants to merge 2 commits into
base: main
Choose a base branch
from

Conversation

zhaixiaowai
Copy link

Description

The default Cert Algorithm of Org.BouncyCastle.Pkcs.Pkcs12StoreBuilder is PkcsObjectIdentifiers.PbewithShaAnd40BitRC2Cbc

Android devices do not support RC2's pfx certificate by default, so the modified method here passes the Cert Algorithm into the custom Cert Algorithm of the exported PFX file.

For example: pfxBuilder.Build(friendlyName, pfxPassword, PkcsObjectIdentifiers.PbeWithShaAnd3KeyTripleDesCbc)

Checklist

  • All tests are passing
  • New tests were created to address changes in pr (and tests are passing)
  • Updated README and/or documentation, if necessary

Thanks for contributing!

The default Cert Algorithm of Org.BouncyCastle.Pkcs.Pkcs12StoreBuilder is PkcsObjectIdentifiers.PbewithShaAnd40BitRC2Cbc

Android devices do not support RC2's pfx certificate by default, so the modified method here passes the Cert Algorithm into the custom Cert Algorithm of the exported PFX file.

For example: pfxBuilder.Build(friendlyName, pfxPassword, PkcsObjectIdentifiers.PbeWithShaAnd3KeyTripleDesCbc)
The default Cert Algorithm of Org.BouncyCastle.Pkcs.Pkcs12StoreBuilder is PkcsObjectIdentifiers.PbewithShaAnd40BitRC2Cbc

Android devices do not support RC2's pfx certificate by default, so the modified method here passes the Cert Algorithm into the custom Cert Algorithm of the exported PFX file.

For example: pfxBuilder.Build(friendlyName, pfxPassword, PkcsObjectIdentifiers.PbeWithShaAnd3KeyTripleDesCbc)
@webprofusion-chrisc
Copy link
Collaborator

This is for a PFX you are installing directly into Android or as part a deployed app? The PFX cert algorithm doesn't affect public consumers of the cert if you're just using the cert for a service (e.g. an API server).

@zhaixiaowai
Copy link
Author

I have embedded Certes into Maui, and I need to issue a certificate on Android, then parse it into X509Certificate2. However, due to Android's lack of support for RC2, I am unable to initialize X509Certificate2 successfully. If pfxBuilder.Build() could support custom Cert Algorithm, then I could parse X509Certificate2 on Android without relying on other API services.

like

var pfx = pfxBuilder.Build(friendlyName, pfxPassword, PkcsObjectIdentifiers.PbeWithShaAnd3KeyTripleDesCbc) ?? throw new Exception($"pfx create err"); var x509Cert = new X509Certificate2(pfx, pfxPassword) ?? throw new Exception($"pfx restore to cert err");

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants