RS256Algorithm error with .NET 4.0 #311
Comments
|
Hi, thanks for reporting the issue!
So you got it working? Sorry, not super clear from your message. If yes then how's the code that works looks like? |
|
Here's a build run and a tests runs that supposedly target .NET 4.0. |
|
I just tried with 8.0.0 and 8.1.0 and they don't work either. Sorry, when I say "the only way to get it to work" I mean that it only works when you can use those extension methods, which aren't available in .NET 4.0. So basically what that boils down to is, I can get it to work in .NET 4.7.2 but not with .NET 4.0. |
|
The test project says this: <TargetFramework>net46</TargetFramework>But then this <SetTargetFramework>TargetFramework=net40</SetTargetFramework>I'm on vacation for a week so have only my phone. I mean if it's correct then the tests should be a good and working example how to construct the corresponding algorithm. |
|
The test project is definitely referencing the incorrect framework (see image):
If I change that to ".NET Framework 4" then the test project doesn't even build because there are many incorrect references:
|
|
Yes, but |
|
It's targeting 4.6:
|
|
Oh, I see. Seems like a bug, indeed. I'll work on a fix upon return from the vacation, in a ~week. Sorry about this! Maybe that's something @simon-pearson could take a look, please? |
|
It seems that the issue in tests was introduced in this commit by @ggeurts. Gerke, can you please help to figure out why this doesn't actually work as expected: <SetTargetFramework>TargetFramework=net35</SetTargetFramework>Also can you please try the latest version of the library and confirm whether it still works for you targeting .NET 3.5 or not? |
|
@simon-pearson, here's the initial line of code by @ggeurts: #if NET35 || NET40
((RSACryptoServiceProvider)_privateKey).SignData(bytesToSign, HashAlgorithmName.SHA256);
#elsewhich you moved around in your commit and if became this: #if NET35 || NET40
((RSACryptoServiceProvider)_privateKey).SignData(bytesToSign, this.HashAlgorithmInternal);
#elseWhich is the only related change I've managed to locate. I believe it worked fine and then it stopped. Seems like a regression :( |
|
It used to pass
|
|
@abatishchev, @joshtate hi - yeah this certainly looks like a regression introduced by my PR, apologies. I'm looking into it now and will try to get a PR up as a priority. |
The Test project is building a .NET 4.6 Framework assembly but referencing the .NET 4.0 dependency. In effect the .NET 4.6 tests are testing the .NET 4.0 code. |
|
Hi all, the good news is I've been able to replicate this bug. This isn't a regression caused by PR #305 - I checked out the code from December of last year and could still replicate with that code. @joshtate what is the cryptographic service provider (CSP) of your cert? You can find this out by running From this SO post it seems there's a workaround we can introduce to the I've tested the above implementation in .NET 4.0 and I can encode/decode a request. The only caveat to this is that the certificate must be exportable. @abatishchev, @ggeurts can either of you think of any potential downsides to implementing this? |
|
When the RSACryptoServiceProvider does not meet the preconditions for the sign algorithm, an exception is what should be thrown. The client code possibly could use the solution above to generate a correct RSACryptoServiceProvider. |
It was passed a string before @abatishchev. The |
|
@ggeurts thanks for coming back and weighting on the issue!
I'm not very familiar with this technique but your explanation sounds good to me, means there is no issue with properly targeting the lower frameworks in the tests. |
|
See dotnet/sdk#2280 for a bit more |
|
Does the library really need to do this (optionally or always): #if NET35 || NET40
var rsa = _privateKey as RSACryptoServiceProvider;
var rsaClear = new RSACryptoServiceProvider();
rsaClear.ImportParameters(rsa.ExportParameters(true));
return rsaClear.SignData(bytesToSign, HashAlgorithmInternal);
#elseWhile it can be kept up to the consumer to "cook" the RSA object and pass whatever it deems appropriate? |
|
Is there any outstanding action on this issue? It looks like @joshtate's certificate had a CSP not supporting SHA256 and if he re-generates his certificate with a CSP supporting SHA256/384/512, e.g. "Microsoft Enhanced RSA and AES Cryptographic Provider" then it should work? Alternatively, he could implement the above workaround in his calling code? |
|
I'll have to check this later on, but back to my original issue: if there's something about my cert that needs to change then why does this work with .NET 4.7.2: var rs256 = new RS256Algorithm(cert.GetRSAPublicKey(), cert.GetRSAPrivateKey());But this doesn't? var rs256 = new RS256Algorithm((RSA)cert.PublicKey.Key, (RSA)cert.PrivateKey);If my cert didn't support SHA256 wouldn't it fail in both scenarios? |
|
@joshtate It looks like GetRSAPrivateKey() does perform a similar operation to the manual code posted above. See reference source of RSACertificateExtensions.GetRSAPrivateKey for example. So the answer to your question is no. |
Using version 7.3.0 and .NET 4.0.
The
RS256Algorithmdoes not work with .NET 4.0. We have a working example using .NET 4.7.2 like this:But since .NET 4.0 doesn't have the extension methods
GetRSAPublicKey()andGetRSAPrivateKey(), we have tried this:And also this:
But both of those give the following error:
For the record, trying those other two ways of defining the
RS256Algorithmalso fail in .NET 4.7.2. The only way to get it to work is by using the extension methodsGetRSAPublicKey()andGetRSAPrivateKey().The text was updated successfully, but these errors were encountered: