[Mono-list] Problem with crypto in assembly wrapped in COM

Hellan.Kim KHE KHE at kmd.dk
Wed Feb 8 07:24:04 EST 2006


We have an assembly containing crypto functionality (X.509 certificates,
PKCS#12, PKCS#7...) from Mono.Security.dll. So far it has been running
fine in both WinForm and Webform environments (.NET 2.0).
We have had to wrap this assembly in COM to allow it to be run from old
ASP platforms.
We now get the following errors when the .NET/COM component is called
from a webpage:

Error: exception=System.Security.Cryptography.CryptographicException:
The system cannot find the file specified.

   at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters
parameters, Boolean randomKeyContainer)
   at
System.Security.Cryptography.RSACryptoServiceProvider.ImportParameters(R
SAParameters parameters)
   at Mono.Security.Cryptography.PKCS8.PrivateKeyInfo.DecodeRSA(Byte[]
keypair)
   at Mono.Security.X509.PKCS12.AddPrivateKey(PrivateKeyInfo pki)
   at Mono.Security.X509.PKCS12.ReadSafeBag(ASN1 safeBag)
   at Mono.Security.X509.PKCS12.Decode(Byte[] data)
   at Mono.Security.X509.PKCS12.LoadFromFile(String filename, String
password)
....
....


I have a theory what is happening...
In DecodeRSA() you have the following lines:

RSA rsa = RSA.Create ();
rsa.ImportParameters (param);

I have seen before that ImportParameters() had problems in
webapplications, because it apparently tries to access some keystores,
that the IIS user does not have access to. A COM wrapped assembly
probably have even less rights than a standalone assembly.
This is the code I used instead in my application to solve the problem:

CspParameters CSPParam = new CspParameters();
CSPParam.Flags = CspProviderFlags.UseMachineKeyStore;
RSACryptoServiceProvider rsa;
if(System.Web.HttpContext.Current == null)	// WinForm
  rsa = new RSACryptoServiceProvider();
else			// WebForm - Uses Machine store for keys
  rsa = new RSACryptoServiceProvider(CSPParam);
rsa.ImportParameters(rsaParam);


Has anyone else had this problem and do you have a solution for it?
Maybe you have to change some security settings in .NET or elsewhere to
allow this...I don't know.
I'm a bit stuck since I can't control what Mono is doing.

Any hints/help appreciated!

Thanks,
Kim




_______________________________________________________________________________________
www.kmd.dk   www.kundenet.kmd.dk   www.eboks.dk   www.civitas.dk   www.netborger.dk www.organisator.dk

Hvis du har modtaget denne mail ved en fejl vil jeg gerne, at du informerer mig og sletter den.
KMD skaber it-services, der fremmer effektivitet hos det offentlige, erhvervslivet og borgerne.

If you received this e-mail by mistake, please notify me and delete it. Thank you.
Our mission is to enhance the efficiency of the public sector and improve its service of the general public. 



More information about the Mono-list mailing list