[Mono-list] Unknown hash algorithm

Sebastien Pouliot sebastien.pouliot at gmail.com
Wed May 3 16:18:23 EDT 2006

Hello Martin,

On Wed, 2006-05-03 at 14:33 -0500, Martín Trejo Chávez wrote:
> Hi,
> I've been working in a proyect where is required to extract the user
> certificate and his private key from a .pfx file. After have looked at
> certmgr and makecert code, finally I made a class to do the task.
> I use a X509CertificateBuilder to receive the values from the user's
> certificate, just transfer for one side to another:

You can't rebuild a certificate from it's data - at least it wouldn't be
the "same" certificate unless...

>   builder.SerialNumber = userCertificate.SerialNumber;
>   builder.IssuerName = userCertificate.IssuerName;
>   builder.NotBefore = userCertificate.ValidFrom; 
>   builder.NotAfter = userCertificate.ValidUntil; 
>   builder.SubjectName = userCertificate.SubjectName;
>   builder.SubjectPublicKey = aa; 
>   builder.Hash = userCertificate.SignatureAlgorithm; 
>   byte[] rawcert = builder.Sign(aa);

... 'aa' is the CA private key. If not then you are creating a (invalid
as the issuer != subject) self-signed certificate.

Now what I don't understand is why you can't use the 'userCertificate'
itself ? 

The PKCS12 instance you have already has the certificate(s) and the
private key. What more do you need ?

> The problem arise from the las line, as it's run throws this
> exception:
> Unknown hash algorithm 1.2.840.113549.1.1.5
> in <0x000ee> Mono.Security.X509.X509Builder:GetOid (System.String
> hashName)
> in <0x00038> Mono.Security.X509.X509Builder:Sign
> (System.Security.Cryptography.RSA key)
> in <0x0004d> Mono.Security.X509.X509Builder:Sign
> (System.Security.Cryptography.AsymmetricAlgorithm aa)
> in <0x00466> PfxManager:ExtractCertificate ()
> in <0x0002f> PfxManagerTest:Main (System.String[] args)
> This is for Mono, Mono 1.1.15 and .NET 1.1
> I've already found the description of the OID at
> http://www.alvestrand.no/objectid/1.2.840.113549.1.1.5.html.

That's another issue (the assigned value is wrong).

> Now, this simply means that as the hash algorithm is unknown I'm stuck
> 'til here? I'm not very cripto-proficient so the idea of building a
> hash algorithm implementation really scares me, besides, there is no
> time :P

Don't worry there's no need for that ;-)

> Any comments, guidance and/or help would be appreciated.

A more detailed description could be useful (e.g. input you have, output
you require).
Sebastien Pouliot  <sebastien at ximian.com>
Blog: http://pages.infinit.net/ctech/

More information about the Mono-list mailing list