[Mono-list] Unknown hash algorithm
Sebastien Pouliot
sebastien.pouliot at gmail.com
Wed May 3 16:18:23 EDT 2006
Hello Martin,
On Wed, 2006-05-03 at 14:33 -0500, Martín Trejo Chávez wrote:
> Hi,
>
> I've been working in a proyect where is required to extract the user
> certificate and his private key from a .pfx file. After have looked at
> certmgr and makecert code, finally I made a class to do the task.
>
> I use a X509CertificateBuilder to receive the values from the user's
> certificate, just transfer for one side to another:
You can't rebuild a certificate from it's data - at least it wouldn't be
the "same" certificate unless...
> builder.SerialNumber = userCertificate.SerialNumber;
> builder.IssuerName = userCertificate.IssuerName;
> builder.NotBefore = userCertificate.ValidFrom;
> builder.NotAfter = userCertificate.ValidUntil;
> builder.SubjectName = userCertificate.SubjectName;
> builder.SubjectPublicKey = aa;
> builder.Hash = userCertificate.SignatureAlgorithm;
>
> byte[] rawcert = builder.Sign(aa);
... 'aa' is the CA private key. If not then you are creating a (invalid
as the issuer != subject) self-signed certificate.
Now what I don't understand is why you can't use the 'userCertificate'
itself ?
The PKCS12 instance you have already has the certificate(s) and the
private key. What more do you need ?
> The problem arise from the las line, as it's run throws this
> exception:
>
> Unknown hash algorithm 1.2.840.113549.1.1.5
> in <0x000ee> Mono.Security.X509.X509Builder:GetOid (System.String
> hashName)
> in <0x00038> Mono.Security.X509.X509Builder:Sign
> (System.Security.Cryptography.RSA key)
> in <0x0004d> Mono.Security.X509.X509Builder:Sign
> (System.Security.Cryptography.AsymmetricAlgorithm aa)
> in <0x00466> PfxManager:ExtractCertificate ()
> in <0x0002f> PfxManagerTest:Main (System.String[] args)
>
> This is for Mono 1.1.13.6, Mono 1.1.15 and .NET 1.1
>
> I've already found the description of the OID at
> http://www.alvestrand.no/objectid/1.2.840.113549.1.1.5.html.
That's another issue (the assigned value is wrong).
> Now, this simply means that as the hash algorithm is unknown I'm stuck
> 'til here? I'm not very cripto-proficient so the idea of building a
> hash algorithm implementation really scares me, besides, there is no
> time :P
Don't worry there's no need for that ;-)
> Any comments, guidance and/or help would be appreciated.
A more detailed description could be useful (e.g. input you have, output
you require).
--
Sebastien Pouliot <sebastien at ximian.com>
Blog: http://pages.infinit.net/ctech/
More information about the Mono-list
mailing list