[Mono-list] Https (Webservice) authentication using PKCS#11 tokens

Mathias Tausig mathias.tausig at a-cert.at
Fri Feb 19 09:00:41 EST 2010

Am 19.02.2010 14:17, schrieb Sebastien Pouliot:
> [...]
>> but I am
>> facing a slight problem.
>> In Mono's implementation of X509Certificate2, when the key is accessed
>> via the PrivateKey property, the ExportParameter method of
>> AssymetricAlgorithm ist invoked (see
>> http://anonsvn.mono-project.com/viewvc/tags/mono-2-6-1/mcs/class/System/System.Security.Cryptography.X509Certificates/X509Certificate2.cs
>> , line 213). When I implemented my Pkcs11RsaKey class, derived from RSA,
>> I chose to throw a CryptographicException whenever ExportParamters(true)
>> is called (since there is no possibility to actually read the private
>> parameters off a token). But if I do so, X509Certificate2.PrivateKey
>> returns null and the whole https - login process fails.
>> Since you wrote the whole Cryptographic namespace, maybe you could shed
>> some light, why this call to ExportParameters is neccesary.
>> Do you see any workaround for this, apart from simply returning the
>> public parameters from ExportParameters(true), as I have done now, to
>> make it work as a proof of concept?
> It's a FX design flaw. The cryptographic hierarchy is sound (mostly) but
> some types (like RSACryptoServiceProvider) are short-circuiting the
> logic (which is a CryptoAPI limitation - or at least a mismatch with the
> FX design).
> IOW it means that RSACryptoServiceProvider (with its limitations) is
> unusable to some tasks (like SSL/TLS) unless you export the private key
> and re-load it into a (more compliant) RSAManaged instance. Sadly that
> does not play well with other, custom RSA instance.

OK, thanks for the explanation

> The fix is not overly complicated (i.e. detect if the instance is not a
> RSACryptoServiceProvider and use it without the current hack) unless
> your RSA implementation cannot provide [Decrypt|Encrypt]Value methods.

I think we have a small misunderstanding. My actual problem is within
X509Certifiacte2, and I cannot change anything there (apart from
patching and recompiling the whole framework, which would be a bit of an
overkill). And since X509Certificate2.PrivateKey is not even virtual,
overloading won't help me either.
ExportParameters(true) is called and I have the choice of either
returning a bogus value, what might lead to problems in other areas, or
throwing an exception, which results in the X509Certificate2 instance
not beeing able to access its PrivateKey.
And I still don't quite understand this call to ExportParameters(true).
You are doing after you have already checked for the type and know, that
it's neither a RSACryptoServiceProvider nor a RSAManaged.

> This happens on some smartcards (I recall some of the G&D Starcos 2.3
> about 10 years ago ;-) which insist on doing all padding operations
> inside the card. Those cards (unless they have a PKCS11 mode or support
> the special SSL padding*) are unusable for this purpose.

No, EncryptValue and DecryptValue work just fine (at least with the card
I tried so far). But good to know, that there might be other troubles on
the horizon.


More information about the Mono-list mailing list