[Mono-list] Https (Webservice) authentication using PKCS#11 tokens

Mathias Tausig mathias.tausig at a-cert.at
Fri Feb 19 09:38:57 EST 2010

Am 19.02.2010 15:24, schrieb Sebastien Pouliot:
> [...]
>>> The fix is not overly complicated (i.e. detect if the instance is not a
>>> RSACryptoServiceProvider and use it without the current hack) unless
>>> your RSA implementation cannot provide [Decrypt|Encrypt]Value methods.
>> I think we have a small misunderstanding. My actual problem is within
>> X509Certifiacte2, and I cannot change anything there (apart from
>> patching and recompiling the whole framework, which would be a bit of an
>> overkill). And since X509Certificate2.PrivateKey is not even virtual,
>> overloading won't help me either.
> There's no misunderstanding. X509Certificate2 needs to be fixed to work
> in your use case (custom RSA). I can't think of any workaround (short of
> re-compiling the assembly with the fix).
>> ExportParameters(true) is called and I have the choice of either
>> returning a bogus value, what might lead to problems in other areas, or
>> throwing an exception, which results in the X509Certificate2 instance
>> not beeing able to access its PrivateKey.
>> And I still don't quite understand this call to ExportParameters(true).
>> You are doing after you have already checked for the type and know, that
>> it's neither a RSACryptoServiceProvider nor a RSAManaged.
> That was too long ago ;-) but it looks like I wanted to get the
> exception if no private key was present in a custom RSA|DSA
> implementation (which is likely the right behavior - but I need to check
> the tests to be sure). IIRC that's because the PublicOnly property is
> not (or was not) defined in the AsymmetricAlgorithm type.

Ah, OK. Now I see the point. There is no real possibility of determining
wether a key is private or public apart from calling ExportParameters.
Well, I guess I have to stick with the dirty solution of returning the
public parameters in any case, and cross my fingers, that I don't break
anything else with this behaviour.

Thanks a lot for your assistence & insight.


More information about the Mono-list mailing list