mono
/
mail-archives
зеркало из https://github.com/mono/mail-archives.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
mail-archives/mono-bugs/2006-February/039286.html

255 строки
10 KiB
HTML
Исходник Постоянная ссылка Ответственный История

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<TITLE> [Mono-bugs] [Bug 77559][Wis] New - Problem with crypto in assembly
wrapped in COM
</TITLE>
<LINK REL="Index" HREF="index.html" >
<LINK REL="made" HREF="mailto:mono-bugs%40lists.ximian.com?Subject=%5BMono-bugs%5D%20%5BBug%2077559%5D%5BWis%5D%20New%20-%20Problem%20with%20crypto%20in%20assembly%0A%09wrapped%20in%20COM&In-Reply-To=bug-77559%40chernobyl.ximian.com">
<META NAME="robots" CONTENT="index,nofollow">
<META http-equiv="Content-Type" content="text/html; charset=us-ascii">
<LINK REL="Previous" HREF="039285.html">
<LINK REL="Next" HREF="039287.html">
</HEAD>
<BODY BGCOLOR="#ffffff">
<H1>[Mono-bugs] [Bug 77559][Wis] New - Problem with crypto in assembly
wrapped in COM</H1>
<B>bugzilla-daemon at bugzilla.ximian.com</B>
<A HREF="mailto:mono-bugs%40lists.ximian.com?Subject=%5BMono-bugs%5D%20%5BBug%2077559%5D%5BWis%5D%20New%20-%20Problem%20with%20crypto%20in%20assembly%0A%09wrapped%20in%20COM&In-Reply-To=bug-77559%40chernobyl.ximian.com"
TITLE="[Mono-bugs] [Bug 77559][Wis] New - Problem with crypto in assembly
wrapped in COM">bugzilla-daemon at bugzilla.ximian.com
</A><BR>
<I>Wed Feb 15 03:24:03 EST 2006</I>
<P><UL>
<LI>Previous message: <A HREF="039285.html">[Mono-bugs] [Bug 77558][Blo] New - Asynchronous socket receive
segmentation fault
</A></li>
<LI>Next message: <A HREF="039287.html">[Mono-bugs] [Bug 77560][Wis] New - child web.config overrides
parent web.config
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#39286">[ date ]</a>
<a href="thread.html#39286">[ thread ]</a>
<a href="subject.html#39286">[ subject ]</a>
<a href="author.html#39286">[ author ]</a>
</LI>
</UL>
<HR>
<!--beginarticle-->
<PRE>Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.
Changed by <A HREF="http://lists.ximian.com/mailman/listinfo/mono-bugs">khe at kmd.dk.</A>
<A HREF="http://bugzilla.ximian.com/show_bug.cgi?id=77559">http://bugzilla.ximian.com/show_bug.cgi?id=77559</A>
--- shadow/77559 2006-02-15 03:24:03.000000000 -0500
+++ shadow/77559.tmp.17570 2006-02-15 03:24:03.000000000 -0500
@@ -0,0 +1,181 @@
+Bug#: 77559
+Product: Mono: Class Libraries
+Version: 1.1
+OS:
+OS Details:
+Status: NEW
+Resolution:
+Severity:
+Priority: Wishlist
+Component: Mono.Security
+AssignedTo: <A HREF="http://lists.ximian.com/mailman/listinfo/mono-bugs">sebastien at ximian.com</A>
+ReportedBy: <A HREF="http://lists.ximian.com/mailman/listinfo/mono-bugs">khe at kmd.dk</A>
+QAContact: <A HREF="http://lists.ximian.com/mailman/listinfo/mono-bugs">mono-bugs at ximian.com</A>
+TargetMilestone: ---
+URL:
+Cc:
+Summary: Problem with crypto in assembly wrapped in COM
+
+Hi Sebastien
+
+Like we discussed in the mailing lists, we have a problem with a COM
+wrapped assembly.
+I have included all the communication below.
+
+/Kim
+
+
+
+Hi again
+
+We have been investigating this some more. Apparently the problem
+is &quot;working as intended&quot;. Why it is so, is described here:
+<A HREF="http://support.microsoft.com/default.aspx?scid=KB;EN-US;322371">http://support.microsoft.com/default.aspx?scid=KB;EN-US;322371</A>
+
+The solution is, instead of using:
+ RSA rsa = RSA.Create();
+use this:
+ CspParameters CSPParam = new CspParameters();
+ CSPParam.Flags = CspProviderFlags.UseMachineKeyStore;
+ RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(CSPParam);
+or maybe this:
+ RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
+ rsa.UseMachineKeyStore = true;
+
+I don't think there is any way around this, other than to fix the Mono
+code as you (Sebastien) suggested.
+Fortunately I think it is only in a few files that you do the RSA.Create
+(), and call ImportParameters() afterwards.
+
+If you decide to make the fix, we would be happy to test it with our COM
+wrapped assembly immediately.
+If you want a bugzilla report to initiate it, let me know and I will make
+one.
+
+Thanks,
+Kim
+
+
+-----Oprindelig meddelelse-----
+Fra: <A HREF="http://lists.ximian.com/mailman/listinfo/mono-bugs">mono-list-bounces at lists.ximian.com</A> [mailto:mono-list-
<A HREF="http://lists.ximian.com/mailman/listinfo/mono-bugs">+bounces at lists.ximian.com</A>] P&#229; vegne af Hellan.Kim KHE
+Sendt: 10. februar 2006 09:35
+Til: <A HREF="http://lists.ximian.com/mailman/listinfo/mono-bugs">sebastien.pouliot at gmail.com</A>
+Cc: <A HREF="http://lists.ximian.com/mailman/listinfo/mono-bugs">mono-list at lists.ximian.com</A>
+Emne: SV: [Mono-list] Problem with crypto in assembly wrapped in COM
+
+Hi Sebastien,
+
+Thank you for answering.
+I didn't mean that Mono should adapt our code, it was just to show
+something that worked for us.
+We will try to see if we can find a solution for this problem.
+I'll let you know what we find.
+
+/Kim
+
+-----Oprindelig meddelelse-----
+Fra: Sebastien Pouliot [mailto:<A HREF="http://lists.ximian.com/mailman/listinfo/mono-bugs">sebastien.pouliot at gmail.com</A>]
+Sendt: 8. februar 2006 15:24
+Til: Hellan.Kim KHE
+Cc: <A HREF="http://lists.ximian.com/mailman/listinfo/mono-bugs">mono-list at lists.ximian.com</A>
+Emne: Re: [Mono-list] Problem with crypto in assembly wrapped in COM
+
+Hello Kim,
+
+On Wed, 2006-02-08 at 13:24 +0100, Hellan.Kim KHE wrote:
+&gt; We have an assembly containing crypto functionality (X.509
+certificates,
+&gt; PKCS#12, PKCS#7...) from Mono.Security.dll. So far it has been running
+&gt; fine in both WinForm and Webform environments (.NET 2.0).
+&gt; We have had to wrap this assembly in COM to allow it to be run from
+old
+&gt; ASP platforms.
+
+Nice. As far as I know you're the first to use Mono.Security.dll via
+COM. I'm glad it works (even if not completely ;-)
+
+&gt; We now get the following errors when the .NET/COM component is called
+&gt; from a webpage:
+&gt;
+&gt; Error: exception=System.Security.Cryptography.CryptographicException:
+&gt; The system cannot find the file specified.
+&gt;
+&gt; at
+System.Security.Cryptography.Utils.CreateProvHandle(CspParameters
+&gt; parameters, Boolean randomKeyContainer)
+&gt; at
+&gt;
+System.Security.Cryptography.RSACryptoServiceProvider.ImportParameters(R
+&gt; SAParameters parameters)
+&gt; at Mono.Security.Cryptography.PKCS8.PrivateKeyInfo.DecodeRSA(Byte[]
+&gt; keypair)
+&gt; at Mono.Security.X509.PKCS12.AddPrivateKey(PrivateKeyInfo pki)
+&gt; at Mono.Security.X509.PKCS12.ReadSafeBag(ASN1 safeBag)
+&gt; at Mono.Security.X509.PKCS12.Decode(Byte[] data)
+&gt; at Mono.Security.X509.PKCS12.LoadFromFile(String filename, String
+&gt; password)
+&gt; ....
+&gt; ....
+&gt;
+&gt;
+&gt; I have a theory what is happening...
+&gt; In DecodeRSA() you have the following lines:
+&gt;
+&gt; RSA rsa = RSA.Create ();
+&gt; rsa.ImportParameters (param);
+&gt;
+&gt; I have seen before that ImportParameters() had problems in
+&gt; webapplications, because it apparently tries to access some keystores,
+&gt; that the IIS user does not have access to. A COM wrapped assembly
+&gt; probably have even less rights than a standalone assembly.
+&gt; This is the code I used instead in my application to solve the
+problem:
+
+Yes. Even if the .NET API makes key containers optional (for importing
+or using keyparis), MS implementation is dependent on CryptoAPI, which
+is dependent on the key stores, which depends on the current user (and
+its permissions).
+
+&gt; CspParameters CSPParam = new CspParameters();
+&gt; CSPParam.Flags = CspProviderFlags.UseMachineKeyStore;
+&gt; RSACryptoServiceProvider rsa;
+&gt; if(System.Web.HttpContext.Current == null) // WinForm
+&gt; rsa = new RSACryptoServiceProvider();
+&gt; else // WebForm - Uses Machine store for keys
+&gt; rsa = new RSACryptoServiceProvider(CSPParam);
+&gt; rsa.ImportParameters(rsaParam);
+
+This will work for your own code. However Mono can't adopt this as this
+would make Mono.Security.dll depends on System.Web (and create more
+circular dependencies on Mono).
+
+&gt; Has anyone else had this problem and do you have a solution for it?
+
+This is a well known problem (on Windows + .NET crypto). IIRC there is a
+few knowledge base article on the subject. It is also a common question
+on MS newsgroups.
+
+&gt; Maybe you have to change some security settings in .NET or elsewhere
+to
+&gt; allow this...I don't know.
+
+Google should find them easily (kb + newsgroups). There may be a &quot;fix&quot;
+for this. IIRC there was one .config trick that I think it works only
+for WSE stuff... but I may be wrong.
+
+&gt; I'm a bit stuck since I can't control what Mono is doing.
+
+Please do look at Google and see if and how this can be fixed. It would
+be nice to report the finding on this mailing-list (i.e. giving Google
+another chance to index the answer ;-).
+
+If a fix isn't possible then I think I could change Mono.Security's
+source code to trap the first ImportParameters for a
+CryptographicException, then re-try the ImportParameters using the
+UseMachineKeyStore (as a second/last chance).
+--
+Sebastien Pouliot &lt;<A HREF="http://lists.ximian.com/mailman/listinfo/mono-bugs">sebastien at ximian.com</A>&gt;
+Blog: <A HREF="http://pages.infinit.net/ctech/">http://pages.infinit.net/ctech/</A>
+
+___________________________________________________________________________
</PRE>
<!--endarticle-->
<HR>
<P><UL>
<!--threads-->
<LI>Previous message: <A HREF="039285.html">[Mono-bugs] [Bug 77558][Blo] New - Asynchronous socket receive
segmentation fault
</A></li>
<LI>Next message: <A HREF="039287.html">[Mono-bugs] [Bug 77560][Wis] New - child web.config overrides
parent web.config
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#39286">[ date ]</a>
<a href="thread.html#39286">[ thread ]</a>
<a href="subject.html#39286">[ subject ]</a>
<a href="author.html#39286">[ author ]</a>
</LI>
</UL>
<hr>
<a href="http://lists.ximian.com/mailman/listinfo/mono-bugs">More information about the mono-bugs
mailing list</a><br>
</body></html>
Ссылка в новой задаче Показать git blame Копировать постоянную ссылку