зеркало из https://github.com/mono/mail-archives.git
255 строки
10 KiB
HTML
255 строки
10 KiB
HTML
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
|
|
<HTML>
|
|
<HEAD>
|
|
<TITLE> [Mono-bugs] [Bug 77559][Wis] New - Problem with crypto in assembly
|
|
wrapped in COM
|
|
</TITLE>
|
|
<LINK REL="Index" HREF="index.html" >
|
|
<LINK REL="made" HREF="mailto:mono-bugs%40lists.ximian.com?Subject=%5BMono-bugs%5D%20%5BBug%2077559%5D%5BWis%5D%20New%20-%20Problem%20with%20crypto%20in%20assembly%0A%09wrapped%20in%20COM&In-Reply-To=bug-77559%40chernobyl.ximian.com">
|
|
<META NAME="robots" CONTENT="index,nofollow">
|
|
<META http-equiv="Content-Type" content="text/html; charset=us-ascii">
|
|
<LINK REL="Previous" HREF="039285.html">
|
|
<LINK REL="Next" HREF="039287.html">
|
|
</HEAD>
|
|
<BODY BGCOLOR="#ffffff">
|
|
<H1>[Mono-bugs] [Bug 77559][Wis] New - Problem with crypto in assembly
|
|
wrapped in COM</H1>
|
|
<B>bugzilla-daemon at bugzilla.ximian.com</B>
|
|
<A HREF="mailto:mono-bugs%40lists.ximian.com?Subject=%5BMono-bugs%5D%20%5BBug%2077559%5D%5BWis%5D%20New%20-%20Problem%20with%20crypto%20in%20assembly%0A%09wrapped%20in%20COM&In-Reply-To=bug-77559%40chernobyl.ximian.com"
|
|
TITLE="[Mono-bugs] [Bug 77559][Wis] New - Problem with crypto in assembly
|
|
wrapped in COM">bugzilla-daemon at bugzilla.ximian.com
|
|
</A><BR>
|
|
<I>Wed Feb 15 03:24:03 EST 2006</I>
|
|
<P><UL>
|
|
<LI>Previous message: <A HREF="039285.html">[Mono-bugs] [Bug 77558][Blo] New - Asynchronous socket receive
|
|
segmentation fault
|
|
</A></li>
|
|
<LI>Next message: <A HREF="039287.html">[Mono-bugs] [Bug 77560][Wis] New - child web.config overrides
|
|
parent web.config
|
|
</A></li>
|
|
<LI> <B>Messages sorted by:</B>
|
|
<a href="date.html#39286">[ date ]</a>
|
|
<a href="thread.html#39286">[ thread ]</a>
|
|
<a href="subject.html#39286">[ subject ]</a>
|
|
<a href="author.html#39286">[ author ]</a>
|
|
</LI>
|
|
</UL>
|
|
<HR>
|
|
<!--beginarticle-->
|
|
<PRE>Please do not reply to this email- if you want to comment on the bug, go to the
|
|
URL shown below and enter your comments there.
|
|
|
|
Changed by <A HREF="http://lists.ximian.com/mailman/listinfo/mono-bugs">khe at kmd.dk.</A>
|
|
|
|
<A HREF="http://bugzilla.ximian.com/show_bug.cgi?id=77559">http://bugzilla.ximian.com/show_bug.cgi?id=77559</A>
|
|
|
|
--- shadow/77559 2006-02-15 03:24:03.000000000 -0500
|
|
+++ shadow/77559.tmp.17570 2006-02-15 03:24:03.000000000 -0500
|
|
@@ -0,0 +1,181 @@
|
|
+Bug#: 77559
|
|
+Product: Mono: Class Libraries
|
|
+Version: 1.1
|
|
+OS:
|
|
+OS Details:
|
|
+Status: NEW
|
|
+Resolution:
|
|
+Severity:
|
|
+Priority: Wishlist
|
|
+Component: Mono.Security
|
|
+AssignedTo: <A HREF="http://lists.ximian.com/mailman/listinfo/mono-bugs">sebastien at ximian.com</A>
|
|
+ReportedBy: <A HREF="http://lists.ximian.com/mailman/listinfo/mono-bugs">khe at kmd.dk</A>
|
|
+QAContact: <A HREF="http://lists.ximian.com/mailman/listinfo/mono-bugs">mono-bugs at ximian.com</A>
|
|
+TargetMilestone: ---
|
|
+URL:
|
|
+Cc:
|
|
+Summary: Problem with crypto in assembly wrapped in COM
|
|
+
|
|
+Hi Sebastien
|
|
+
|
|
+Like we discussed in the mailing lists, we have a problem with a COM
|
|
+wrapped assembly.
|
|
+I have included all the communication below.
|
|
+
|
|
+/Kim
|
|
+
|
|
+
|
|
+
|
|
+Hi again
|
|
+
|
|
+We have been investigating this some more. Apparently the problem
|
|
+is "working as intended". Why it is so, is described here:
|
|
+<A HREF="http://support.microsoft.com/default.aspx?scid=KB;EN-US;322371">http://support.microsoft.com/default.aspx?scid=KB;EN-US;322371</A>
|
|
+
|
|
+The solution is, instead of using:
|
|
+ RSA rsa = RSA.Create();
|
|
+use this:
|
|
+ CspParameters CSPParam = new CspParameters();
|
|
+ CSPParam.Flags = CspProviderFlags.UseMachineKeyStore;
|
|
+ RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(CSPParam);
|
|
+or maybe this:
|
|
+ RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
|
|
+ rsa.UseMachineKeyStore = true;
|
|
+
|
|
+I don't think there is any way around this, other than to fix the Mono
|
|
+code as you (Sebastien) suggested.
|
|
+Fortunately I think it is only in a few files that you do the RSA.Create
|
|
+(), and call ImportParameters() afterwards.
|
|
+
|
|
+If you decide to make the fix, we would be happy to test it with our COM
|
|
+wrapped assembly immediately.
|
|
+If you want a bugzilla report to initiate it, let me know and I will make
|
|
+one.
|
|
+
|
|
+Thanks,
|
|
+Kim
|
|
+
|
|
+
|
|
+-----Oprindelig meddelelse-----
|
|
+Fra: <A HREF="http://lists.ximian.com/mailman/listinfo/mono-bugs">mono-list-bounces at lists.ximian.com</A> [mailto:mono-list-
|
|
<A HREF="http://lists.ximian.com/mailman/listinfo/mono-bugs">+bounces at lists.ximian.com</A>] På vegne af Hellan.Kim KHE
|
|
+Sendt: 10. februar 2006 09:35
|
|
+Til: <A HREF="http://lists.ximian.com/mailman/listinfo/mono-bugs">sebastien.pouliot at gmail.com</A>
|
|
+Cc: <A HREF="http://lists.ximian.com/mailman/listinfo/mono-bugs">mono-list at lists.ximian.com</A>
|
|
+Emne: SV: [Mono-list] Problem with crypto in assembly wrapped in COM
|
|
+
|
|
+Hi Sebastien,
|
|
+
|
|
+Thank you for answering.
|
|
+I didn't mean that Mono should adapt our code, it was just to show
|
|
+something that worked for us.
|
|
+We will try to see if we can find a solution for this problem.
|
|
+I'll let you know what we find.
|
|
+
|
|
+/Kim
|
|
+
|
|
+-----Oprindelig meddelelse-----
|
|
+Fra: Sebastien Pouliot [mailto:<A HREF="http://lists.ximian.com/mailman/listinfo/mono-bugs">sebastien.pouliot at gmail.com</A>]
|
|
+Sendt: 8. februar 2006 15:24
|
|
+Til: Hellan.Kim KHE
|
|
+Cc: <A HREF="http://lists.ximian.com/mailman/listinfo/mono-bugs">mono-list at lists.ximian.com</A>
|
|
+Emne: Re: [Mono-list] Problem with crypto in assembly wrapped in COM
|
|
+
|
|
+Hello Kim,
|
|
+
|
|
+On Wed, 2006-02-08 at 13:24 +0100, Hellan.Kim KHE wrote:
|
|
+> We have an assembly containing crypto functionality (X.509
|
|
+certificates,
|
|
+> PKCS#12, PKCS#7...) from Mono.Security.dll. So far it has been running
|
|
+> fine in both WinForm and Webform environments (.NET 2.0).
|
|
+> We have had to wrap this assembly in COM to allow it to be run from
|
|
+old
|
|
+> ASP platforms.
|
|
+
|
|
+Nice. As far as I know you're the first to use Mono.Security.dll via
|
|
+COM. I'm glad it works (even if not completely ;-)
|
|
+
|
|
+> We now get the following errors when the .NET/COM component is called
|
|
+> from a webpage:
|
|
+>
|
|
+> Error: exception=System.Security.Cryptography.CryptographicException:
|
|
+> The system cannot find the file specified.
|
|
+>
|
|
+> at
|
|
+System.Security.Cryptography.Utils.CreateProvHandle(CspParameters
|
|
+> parameters, Boolean randomKeyContainer)
|
|
+> at
|
|
+>
|
|
+System.Security.Cryptography.RSACryptoServiceProvider.ImportParameters(R
|
|
+> SAParameters parameters)
|
|
+> at Mono.Security.Cryptography.PKCS8.PrivateKeyInfo.DecodeRSA(Byte[]
|
|
+> keypair)
|
|
+> at Mono.Security.X509.PKCS12.AddPrivateKey(PrivateKeyInfo pki)
|
|
+> at Mono.Security.X509.PKCS12.ReadSafeBag(ASN1 safeBag)
|
|
+> at Mono.Security.X509.PKCS12.Decode(Byte[] data)
|
|
+> at Mono.Security.X509.PKCS12.LoadFromFile(String filename, String
|
|
+> password)
|
|
+> ....
|
|
+> ....
|
|
+>
|
|
+>
|
|
+> I have a theory what is happening...
|
|
+> In DecodeRSA() you have the following lines:
|
|
+>
|
|
+> RSA rsa = RSA.Create ();
|
|
+> rsa.ImportParameters (param);
|
|
+>
|
|
+> I have seen before that ImportParameters() had problems in
|
|
+> webapplications, because it apparently tries to access some keystores,
|
|
+> that the IIS user does not have access to. A COM wrapped assembly
|
|
+> probably have even less rights than a standalone assembly.
|
|
+> This is the code I used instead in my application to solve the
|
|
+problem:
|
|
+
|
|
+Yes. Even if the .NET API makes key containers optional (for importing
|
|
+or using keyparis), MS implementation is dependent on CryptoAPI, which
|
|
+is dependent on the key stores, which depends on the current user (and
|
|
+its permissions).
|
|
+
|
|
+> CspParameters CSPParam = new CspParameters();
|
|
+> CSPParam.Flags = CspProviderFlags.UseMachineKeyStore;
|
|
+> RSACryptoServiceProvider rsa;
|
|
+> if(System.Web.HttpContext.Current == null) // WinForm
|
|
+> rsa = new RSACryptoServiceProvider();
|
|
+> else // WebForm - Uses Machine store for keys
|
|
+> rsa = new RSACryptoServiceProvider(CSPParam);
|
|
+> rsa.ImportParameters(rsaParam);
|
|
+
|
|
+This will work for your own code. However Mono can't adopt this as this
|
|
+would make Mono.Security.dll depends on System.Web (and create more
|
|
+circular dependencies on Mono).
|
|
+
|
|
+> Has anyone else had this problem and do you have a solution for it?
|
|
+
|
|
+This is a well known problem (on Windows + .NET crypto). IIRC there is a
|
|
+few knowledge base article on the subject. It is also a common question
|
|
+on MS newsgroups.
|
|
+
|
|
+> Maybe you have to change some security settings in .NET or elsewhere
|
|
+to
|
|
+> allow this...I don't know.
|
|
+
|
|
+Google should find them easily (kb + newsgroups). There may be a "fix"
|
|
+for this. IIRC there was one .config trick that I think it works only
|
|
+for WSE stuff... but I may be wrong.
|
|
+
|
|
+> I'm a bit stuck since I can't control what Mono is doing.
|
|
+
|
|
+Please do look at Google and see if and how this can be fixed. It would
|
|
+be nice to report the finding on this mailing-list (i.e. giving Google
|
|
+another chance to index the answer ;-).
|
|
+
|
|
+If a fix isn't possible then I think I could change Mono.Security's
|
|
+source code to trap the first ImportParameters for a
|
|
+CryptographicException, then re-try the ImportParameters using the
|
|
+UseMachineKeyStore (as a second/last chance).
|
|
+--
|
|
+Sebastien Pouliot <<A HREF="http://lists.ximian.com/mailman/listinfo/mono-bugs">sebastien at ximian.com</A>>
|
|
+Blog: <A HREF="http://pages.infinit.net/ctech/">http://pages.infinit.net/ctech/</A>
|
|
+
|
|
+___________________________________________________________________________
|
|
</PRE>
|
|
|
|
|
|
<!--endarticle-->
|
|
<HR>
|
|
<P><UL>
|
|
<!--threads-->
|
|
<LI>Previous message: <A HREF="039285.html">[Mono-bugs] [Bug 77558][Blo] New - Asynchronous socket receive
|
|
segmentation fault
|
|
</A></li>
|
|
<LI>Next message: <A HREF="039287.html">[Mono-bugs] [Bug 77560][Wis] New - child web.config overrides
|
|
parent web.config
|
|
</A></li>
|
|
<LI> <B>Messages sorted by:</B>
|
|
<a href="date.html#39286">[ date ]</a>
|
|
<a href="thread.html#39286">[ thread ]</a>
|
|
<a href="subject.html#39286">[ subject ]</a>
|
|
<a href="author.html#39286">[ author ]</a>
|
|
</LI>
|
|
</UL>
|
|
|
|
<hr>
|
|
<a href="http://lists.ximian.com/mailman/listinfo/mono-bugs">More information about the mono-bugs
|
|
mailing list</a><br>
|
|
</body></html>
|