Further to this problem. This is how the certs/keys were created. It all works under Windows including the certmgr —importKey but always gives the MAC error on mono:
makecert.exe -n "CN=MonoTestCA" -cy authority -a sha1 -len 2048 -pe -r -sv MonoTestCA.pvk MonoTestCA.cer makecert.exe -n "CN=MonoTestCert" -b 01/01/2000 -e 12/31/2039 -eku 1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.3,1.3.6.1.5.5.7.3.4,1.3 .6.1.5.5.7.3.5,1.3.6.1.5.5.7.3.6,1.3.6.1.5.5.7.3.7,1.3.6.1.5.5.7.3.8,1.3.6. 1.5.5.7.3.9 -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 -ic MonoTestCA.cer -iv MonoTestCA.pvk -a sha1 -len 2048 -pe -sky exchange -sv MonoTestCert.pvk MonoTestCert.cer pvk2pfx.exe -pvk MonoTestCert.pvk -spc MonoTestCert.cer -pfx MonoTestCert.pfx I took the above makecert commands and, allowing for options not supported on mono, ran them on linux. I transported the resulting files back to windows so I could run the pvk2pfx and then attempted to import that key back on mono. Neale On 10/16/15, 12:35 PM, "Neale Ferguson" <ne...@sinenomine.net> wrote: >When running certmgr to import a key I am getting the following error: > >System.Security.Cryptography.CryptographicException: Invalid MAC - file >may have been tampered! > > >I have verified that the key is ok: > >[neale@lneale3 - mono] openssl pkcs12 -info -in /tmp/MonoTestCert.pfx >Enter Import Password: >MAC Iteration 2000 >MAC verified OK >PKCS7 Data >Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2000 >Bag Attributes > localKeyID: 01 00 00 00 > Microsoft CSP Name: Microsoft Strong Cryptographic Provider > friendlyName: PvkTmp:171f74c0-49c3-484a-90c0-a9453b04e318 >Key Attributes > X509v3 Key Usage: 10 > > >The calculated MAC that PCKS12.cs is generating is quite different. I >added some debug code: > >MAC does not match calculated MAC > Lengths: 20 20 >57 AF 88 DD B6 40 07 24 56 A3 71 1C 25 F1 A9 8F 46 D0 E5 BA >A7 4A 04 50 E5 67 39 5E D9 A6 B7 86 3D 00 09 DE 57 4F 2C FC > > >Is this a known limitation of mono or some error on my part? > >Neale > _______________________________________________ Mono-devel-list mailing list Mono-devel-list@lists.ximian.com http://lists.ximian.com/mailman/listinfo/mono-devel-list