Re: [Mono-dev] certmgr problem

2015-10-19 Thread Neale Ferguson 
Further to this problem. This is how the certs/keys were created. It all
works under Windows including the certmgr —importKey but always gives the
MAC error on mono:

makecert.exe -n "CN=MonoTestCA" -cy authority -a sha1 -len 2048 -pe -r -sv
MonoTestCA.pvk MonoTestCA.cer
makecert.exe -n "CN=MonoTestCert" -b 01/01/2000 -e 12/31/2039 -eku
1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.3,1.3.6.1.5.5.7.3.4,1.3
.6.1.5.5.7.3.5,1.3.6.1.5.5.7.3.6,1.3.6.1.5.5.7.3.7,1.3.6.1.5.5.7.3.8,1.3.6.
1.5.5.7.3.9 -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 -ic
MonoTestCA.cer -iv MonoTestCA.pvk -a sha1 -len 2048 -pe -sky exchange -sv
MonoTestCert.pvk MonoTestCert.cer
pvk2pfx.exe -pvk MonoTestCert.pvk -spc MonoTestCert.cer -pfx
MonoTestCert.pfx

I took the above makecert commands and, allowing for options not supported
on mono, ran them on linux. I transported the resulting files back to
windows so I could run the pvk2pfx and then attempted to import that key
back on mono.


Neale



On 10/16/15, 12:35 PM, "Neale Ferguson"  wrote:

>When running certmgr to import a key I am getting the following error:
>
>System.Security.Cryptography.CryptographicException: Invalid MAC - file
>may have been tampered!
>
>
>I have verified that the key is ok:
>
>[neale@lneale3 - mono] openssl pkcs12 -info -in /tmp/MonoTestCert.pfx
>Enter Import Password:
>MAC Iteration 2000
>MAC verified OK
>PKCS7 Data
>Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2000
>Bag Attributes
>localKeyID: 01 00 00 00
>Microsoft CSP Name: Microsoft Strong Cryptographic Provider
>friendlyName: PvkTmp:171f74c0-49c3-484a-90c0-a9453b04e318
>Key Attributes
>X509v3 Key Usage: 10
>
>
>The calculated MAC that PCKS12.cs is generating is quite different. I
>added some debug code:
>
>MAC does not match calculated MAC
>   Lengths: 20 20
>57 AF 88 DD B6 40 07 24 56 A3 71 1C 25 F1 A9 8F 46 D0 E5 BA
>A7 4A 04 50 E5 67 39 5E D9 A6 B7 86 3D 00 09 DE 57 4F 2C FC
>
>
>Is this a known limitation of mono or some error on my part?
>
>Neale
>

___
Mono-devel-list mailing list
Mono-devel-list@lists.ximian.com
http://lists.ximian.com/mailman/listinfo/mono-devel-list

[Mono-dev] certmgr problem

2015-10-16 Thread Neale Ferguson 
When running certmgr to import a key I am getting the following error:

System.Security.Cryptography.CryptographicException: Invalid MAC - file
may have been tampered!


I have verified that the key is ok:

[neale@lneale3 - mono] openssl pkcs12 -info -in /tmp/MonoTestCert.pfx
Enter Import Password:
MAC Iteration 2000
MAC verified OK
PKCS7 Data
Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2000
Bag Attributes
localKeyID: 01 00 00 00
Microsoft CSP Name: Microsoft Strong Cryptographic Provider
friendlyName: PvkTmp:171f74c0-49c3-484a-90c0-a9453b04e318
Key Attributes
X509v3 Key Usage: 10


The calculated MAC that PCKS12.cs is generating is quite different. I
added some debug code:

MAC does not match calculated MAC
Lengths: 20 20
57 AF 88 DD B6 40 07 24 56 A3 71 1C 25 F1 A9 8F 46 D0 E5 BA
A7 4A 04 50 E5 67 39 5E D9 A6 B7 86 3D 00 09 DE 57 4F 2C FC


Is this a known limitation of mono or some error on my part?

Neale

___
Mono-devel-list mailing list
Mono-devel-list@lists.ximian.com
http://lists.ximian.com/mailman/listinfo/mono-devel-list