Thanks to visit codestin.com
Credit goes to github.com

Skip to content

CertificateRequest.CreateSelfSigned with ECDSA with invalid key usage #42751

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
vcsjones opened this issue Sep 25, 2020 · 2 comments
Closed

CertificateRequest.CreateSelfSigned with ECDSA with invalid key usage #42751

vcsjones opened this issue Sep 25, 2020 · 2 comments
Labels
area-System.Security backlog-cleanup-candidate An inactive issue that has been marked for automated closure. no-recent-activity

Comments

@vcsjones
Copy link
Member

If you attempt to create a self signed certificate with CertificateRequest with an ECDsa key and a key usage that makes the certificate ineligible for ECDSA usage, it fails with a less-than-clear exception.

using ECDsa ecdsa = ECDsa.Create();
CertificateRequest req = new CertificateRequest("CN=who", ecdsa, HashAlgorithmName.SHA256);
req.CertificateExtensions.Add(new X509KeyUsageExtension(X509KeyUsageFlags.KeyAgreement, true));
req.CreateSelfSigned(DateTimeOffset.Now, DateTimeOffset.Now.AddYears(42));

Produces:

Unhandled exception. System.ArgumentException: The provided key does not match the public key algorithm for this certificate.
   at System.Security.Cryptography.X509Certificates.ECDsaCertificateExtensions.CopyWithPrivateKey(X509Certificate2 certificate, ECDsa privateKey)
   at System.Security.Cryptography.X509Certificates.CertificateRequest.CreateSelfSigned(DateTimeOffset notBefore, DateTimeOffset notAfter)

We should validate the key usages and key type in CreateSelfSigned and give a better exception.

Reproduced in Core 3.1 and 5.0 RC1.
@Dotnet-GitSync-Bot Dotnet-GitSync-Bot added area-System.Security untriaged New issue has not been triaged by the area owner labels Sep 25, 2020
@ghost
Copy link

ghost commented Sep 25, 2020

Tagging subscribers to this area: @bartonjs, @vcsjones, @krwq, @jeffhandley
See info in area-owners.md if you want to be subscribed.

@vcsjones vcsjones mentioned this issue Sep 25, 2020
Merged
2 tasks
@krwq krwq added this to the Future milestone Sep 30, 2020
@krwq krwq removed the untriaged New issue has not been triaged by the area owner label Sep 30, 2020
@dtivel dtivel mentioned this issue Jul 25, 2022
Closed
@dotnet-policy-service dotnet-policy-service bot added backlog-cleanup-candidate An inactive issue that has been marked for automated closure. no-recent-activity labels Apr 1, 2025
@dotnet-policy-service Dotnet Policy Service
Copy link
Contributor

This issue will now be closed since it had been marked no-recent-activity but received no further activity in the past 14 days. It is still possible to reopen or comment on the issue, but please note that the issue will be locked if it remains inactive for another 30 days.

@dotnet-policy-service dotnet-policy-service bot removed this from the Future milestone Apr 15, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area-System.Security backlog-cleanup-candidate An inactive issue that has been marked for automated closure. no-recent-activity
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@vcsjones @krwq @Dotnet-GitSync-Bot