Bug 60837 - [Feature/Enhancement/WontFix] We currently don't support DSA certificates in X509Certificate2
Summary: [Feature/Enhancement/WontFix] We currently don't support DSA certificates in ...
Status: RESOLVED FIXED
Alias: None
Product: Class Libraries
Classification: Mono
Component: System.Security ()
Version: 5.4 (2017-06)
Hardware: PC Linux
: --- enhancement
Target Milestone: Future Release
Assignee: Bugzilla
URL:
Depends on:
Blocks:
 
Reported: 2017-11-23 13:38 UTC by Rebex.NET
Modified: 2018-01-05 17:37 UTC (History)
3 users (show)

Tags:
Is this bug a regression?: ---
Last known good build:

Notice (2018-05-24): bugzilla.xamarin.com is now in read-only mode.

Please join us on Visual Studio Developer Community and in the Xamarin and Mono organizations on GitHub to continue tracking issues. Bugzilla will remain available for reference in read-only mode. We will continue to work on open Bugzilla bugs, copy them to the new locations as needed for follow-up, and add the new items under Related Links.

Our sincere thanks to everyone who has contributed on this bug tracker over the years. Thanks also for your understanding as we make these adjustments and improvements for the future.


Please create a new report on GitHub or Developer Community with your current version information, steps to reproduce, and relevant error messages or log files if you are hitting an issue that looks similar to this resolved bug and you do not yet see a matching new report.

Related Links:
Status:
RESOLVED FIXED

Description Rebex.NET 2017-11-23 13:38:56 UTC
In .NET Framework and in Mono 4.6 (and earlier), X509Certificate2.GetPublicKey() method returns DSA "Y" parameter in the form of ASN.1 DER encoded integer (this corresponds to DSAPublicKey defined by RFC 3279 - https://tools.ietf.org/html/rfc3279#page-10).

In Mono 5.4, it returns a different DER-encoded structure that includes Y, P, Q and G parameters. This is incompatible with .NET Framework and previous versions of Mono.

Code to reproduce this issue:

using System;
using System.Security.Cryptography.X509Certificates;

class Program
{
	static void Main()
	{
		string encodedCertData = @"
MIIC7zCCAq6gAwIBAgIQQzkNDm1y70WfsqvnrMbb9zAJBgcqhkjOOAQDMDUxHzAd
BgkqhkiG9w0BCQEWEHNlbGZAZXhhbXBsZS5vcmcxEjAQBgNVBAMTCUN1c3RvbSBD
QTAeFw0xNzExMjIxMTQ0NDFaFw0yNzExMjIxMTQ0NDFaMDUxHzAdBgkqhkiG9w0B
CQEWEHNlbGZAZXhhbXBsZS5vcmcxEjAQBgNVBAMTCUN1c3RvbSBDQTCCAbYwggEr
BgcqhkjOOAQBMIIBHgKBgQCDO4cyXsghXlfEsJhMnOkqnjJ++XoWgmdnDPGwGIDN
Iih/rSuAIIPOWv4OQ/PK53quPIbR/O56oDOMkL1HJ8rHDNK9xamlgzFfKjtXX+Ga
4QvU61mVFWiRLGhbrNdGT/lG37rwzONnkZ2qIZ/WHlkAcKTfKvb94Tt5r7MVRI13
AQIVALgtBQLqHs1c1NhBpgV75rBARmkdAoGAUqVWNwH+wdvtv52ps/ye0zJDu8g5
SF/P/Pi1Wx7+hcmNmWOfGMDe5Yb6GFgvp5/85ii2H2HAdLJ0+uM24vR0yX4FuCzT
emF98X6Juy/oW8W7a7XotHBf7Arxo3GzAwsjricRXd45jZohRE0eaf/4rt0udv5L
87zyHxHyYEEBQ+wDgYQAAoGAFYzhNXDKeWdZBvZq/qdOt56irdyf7MmpyhJCyek4
rDl1rduhU6BJ2te1rgh7WCtjme+/vFzKQMZqlXsDYP4FMVNzqYIL6LpTS/hGpAUS
MVD1Wf9vlLFr+Brw7XuVMxJ7+GxlCZfQxDOE/7uPjvY8vGiFY2SRKNL8EzyvPdXW
zDOjQjBAMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW
BBTldiVAGKxvjOxGWwZx9pSW8K1mvjAJBgcqhkjOOAQDAzAAMC0CFQCx2rJGC9rb
ozh8zeFfxxDxM6uEzgIUaSW6Cp/HUQ84Uyv1xIXK+L7cKKg=";

		byte[] data = Convert.FromBase64String(encodedCertData);
		var cert = new X509Certificate2(data);
		Console.WriteLine("Public key: {0}", BitConverter.ToString(cert.GetPublicKey()));
	}
}

Expected result (corresponds to .NET Framework and Mono 4.6):

Public key: 02-81-80-15-8C-E1-35-70-CA-79-67-59-06-F6-6A-FE-A7-4E-B7-9E-A2-AD-DC-9F-EC-C9-A9-CA-12-42-C9-E9-38-AC-39-75-AD-DB-A1-53-A0-49-DA-D7-B5-AE-08-7B-58-2B-63-99-EF-BF-BC-5C-CA-40-C6-6A-95-7B-03-60-FE-05-31-53-73-A9-82-0B-E8-BA-53-4B-F8-46-A4-05-12-31-50-F5-59-FF-6F-94-B1-6B-F8-1A-F0-ED-7B-95-33-12-7B-F8-6C-65-09-97-D0-C4-33-84-FF-BB-8F-8E-F6-3C-BC-68-85-63-64-91-28-D2-FC-13-3C-AF-3D-D5-D6-CC-33


Actual result on Mono 5.4:

Public key: 30-82-01-A1-02-81-80-15-8C-E1-35-70-CA-79-67-59-06-F6-6A-FE-A7-4E-B7-9E-A2-AD-DC-9F-EC-C9-A9-CA-12-42-C9-E9-38-AC-39-75-AD-DB-A1-53-A0-49-DA-D7-B5-AE-08-7B-58-2B-63-99-EF-BF-BC-5C-CA-40-C6-6A-95-7B-03-60-FE-05-31-53-73-A9-82-0B-E8-BA-53-4B-F8-46-A4-05-12-31-50-F5-59-FF-6F-94-B1-6B-F8-1A-F0-ED-7B-95-33-12-7B-F8-6C-65-09-97-D0-C4-33-84-FF-BB-8F-8E-F6-3C-BC-68-85-63-64-91-28-D2-FC-13-3C-AF-3D-D5-D6-CC-33-02-81-81-00-83-3B-87-32-5E-C8-21-5E-57-C4-B0-98-4C-9C-E9-2A-9E-32-7E-F9-7A-16-82-67-67-0C-F1-B0-18-80-CD-22-28-7F-AD-2B-80-20-83-CE-5A-FE-0E-43-F3-CA-E7-7A-AE-3C-86-D1-FC-EE-7A-A0-33-8C-90-BD-47-27-CA-C7-0C-D2-BD-C5-A9-A5-83-31-5F-2A-3B-57-5F-E1-9A-E1-0B-D4-EB-59-95-15-68-91-2C-68-5B-AC-D7-46-4F-F9-46-DF-BA-F0-CC-E3-67-91-9D-AA-21-9F-D6-1E-59-00-70-A4-DF-2A-F6-FD-E1-3B-79-AF-B3-15-44-8D-77-01-02-15-00-B8-2D-05-02-EA-1E-CD-5C-D4-D8-41-A6-05-7B-E6-B0-40-46-69-1D-02-81-80-52-A5-56-37-01-FE-C1-DB-ED-BF-9D-A9-B3-FC-9E-D3-32-43-BB-C8-39-48-5F-CF-FC-F8-B5-5B-1E-FE-85-C9-8D-99-63-9F-18-C0-DE-E5-86-FA-18-58-2F-A7-9F-FC-E6-28-B6-1F-61-C0-74-B2-74-FA-E3-36-E2-F4-74-C9-7E-05-B8-2C-D3-7A-61-7D-F1-7E-89-BB-2F-E8-5B-C5-BB-6B-B5-E8-B4-70-5F-EC-0A-F1-A3-71-B3-03-0B-23-AE-27-11-5D-DE-39-8D-9A-21-44-4D-1E-69-FF-F8-AE-DD-2E-76-FE-4B-F3-BC-F2-1F-11-F2-60-41-01-43-EC
Comment 1 Martin Baulig 2017-12-11 20:01:01 UTC
Nobody really uses DSA certificates anymore these days (and our TLS Stack doesn't support them), so I would consider this a feature / enhancement that we might consider at some future point.
Comment 2 Martin Baulig 2017-12-11 20:20:59 UTC
Related:
https://bugzilla.xamarin.com/show_bug.cgi?id=60836
Comment 3 Marek Safar 2018-01-05 17:37:16 UTC
Fixed in master