Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

RSACertificateExtensions.GetRSAPublicKey Error #86845

Closed
enycw001 opened this issue May 28, 2023 · 3 comments
Closed

RSACertificateExtensions.GetRSAPublicKey Error #86845

enycw001 opened this issue May 28, 2023 · 3 comments

Comments

@enycw001
Copy link

The result is different in.net7 and.net8
.net7 returns RSACng, which is correct
.net8 returns RSABCrypt
The following is the code

cert = new("cert.pfx", "123456");
public_rsa = (RSACng)cert.GetRSAPublicKey();
private_rsa = (RSACng)cert.GetRSAPrivateKey();
@ghost ghost added the untriaged New issue has not been triaged by the area owner label May 28, 2023
@ghost
Copy link

ghost commented May 28, 2023

Tagging subscribers to this area: @dotnet/area-system-security, @bartonjs, @vcsjones
See info in area-owners.md if you want to be subscribed.

Issue Details

The result is different in.net7 and.net8
.net7 returns RSACng, which is correct
.net8 returns RSABCrypt
The following is the code

cert = new("cert.pfx", "123456");
public_rsa = (RSACng)cert.GetRSAPublicKey();
private_rsa = (RSACng)cert.GetRSAPrivateKey();
Author: enycw001
Assignees: -
Labels:

area-System.Security, untriaged

Milestone: -

@stephentoub
Copy link
Member

stephentoub commented May 28, 2023

net7 returns RSACng, which is correct. .net8 returns RSABCrypt

They both return an RSA. The exact concrete derived type returned is not defined nor guaranteed and is considered an implementation detail. The actual type used was changed in #76277.

@vcsjones
Copy link
Member

Stephen is correct, this was an intentional change for .NET 8. The return type will vary by operating system already, so you should avoid casting it to a specific implementation.

Ideally you would just use the return value as it is without casting it - this will ensure correct cross-platform behavior.

If you really need an RSACng instance because you only need to support Windows, you can round trip the parameters to the desired concrete type:

RSA rsa = cert.GetRSAPublicKey();
RSACng cng = new RSACng();
cng.ImportParameters(rsa.ExportParameters(false));
rsa.Dispose();

Since this is working as intended, and there are solutions to continue to use RSACng if needed, I am going to close this out. If you feel this has been inadequately answered, please feel free to re-open the issue.

Thanks!

@vcsjones vcsjones closed this as not planned Won't fix, can't repro, duplicate, stale May 31, 2023
@ghost ghost removed the untriaged New issue has not been triaged by the area owner label May 31, 2023
@ghost ghost locked as resolved and limited conversation to collaborators Jun 30, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

3 participants