c# - Getting certificicate from decimal value serial number failed -

April 15, 2010

i using encryptedxml class decrypt part of xml document. within called following .net method :

public virtual symmetricalgorithm getdecryptionkey (encrypteddata encrypteddata, string symmetricalgorithmuri)

node of xml document encrypted self signed certificate. here xml key info details :

<keyinfo>  <ds:x509data xmlns:ds="http://www.w3.org/2000/09/xmldsig#">    <ds:x509issuerserial>   <ds:x509issuername>cn=certname</ds:x509issuername>   <ds:x509serialnumber>-180xxx</ds:x509serialnumber>   </ds:x509issuerserial>  </ds:x509data> </keyinfo>

i have certificate added in localmachine/personal cert store. when execute code got :

system.security.cryptography.cryptographicexception: unable retrieve decryption key.    @ system.security.cryptography.xml.encryptedxml.getdecryptionkey(encrypteddata encrypteddata, string symmetricalgorithmuri)    @ webcom.common.federation.saml.customencryptedxml.getdecryptionkey(encrypteddata encrypteddata, string symmetricalgorithmuri) in

then reflected .net code , found executed :

public static void getfromserial(string serialname, string serialnumber) {     x509certificate2collection collection = new x509certificate2collection();     x509store[] stores = new x509store[2];     string storename = "my";      stores[0] = new x509store(storename, storelocation.currentuser);     stores[1] = new x509store(storename, storelocation.localmachine);      (int index = 0; index < stores.length; index++)     {         x509certificate2collection filters = null;         stores[index].open(openflags.readonly | openflags.openexistingonly);         filters = stores[index].certificates;         stores[index].close();         filters = filters.find(x509findtype.findbyissuerdistinguishedname, serialname, false);         filters = filters.find(x509findtype.findbyserialnumber, serialnumber, false);          if (filters != null)             collection.addrange(filters);     } }

problem line :

filters = filters.find(x509findtype.findbyserialnumber, serialnumber, false);

for serial number have here got empty collection.

then converted serial number hexadecimal value. , tried same method , works perfectly.

is problem here have negative big integer or else ? negative because using self sign certificate.

problem serial number negative value in integer format not satisfying rfc 3280 (http://tools.ietf.org/html/rfc3280#section-4.1.2.2) says :

4.1.2.2 serial number serial number must positive integer assigned ca each certificate. must unique each certificate issued given ca (i.e., issuer name , serial number identify unique certificate). cas must force serialnumber non-negative integer.

microsoft code following standard. results in failure of getting certificate depend on negative serial number.

i have issue new self signed certificate follow standard.

Search This Blog

My

c# - Getting certificicate from decimal value serial number failed -

Comments

Post a Comment

Popular posts from this blog

javascript - RequestAnimationFrame not working when exiting fullscreen switching space on Safari -

java - How get ALL url pictures of post with Facebook4J? -

Python ctypes access violation with const pointer arguments -