certes icon indicating copy to clipboard operation
certes copied to clipboard
verified publisher icon fszlin

let PfxBuilder support setting the Cert Algorithm of PFX

Open zhaixiaowai opened this issue 1 year ago • 2 comments

Description

The default Cert Algorithm of Org.BouncyCastle.Pkcs.Pkcs12StoreBuilder is PkcsObjectIdentifiers.PbewithShaAnd40BitRC2Cbc

Android devices do not support RC2's pfx certificate by default, so the modified method here passes the Cert Algorithm into the custom Cert Algorithm of the exported PFX file.

For example: pfxBuilder.Build(friendlyName, pfxPassword, PkcsObjectIdentifiers.PbeWithShaAnd3KeyTripleDesCbc)

Checklist

  • [ ] All tests are passing
  • [ ] New tests were created to address changes in pr (and tests are passing)
  • [ ] Updated README and/or documentation, if necessary

Thanks for contributing!

zhaixiaowai avatar Feb 01 '24 08:02 zhaixiaowai

This is for a PFX you are installing directly into Android or as part a deployed app? The PFX cert algorithm doesn't affect public consumers of the cert if you're just using the cert for a service (e.g. an API server).

webprofusion-chrisc avatar Feb 01 '24 09:02 webprofusion-chrisc

I have embedded Certes into Maui, and I need to issue a certificate on Android, then parse it into X509Certificate2. However, due to Android's lack of support for RC2, I am unable to initialize X509Certificate2 successfully. If pfxBuilder.Build() could support custom Cert Algorithm, then I could parse X509Certificate2 on Android without relying on other API services.

like

var pfx = pfxBuilder.Build(friendlyName, pfxPassword, PkcsObjectIdentifiers.PbeWithShaAnd3KeyTripleDesCbc) ?? throw new Exception($"pfx create err"); var x509Cert = new X509Certificate2(pfx, pfxPassword) ?? throw new Exception($"pfx restore to cert err");

zhaixiaowai avatar Feb 01 '24 09:02 zhaixiaowai