Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
RsaSecurityKey.HasPrivateKey throws a NotSupportedException when the underlying algorithm instance is a RSACng on .NET Desktop
See original GitHub issueSystem.NotSupportedException: Méthode non prise en charge.
à System.Security.Cryptography.RSA.DecryptValue(Byte[] rgb)
à Microsoft.IdentityModel.Tokens.RsaSecurityKey.get_HasPrivateKey()
In > .NET 4.6, RSA.DecryptValue and RSA.EncryptValue are considered as “obsolete” (which is a very debatable choice, IMHO) and are now virtual instead of abstract. It wouldn’t be a big deal if RSACng implemented them… but it does not. The sad news is that IdentityModel can’t handle RSACng-based keys on .NET Desktop as it uses RSA.DecryptValue to “determine” if there’s a private key (I guess IM 4.5 Desktop is similarly impacted).
Ideally, we should use Decrypt(byte[] data, RSAEncryptionPadding padding) or SignData(byte[] data, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding) but these APIs are not part of .NET 4.5. One option might be to re-target IM 5 to require .NET 4.6. Another one is to use reflection to use these new APIs when they exist.
Reference: http://referencesource.microsoft.com/#mscorlib/system/security/cryptography/rsa.cs,193
Issue Analytics
- State:
- Created 7 years ago
- Reactions:1
- Comments:32 (26 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
@ohadschn glad it worked. @PinpointTownes fair enough. POR is to get this into 5.2.0 release.
I’m fine doing that, but this ticket should be re-open to fix the existing API on existing targets.
Actually, it could even be a
bool, because the decrypting/encrypting/signing/verifying operation either fails or succeeds (there’s no intermediate state).