Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

X509Certificate Algorithm 'RC2' is not supported on this platform

See original GitHub issue

Description

Hi, we are planning to migrate a Xamarin project to MAUI when it’s going to be released. While experimenting with the MQTTnet library framework, I stumbled on this bug:

While creating a new instance of a System.Security.Cryptography.X509Certificates.X509Certificate2 using a password protected .pfx certificate file The following error occurs:

[DOTNET]    at Internal.Cryptography.Pal.UnixPkcs12Reader.DecryptAndProcessSafeContents(ReadOnlySpan`1 password, CertBagAsn[]& certBags, AttributeA01-27 10:06:22.806 I/DOTNET  ( 3826):  ---> System.PlatformNotSupportedException: Algorithm 'RC2' is not supported on this platform.
[DOTNET]    at System.Security.Cryptography.PasswordBasedEncryption.CreateRC2()

I don’t know if it ever worked in previous MAUI releases, but it works in a Xamarin Forms project using the 5.0.0.2337 release. It also works in a net6.0 console application.

image

Steps to Reproduce

  1. Create a File > New .NET MAUI App
  2. Add a valid password protected .pfx Certificate to the Embedded resources of the project
  3. Add theses “using” to the MainPage.xml.cs
using System.Reflection;
using System.Security.Cryptography.X509Certificates;
  1. Add theses lines of code to the MainPage Constructor
public MainPage()
{
	InitializeComponent();
	// Read certificates bytes
	var assembly = typeof(App).GetTypeInfo().Assembly;
	var mqttUserStream = assembly.GetManifestResourceStream("MauiApp1.pfxCertificate.pfx");
	byte[] mqttUserBuffer;
	using (var memoryStream = new MemoryStream())
	{
		mqttUserStream.CopyTo(memoryStream);
		mqttUserBuffer = memoryStream.ToArray();
	}
	try
	{
		var clientCert = new X509Certificate2(mqttUserBuffer, "PFXFilePAsswordHere");
	}
	catch (Exception ex)
	{ 
		Console.WriteLine(ex);
	}
}
  1. Start the app in a Android Device or Emulator
  2. Observe the Exception thrown.

Version with bug

Preview 12 (current)

Last version that worked well

Unknown/Other

Affected platforms

Android, I was not able test on other platforms

Affected platform versions

Android 9 and up.

Did you find any workaround?

No response

Relevant log output

[DOTNET] System.Security.Cryptography.CryptographicException: The certificate data cannot be read with the provided password, the password may be incorrect.
[DOTNET]    at Internal.Cryptography.Pal.UnixPkcs12Reader.DecryptAndProcessSafeContents(ReadOnlySpan`1 password, CertBagAsn[]& certBags, AttributeA01-27 10:06:22.806 I/DOTNET  ( 3826):  ---> System.PlatformNotSupportedException: Algorithm 'RC2' is not supported on this platform.
[DOTNET]    at System.Security.Cryptography.PasswordBasedEncryption.CreateRC2()
[DOTNET]    at System.Security.Cryptography.PasswordBasedEncryption.Decrypt(AlgorithmIdentifierAsn& algorithmIdentifier, ReadOnlySpan`1 password, ReadOnlySpan`1 passwordBytes, ReadOnlySpan`1 encryptedData, Span`1 destination)
[DOTNET]    at Internal.Cryptography.Pal.UnixPkcs12Reader.DecryptSafeContents(ReadOnlySpan`1 password, ContentInfoAsn& safeContentsAsn)
[DOTNET]    at Internal.Cryptography.Pal.UnixPkcs12Reader.DecryptAndProcessSafeContents(ReadOnlySpan`1 password, CertBagAsn[]& certBags, AttributeAsn[][]& certBagAttrs, Int32& certBagIdx, SafeBagAsn[]& keyBags, Int32& keyBagIdx)
[DOTNET]    at Internal.Cryptography.Pal.UnixPkcs12Reader.Decrypt(ReadOnlySpan`1 password, ReadOnlyMemory`1 authSafeContents)
[DOTNET]    at Internal.Cryptography.Pal.UnixPkcs12Reader.VerifyAndDecrypt(ReadOnlySpan`1 password, ReadOnlyMemory`1 authSafeContents)
[DOTNET]    at Internal.Cryptography.Pal.UnixPkcs12Reader.Decrypt(SafePasswordHandle password, Boolean ephemeralSpecified)
[DOTNET]    --- End of inner exception stack trace ---
[DOTNET]    at Internal.Cryptography.Pal.UnixPkcs12Reader.Decrypt(SafePasswordHandle password, Boolean ephemeralSpecified)
[DOTNET]    at Interna01-27 10:06:22.807 I/DOTNET  ( 3826):    at Internal.Cryptography.Pal.AndroidCertificatePal.ReadPkcs12(ReadOnlySpan`1 rawData, SafePasswordHandle password, Boolean ephemeralSpecified)
[DOTNET]    at Internal.Cryptography.Pal.AndroidCertificatePal.FromBlob(ReadOnlySpan`1 rawData, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags)
[DOTNET]    at Internal.Cryptography.Pal.CertificatePal.FromBlob(ReadOnlySpan`1 rawData, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags)
[DOTNET]    at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(Byte[] rawData, String password, X509KeyStorageFlags keyStorageFlags)
[DOTNET]    at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(Byte[] rawData, String password)
[DOTNET]    at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(Byte[] rawData, String password)
[DOTNET]    at MauiApp1.MainPage..ctor() in C:\Users\kpantelakis\source\repos\MauiApp1\MauiApp1\MainPage.xaml.cs:line 23

Issue Analytics

  • State:closed
  • Created 2 years ago
  • Comments:5 (1 by maintainers)

github_iconTop GitHub Comments

1reaction
VincentBucommented, Mar 10, 2022

Hi @KevPantelakis , would you like to try this:

  1. Add pfx file to MauiAsset (not Embedded resources) of the project
  2. Add LoadMauiAsset method to MainPage class:
	async Task LoadMauiAsset()
        {
		var mqttUserStream = await FileSystem.OpenAppPackageFileAsync("pfxCertificate.pfx");

		byte[] mqttUserBuffer;
		using (var memoryStream = new MemoryStream())
		{
			mqttUserStream.CopyTo(memoryStream);
			mqttUserBuffer = memoryStream.ToArray();
		}

		try
		{
			var clientCert = new X509Certificate2(mqttUserBuffer, "1qaz@WSX");
			Console.WriteLine("successfully load pfx file");
		}
		catch (Exception ex)
		{
			Console.WriteLine(ex.Message);
		}
	}
  1. Add theses code to the MainPage Constructor
Task task = LoadMauiAsset();
task.Wait();

The app doesn’t throw any exception for me.

0reactions
Redthcommented, Mar 22, 2022

Sounds like there’s a workaround here for supported API’s on MAUI, thanks for posting. Please open a new issue if necessary in the future.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Read X509 certificate in android .net 6.0 application
So the questions are: Does anyone know why is this code unsupported? Could I somehow use x509 certificate in my .net 6.0 android...
Read more >
X509Certificate (6.0 API Documentation)
X.509 certificates are described platform-independently by using the Abstract Syntax ... getInstance(algorithm,provider) is not available method Signature.
Read more >
System.Security.Cryptography.X509Certificates 4.3.2
Provides types for reading, exporting and verifying Authenticode X.509 v3 certificates. These certificates are signed with a private key ...
Read more >
X509Certificate.GetKeyAlgorithm Method (System.Security. ...
Returns the key algorithm information for this X.509v3 certificate as a string.
Read more >
Security | Apple Developer Forums
Hi all, I am trying to get a mutual authentication (client authentication) connection working (sockets, not http and all local network currently) which...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

The MAUI app project template does not target windows out-of-the-box

Next page

.NET MAUI Windows target publishing/archiving