首页 新闻 会员 周边

.NET 5.0 在 Linux 上读取 pfx 证书的问题

0
悬赏园豆:50 [已解决问题] 解决于 2020-10-16 22:37

下面的代码在 .net core 3.1 中可以在 linux 上正常读取 pfx 证书,升级到 .net 5.0 之后却无法在 linux 上读取 pfx 证书(在 windows 上没问题)

public static class CertificateFactory
{
    public static X509Certificate2 DefaultCertificate
    {
        get
        {
            var assembly = typeof(CertificateFactory).GetTypeInfo().Assembly;
            using (var stream = assembly.GetManifestResourceStream(
                assembly.GetManifestResourceNames().First(r => r.EndsWith("cnblogs.pfx"))))
            {
                if (stream == null)
                    throw new ArgumentNullException(nameof(stream));

                var bytes = new byte[stream.Length];
                stream.Read(bytes, 0, bytes.Length);
                return new X509Certificate2(bytes);
            }
        }
    }
}

报错信息如下

289   System.Security.Cryptography.CryptographicException : The certificate data cannot be read with the provided password, the password may be incorrect.
290---- System.Security.Cryptography.CryptographicException : The certificate data cannot be read with the provided password, the password may be incorrect.
291  Stack Trace:
292     at Internal.Cryptography.Pal.UnixPkcs12Reader.Decrypt(SafePasswordHandle password)
293   at Internal.Cryptography.Pal.PkcsFormatReader.TryReadPkcs12(OpenSslPkcs12Reader pfx, SafePasswordHandle password, Boolean single, ICertificatePal& readPal, List`1& readCerts)
294   at Internal.Cryptography.Pal.PkcsFormatReader.TryReadPkcs12(ReadOnlySpan`1 rawData, SafePasswordHandle password, Boolean single, ICertificatePal& readPal, List`1& readCerts, Exception& openSslException)
295   at Internal.Cryptography.Pal.OpenSslX509CertificateReader.FromBlob(ReadOnlySpan`1 rawData, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags)
296   at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(Byte[] rawData, String password, X509KeyStorageFlags keyStorageFlags)
297   at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(Byte[] rawData, String password)

请问如何解决?

问题补充:

github 上的相关 issue :Linux and Mac have CryptographicException with generic HResult for bad password opening a PFX
dudu的主页 dudu | 高人七级 | 园豆:30979
提问于:2020-10-16 15:23
< >
分享
最佳答案
0

提示密码不对,可能需要再linux系统上重新生成一个pfx

收获园豆:50
E行者 | 小虾三级 |园豆:1761 | 2020-10-16 15:42

传入密码也是同样的报错,.NET 3.1 中不需要密码也能读取

dudu | 园豆:30979 (高人七级) | 2020-10-16 15:45

的确是密码不对

dudu | 园豆:30979 (高人七级) | 2020-10-16 22:38
其他回答(2)
0

为啥我升级为5.0后出现另一个错误,可以指教下吗
Interop+Crypto+OpenSslCryptographicException: error:2006D080:BIO routines:BIO_new_file:no such file

问题地址:https://q.cnblogs.com/q/133841/

灬丶 | 园豆:2 (初学一级) | 2021-03-09 14:15
0

这个问题我今天也遇到了
https://github.com/dotnet/runtime/issues/44535
按照帖子里面生成证书的时候删掉 -certfile [xxxx].crt 就可以了

InCerry | 园豆:419 (菜鸟二级) | 2021-09-17 09:57
清除回答草稿
   您需要登录以后才能回答,未注册用户请先注册