Security LoadPFX in Linux

+1 vote
asked Dec 18, 2020 by David BS (270 points)


I'm using Rebex.Security to load a file (and its private key) in Linux (.NET Core 5), using the following command:

ThisCert = Rebex.Security.Certificates.Certificate.LoadPfx(CertLocal, CertPassword)

The command successfuly loads the PFX in Windows environment, but not in Linux (Ubuntu 20.04).

Interesting notice that I print the "CertLocal" to see if the problem could be related to slashes ("/" or "\") but everything appears in Linux format ("/"), what suggest to me a kind of bug.

Am I right?

Warm hugs to all.

commented Dec 18, 2020 by David BS (270 points)
Just an additional comment:

if using instead LoadPfx method the:

ThisCert = New X509Certificate2(CertLocal, CertPassword)

the program runs normally in Linux, which suggest that .Net Core may be handling the slashes accordingly to the linux default path separator ("/").

Reading MS documentation about that path separator, seems that Windows 8.1 (and newer) can handle the "/" pattern like the DOS one ("\"). I verified it using a CMD window and changing the current path using "/".

Kindest regards and warm hugs.

1 Answer

0 votes
answered Dec 21, 2020 by Lukas Pokorny (117,510 points)
selected Dec 22, 2020 by David BS
Best answer

Certificate.LoadPfx method should work in .NET Core on Linux without any issues as long as forward slashes ('/') are used.

If you are having any issue with this, please catch the exception thrown by the LoadPfx call and copy&paste the string returned by the exception's .ToString() method here.

commented Dec 21, 2020 by David BS (270 points)
Hi Lukas, thanks for your answer.

I saw the problem was NOT related to the certificate load, but when I check if it has Private Key (which it has):

ThisCert = Rebex.Security.Certificates.Certificate.LoadPfx(CertLocal, CertPassword)

If ThisCert.HasPrivateKey Then
        Return ThisCert
        ERROR:   no Private Key available
End If

If I use "X509Certificate2(CertLocal, CertPassword)" instead "LoadPfx" I can get this property accordingly.

Warm hugs
commented Dec 21, 2020 by Lukas Pokorny (117,510 points)
This seems very strange, because in .NET Core on Linux (unlike Windows), the Certificate.LoadPfx(...) method actually uses .NET's X509Certificate2 to load PFX files, and it also calls HasPrivateKey() to make sure the private key has been loaded before returning the newly-createed Certificate instance. That means the code above should have failed in the LoadPfx call already.

Which version (and platform) of Rebex.Common.dll do you use?
commented Dec 21, 2020 by David BS (270 points)
I'm using now VS-2019 16.8.3, compiling the NET-5 project as "net5.0 - Portable" and testing into an Ubuntu 20.04.1 LTS.

The Rebex is being utilized as NuGet package (Rebex.Security.Full) version 5.0.7620 (stable)

And no Lucas... I can get "ThisCert" at the LoadPfx, except if it really loads the certificate and, internally, aborts during the HasPrivate check.
commented Dec 21, 2020 by Lukas Pokorny (117,510 points)
The LoadPfx method actually calls HasPrivateKey before returning the newly-created Certificate instance, and throws an exception if it returns False, so the only reasonable explanation for the behavior you describe is that the HasPrivateKey returned True when it was called for the first time, but then returned False the second time.

Do you get the same behavior with all PFX files, or only for some?

I just tried loading a bunch of PFX files on Ubuntu 20.04.1 LTS (x64) with .NET 5.0 and the following application seems to be working fine:

Imports System

Module Program
    Sub Main(args As String())
        Dim CertLocal As String = args(0)
        Dim CertPassword As String = args(1)
        Dim ThisCert = Rebex.Security.Certificates.Certificate.LoadPfx(CertLocal, CertPassword)
        If ThisCert.HasPrivateKey Then
            Console.WriteLine("No private key")
        End If
    End Sub
End Module
commented Dec 21, 2020 by David BS (270 points)
Lukas, I really get no exception at all... simply the checking of ThisCert.HasPrivate returns false.

Please, give me some hours to perform your test with another certificate. Tomorrow I'll be back with answers.

Thank you very much for your whole attention.
commented Dec 21, 2020 by Lukas Pokorny (117,510 points)
No problem, we would really like to understand and resolve this.
Does the simple app I copy&pasted above end with "No private key" as well for the PFX you are using?
commented Dec 22, 2020 by David BS (270 points)
Yes, your code ran normally, without any issue.

So, the problem may be in my code, any way... I'll investigate it later.

Thank you so much Lukas.
commented Jan 4 by Lukas Pokorny (117,510 points)
Have you been able to find the cause of this? If you think it might be related to Rebex libraries, please let us know!
commented Jan 4 by David BS (270 points)
Not at all since these days I went off for holidays. I'll investigate again this week Lukas.
See you soon.