azure-activedirectory-identitymodel-extensions-for-dotnet: RsaSecurityKey.HasPrivateKey throws a NotSupportedException when the underlying algorithm instance is a RSACng on .NET Desktop
System.NotSupportedException: Méthode non prise en charge.
à System.Security.Cryptography.RSA.DecryptValue(Byte[] rgb)
à Microsoft.IdentityModel.Tokens.RsaSecurityKey.get_HasPrivateKey()
In > .NET 4.6, RSA.DecryptValue and RSA.EncryptValue are considered as “obsolete” (which is a very debatable choice, IMHO) and are now virtual instead of abstract. It wouldn’t be a big deal if RSACng implemented them… but it does not. The sad news is that IdentityModel can’t handle RSACng-based keys on .NET Desktop as it uses RSA.DecryptValue to “determine” if there’s a private key (I guess IM 4.5 Desktop is similarly impacted).
Ideally, we should use Decrypt(byte[] data, RSAEncryptionPadding padding) or SignData(byte[] data, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding) but these APIs are not part of .NET 4.5. One option might be to re-target IM 5 to require .NET 4.6. Another one is to use reflection to use these new APIs when they exist.
Reference: http://referencesource.microsoft.com/#mscorlib/system/security/cryptography/rsa.cs,193
About this issue
- Original URL
- State: closed
- Created 8 years ago
- Reactions: 1
- Comments: 32 (26 by maintainers)
Commits related to this issue
- Issue #480 fix hasPrivateKey issue — committed to AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet by lovemaths 7 years ago
- Issue #480 fix hasPrivateKey issue — committed to AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet by lovemaths 7 years ago
- Issue #480 fix hasPrivateKey issue — committed to AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet by lovemaths 7 years ago
- Issue #480 fix hasPrivateKey issue — committed to AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet by lovemaths 7 years ago
@ohadschn glad it worked. @PinpointTownes fair enough. POR is to get this into 5.2.0 release.