azure-activedirectory-identitymodel-extensions-for-dotnet: RsaSecurityKey.HasPrivateKey throws a NotSupportedException when the underlying algorithm instance is a RSACng on .NET Desktop

System.NotSupportedException: Méthode non prise en charge.
   à System.Security.Cryptography.RSA.DecryptValue(Byte[] rgb)
   à Microsoft.IdentityModel.Tokens.RsaSecurityKey.get_HasPrivateKey()

In > .NET 4.6, RSA.DecryptValue and RSA.EncryptValue are considered as “obsolete” (which is a very debatable choice, IMHO) and are now virtual instead of abstract. It wouldn’t be a big deal if RSACng implemented them… but it does not. The sad news is that IdentityModel can’t handle RSACng-based keys on .NET Desktop as it uses RSA.DecryptValue to “determine” if there’s a private key (I guess IM 4.5 Desktop is similarly impacted).

Ideally, we should use Decrypt(byte[] data, RSAEncryptionPadding padding) or SignData(byte[] data, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding) but these APIs are not part of .NET 4.5. One option might be to re-target IM 5 to require .NET 4.6. Another one is to use reflection to use these new APIs when they exist.


/cc @brentschmaltz @polita

About this issue

  • Original URL
  • State: closed
  • Created 8 years ago
  • Reactions: 1
  • Comments: 32 (26 by maintainers)

Commits related to this issue

Most upvoted comments

@ohadschn glad it worked. @PinpointTownes fair enough. POR is to get this into 5.2.0 release.