View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
000853210000-012: DiscoverySpecpublic2022-12-14 11:552023-05-30 18:29
ReporterZbynek Zahradnik Assigned ToRandy Armstrong  
PrioritynormalSeverityminorReproducibilityalways
Status assignedResolutionopen 
Product Version1.05.02 
Target Version?.?? 
Summary0008532: Interoperability problems when GDS returns private key in PFX format
Description

I have observed interoperability problems when the client calls the StartNewKeyPairRequest and requests the privateKeyFormat format as PFX (and retrieves it using FinishRequest).

PFX is a container, and can contain just the private key. And that is indeed what OpenSSL-based implementations of GDS will do/are doing currently. They return the PFX which contains only the private key (which is correct per the UA spec).

There are, however, following problems with such PFX:
1) I found no way of processing/opening/importing it in .NET (both /.NET Framework and .NET 6+) , leaving aside writing the code to parse it out "manually".
2) Less importantly, Windows cannot view the contents of such PFX either (right-click -> Open).

What works for (1) and (2) above is when the PFX also contains the certificate itself.

I suggest that the spec is changed to require the PFX to contain both the private and the certificate.

TagsNo tags attached.
Commit Version
Fix Due Date

Activities

Jim Luth

2023-03-23 21:54

administrator   ~0019032

Clarify the PFX must contain the public cert and the private key.

Issue History

Date Modified Username Field Change
2022-12-14 11:55 Zbynek Zahradnik New Issue
2023-03-23 21:54 Jim Luth Note Added: 0019032
2023-03-23 21:54 Jim Luth Assigned To => Randy Armstrong
2023-03-23 21:54 Jim Luth Status new => assigned
2023-05-30 18:29 Jim Luth Target Version 1.05.03 => ?.??