View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
000853210000-012: DiscoverySpecpublic2022-12-14 11:552024-12-12 19:19
ReporterZbynek Zahradnik Assigned ToRandy Armstrong  
PrioritynormalSeverityminorReproducibilityalways
Status resolvedResolutionfixed 
Product Version1.05.02 
Target Version?.??Fixed in Version1.05.05 RC1 
Summary0008532: Interoperability problems when GDS returns private key in PFX format
Description

I have observed interoperability problems when the client calls the StartNewKeyPairRequest and requests the privateKeyFormat format as PFX (and retrieves it using FinishRequest).

PFX is a container, and can contain just the private key. And that is indeed what OpenSSL-based implementations of GDS will do/are doing currently. They return the PFX which contains only the private key (which is correct per the UA spec).

There are, however, following problems with such PFX:
1) I found no way of processing/opening/importing it in .NET (both /.NET Framework and .NET 6+) , leaving aside writing the code to parse it out "manually".
2) Less importantly, Windows cannot view the contents of such PFX either (right-click -> Open).

What works for (1) and (2) above is when the PFX also contains the certificate itself.

I suggest that the spec is changed to require the PFX to contain both the private and the certificate.

TagsErrata Needed to Close
Commit Version1.05.05 RC1
Fix Due Date

Activities

Jim Luth

2023-03-23 21:54

administrator   ~0019032

Clarify the PFX must contain the public cert and the private key.

Randy Armstrong

2024-12-06 02:57

administrator   ~0022182

Now require the Certificate in PFX private key packages in 7.9.4

Jim Luth

2024-12-12 19:18

administrator   ~0022207

Agreed to text in 1.05.

Needs 1.04 Errata to Close.

Issue History

Date Modified Username Field Change
2022-12-14 11:55 Zbynek Zahradnik New Issue
2023-03-23 21:54 Jim Luth Note Added: 0019032
2023-03-23 21:54 Jim Luth Assigned To => Randy Armstrong
2023-03-23 21:54 Jim Luth Status new => assigned
2023-05-30 18:29 Jim Luth Target Version 1.05.03 => ?.??
2024-12-06 02:57 Randy Armstrong Status assigned => resolved
2024-12-06 02:57 Randy Armstrong Resolution open => fixed
2024-12-06 02:57 Randy Armstrong Fixed in Version => 1.05.05 RC1
2024-12-06 02:57 Randy Armstrong Commit Version => 1.05.05 RC1
2024-12-06 02:57 Randy Armstrong Note Added: 0022182
2024-12-12 19:18 Jim Luth Note Added: 0022207
2024-12-12 19:19 Jim Luth Tag Attached: Errata Needed to Close