Runtime: CryptographicException decoding TLS cert in 5.0.0 preview, linux only (Fine in 3.1.2)

@bartonjs regression apparently?

I'll have a look.

Full stack for reference.

 ---> System.Security.Cryptography.CryptographicException: A certificate referenced a private key which was already referenced, or could not be loaded.
   at Internal.Cryptography.Pal.UnixPkcs12Reader.BuildCertsWithKeys(CertBagAsn[] certBags, AttributeAsn[][] certBagAttrs, CertAndKey[] certs, Int32 certBagIdx, SafeBagAsn[] keyBags, RentedSubjectPublicKeyInfo[] publicKeyInfos, AsymmetricAlgorithm[] keys, Int32 keyBagIdx)
   at Internal.Cryptography.Pal.UnixPkcs12Reader.Decrypt(ReadOnlySpan`1 password, ReadOnlyMemory`1 authSafeContents)
   at Internal.Cryptography.Pal.UnixPkcs12Reader.VerifyAndDecrypt(ReadOnlySpan`1 password, ReadOnlyMemory`1 authSafeContents)
   at Internal.Cryptography.Pal.UnixPkcs12Reader.Decrypt(SafePasswordHandle password)
   --- End of inner exception stack trace ---
   at Internal.Cryptography.Pal.UnixPkcs12Reader.Decrypt(SafePasswordHandle password)
   at Internal.Cryptography.Pal.PkcsFormatReader.TryReadPkcs12(OpenSslPkcs12Reader pfx, SafePasswordHandle password, Boolean single, ICertificatePal& readPal, List`1& readCerts)
   at Internal.Cryptography.Pal.PkcsFormatReader.TryReadPkcs12(Byte[] rawData, SafePasswordHandle password, Boolean single, ICertificatePal& readPal, List`1& readCerts, Exception& openSslException)
   at Internal.Cryptography.Pal.OpenSslX509CertificateReader.FromBlob(Byte[] rawData, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags)
   at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(Byte[] rawData, String password, X509KeyStorageFlags keyStorageFlags)
   at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(Byte[] rawData, String password)
   at Program.Main() in /code/personal/scratch/Program.cs:line 10

Reduced test case, this fails in Linux but works on Windows.

using System;
using System.Security.Cryptography;

public class Program {
    static void Main() {
        string keyStr = "ME0CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQcEMzAxAgEBBCDaB5vgkVIrCMAOrzS5QzWy4DZ1Jrp7xZDaND0HOOweHaAKBggqhkjOPQMBBw==";
        var key = Convert.FromBase64String(keyStr);
        using var ecdsa = ECDsa.Create();
        ecdsa.ImportPkcs8PrivateKey(key, out _);
        Console.WriteLine(ecdsa.KeySize);
    }
}

@vcsjones ... I feel the need to inform you that you are a genius. Just sayin'.

@joshlang @bartonjs gist of the issue is that the ECPrivateKey is missing the public key. As defined in https://www.secg.org/sec1-v2.pdf part C.4, the public key is optional.

Basically, we're running in to this condition:

https://github.com/dotnet/runtime/blob/f80a5147ef7662c3238275568c9dad7655a9684f/src/libraries/Common/src/System/Security/Cryptography/EccKeyFormatHelper.cs#L108-L109

The private key does carry the private key, so it seems that Windows is re-deriving the public key from the private key. The PKCS8 helpers require the pre-calculated public key. The comment there makes me think this is a known limitation. The behavior difference is that on Windows, CNG handles all of the PKCS8 key import. On Linux, it is decoded and the parameters are imported manually.

It regressed in .NET Core 5.0 because the PKCS12 reader is going from a "implemented mostly with OpenSSL" to a more managed implementation. The no-public-key limitation exists in 3.1, however PKCS12 reading didn't use it until 5.0. I would assume that OpenSSL's PKCS12 reader is also re-deriving the public key when needed.

As a work around, if you round-trip your certifcate / p12 through openssl, the re-exported contents will work in .NET Core 5.0.

openssl pkcs12 -in key.p12 -out re-exported.p12

Where key.p12 is a file containing the bytes of certraw, and and then re-exported.12 contains the bytes with it fixed up.

So I guess we need to look into whether we can get an import to work when we have D but not Q.

My gut says that something (probably macOS) was too picky about something with PKCS#8, which is why I didn't send it to the native layers on Unix systems. (Windows CNG respects some attributes to limit key usage, and we ignore attributes, so we had to ask Windows to do the import for us on Windows)

we need to look into whether we can get an import to work when we have D but not Q.

@bartonjs

I don't know about macOS, but for openssl we can re-calculate it with EC_KEY_set_private_key EC_POINT_mul, and finally EC_POINT_point2bn since we have the curve. I don't know where to begin to look at this for macOS.

Is it worth fixing for the openssl code path at least?

I've run into this D but not Q limitation several times before, whether for this, or stuff like deriving bitcoin addresses from private keys, etc.

I must admit... I've always wondered - why not just do the calculation? I'm only familiar with a couple curves - so maybe it's not so easy as an EC multiplication for all cases?

I've always wondered - why not just do the calculation?

We don't have an ECC calculator in the .NET layer; we work with the underlying system libraries opaquely through key objects... so then we're subject to limitations they have at the import/export/create boundary.

Is it worth fixing for the openssl code path at least?

Absent the PFX regression I'd say it's a nice-to-have enhancement. Given the context of this report, I'd say we should do it, to prevent the regression.

for openssl we can re-calculate it with ...

Looks like it might be

EC_GROUP* group = EC_KEY_get0_group(key);
EC_POINT* pubkey = EC_POINT_new(group);
EC_POINT_mul(group, pubkey, d, NULL, NULL, NULL);

with proper error checking, of course. We could do that in https://github.com/dotnet/runtime/blob/master/src/libraries/Native/Unix/System.Security.Cryptography.Native/pal_ecc_import_export.c#L374 as an else if (d != NULL).

If we can make Q.X == null && Q.Y == null work for Windows (worst case? make a PKCS#8 :smile:) and macOS, we can just soften the constraints in ImportParameters to require ((Y == null) == (X == null)) && (X != null || D != null). I'd rather not soften them in only one OS family.

Absent the PFX regression I'd say it's a nice-to-have enhancement. Given the context of this report, I'd say we should do it, to prevent the regression.

Fixing it has my vote too (even though there's a workaround).

We generate certificates using the popular Certes library to generate TLS certificates from Let's Encrypt. I imagine that it's a common enough scenario that it's worth fixing.

We don't have an ECC calculator in the .NET layer;

^-- easy fix. Just import BouncyCastle into .net core runtime. ............lol

As a work around, if you round-trip your certifcate / p12 through openssl, the re-exported contents will work in .NET Core 5.0.

openssl pkcs12 -in key.p12 -out re-exported.p12

Where key.p12 is a file containing the bytes of certraw, and and then re-exported.12 contains the bytes with it fixed up.

Unfortunately, this doesn't work (or I'm doing it wrong).

The command used to transform: openssl pkcs12 -in cert.pfx -out out.pfx -passin pass:symetria -passout pass:symetria

Test code - the raw byte array is the out.pfx outputted above:

var rawCert = new byte[] { 66, 97, 103, 32, 65, 116, 116, 114, 105, 98, 117, 116, 101, 115, 10, 32, 32, 32, 32, 108, 111, 99, 97, 108, 75, 101, 121, 73, 68, 58, 32, 67, 66, 32, 56, 52, 32, 52, 52, 32, 50, 56, 32, 49, 65, 32, 51, 51, 32, 50, 51, 32, 57, 68, 32, 67, 65, 32, 54, 65, 32, 69, 57, 32, 57, 66, 32, 54, 52, 32, 56, 69, 32, 66, 49, 32, 55, 57, 32, 65, 51, 32, 52, 70, 32, 66, 66, 32, 54, 53, 32, 10, 32, 32, 32, 32, 102, 114, 105, 101, 110, 100, 108, 121, 78, 97, 109, 101, 58, 32, 97, 112, 112, 46, 100, 101, 118, 46, 115, 121, 109, 101, 116, 114, 105, 97, 46, 105, 111, 10, 75, 101, 121, 32, 65, 116, 116, 114, 105, 98, 117, 116, 101, 115, 58, 32, 60, 78, 111, 32, 65, 116, 116, 114, 105, 98, 117, 116, 101, 115, 62, 10, 45, 45, 45, 45, 45, 66, 69, 71, 73, 78, 32, 69, 78, 67, 82, 89, 80, 84, 69, 68, 32, 80, 82, 73, 86, 65, 84, 69, 32, 75, 69, 89, 45, 45, 45, 45, 45, 10, 77, 73, 71, 97, 77, 69, 52, 71, 67, 83, 113, 71, 83, 73, 98, 51, 68, 81, 69, 70, 68, 84, 66, 66, 77, 67, 107, 71, 67, 83, 113, 71, 83, 73, 98, 51, 68, 81, 69, 70, 68, 68, 65, 99, 66, 65, 106, 77, 108, 55, 112, 54, 65, 111, 78, 49, 115, 119, 73, 67, 67, 65, 65, 119, 10, 68, 65, 89, 73, 75, 111, 90, 73, 104, 118, 99, 78, 65, 103, 107, 70, 65, 68, 65, 85, 66, 103, 103, 113, 104, 107, 105, 71, 57, 119, 48, 68, 66, 119, 81, 73, 98, 82, 76, 72, 73, 79, 113, 50, 90, 108, 115, 69, 83, 75, 80, 54, 115, 74, 48, 119, 74, 54, 121, 53, 80, 97, 87, 82, 10, 119, 79, 50, 81, 110, 53, 50, 112, 116, 57, 103, 118, 122, 53, 67, 121, 83, 84, 116, 70, 70, 47, 50, 109, 109, 113, 86, 109, 89, 115, 111, 113, 112, 109, 99, 49, 110, 86, 98, 83, 86, 79, 76, 50, 49, 82, 121, 76, 72, 100, 67, 48, 113, 49, 107, 109, 49, 104, 52, 69, 77, 72, 100, 104, 10, 78, 78, 88, 89, 119, 68, 70, 115, 117, 119, 99, 100, 119, 110, 81, 53, 71, 65, 61, 61, 10, 45, 45, 45, 45, 45, 69, 78, 68, 32, 69, 78, 67, 82, 89, 80, 84, 69, 68, 32, 80, 82, 73, 86, 65, 84, 69, 32, 75, 69, 89, 45, 45, 45, 45, 45, 10, 66, 97, 103, 32, 65, 116, 116, 114, 105, 98, 117, 116, 101, 115, 10, 32, 32, 32, 32, 108, 111, 99, 97, 108, 75, 101, 121, 73, 68, 58, 32, 67, 66, 32, 56, 52, 32, 52, 52, 32, 50, 56, 32, 49, 65, 32, 51, 51, 32, 50, 51, 32, 57, 68, 32, 67, 65, 32, 54, 65, 32, 69, 57, 32, 57, 66, 32, 54, 52, 32, 56, 69, 32, 66, 49, 32, 55, 57, 32, 65, 51, 32, 52, 70, 32, 66, 66, 32, 54, 53, 32, 10, 32, 32, 32, 32, 102, 114, 105, 101, 110, 100, 108, 121, 78, 97, 109, 101, 58, 32, 97, 112, 112, 46, 100, 101, 118, 46, 115, 121, 109, 101, 116, 114, 105, 97, 46, 105, 111, 10, 115, 117, 98, 106, 101, 99, 116, 61, 67, 78, 32, 61, 32, 97, 112, 112, 46, 100, 101, 118, 46, 115, 121, 109, 101, 116, 114, 105, 97, 46, 105, 111, 10, 10, 105, 115, 115, 117, 101, 114, 61, 67, 32, 61, 32, 85, 83, 44, 32, 79, 32, 61, 32, 76, 101, 116, 39, 115, 32, 69, 110, 99, 114, 121, 112, 116, 44, 32, 67, 78, 32, 61, 32, 76, 101, 116, 39, 115, 32, 69, 110, 99, 114, 121, 112, 116, 32, 65, 117, 116, 104, 111, 114, 105, 116, 121, 32, 88, 51, 10, 10, 45, 45, 45, 45, 45, 66, 69, 71, 73, 78, 32, 67, 69, 82, 84, 73, 70, 73, 67, 65, 84, 69, 45, 45, 45, 45, 45, 10, 77, 73, 73, 69, 114, 84, 67, 67, 65, 53, 87, 103, 65, 119, 73, 66, 65, 103, 73, 83, 66, 77, 69, 85, 71, 67, 109, 79, 67, 54, 99, 119, 103, 109, 55, 90, 104, 79, 56, 82, 77, 43, 54, 57, 77, 65, 48, 71, 67, 83, 113, 71, 83, 73, 98, 51, 68, 81, 69, 66, 67, 119, 85, 65, 10, 77, 69, 111, 120, 67, 122, 65, 74, 66, 103, 78, 86, 66, 65, 89, 84, 65, 108, 86, 84, 77, 82, 89, 119, 70, 65, 89, 68, 86, 81, 81, 75, 69, 119, 49, 77, 90, 88, 81, 110, 99, 121, 66, 70, 98, 109, 78, 121, 101, 88, 66, 48, 77, 83, 77, 119, 73, 81, 89, 68, 86, 81, 81, 68, 10, 69, 120, 112, 77, 90, 88, 81, 110, 99, 121, 66, 70, 98, 109, 78, 121, 101, 88, 66, 48, 73, 69, 70, 49, 100, 71, 104, 118, 99, 109, 108, 48, 101, 83, 66, 89, 77, 122, 65, 101, 70, 119, 48, 121, 77, 68, 65, 122, 77, 84, 107, 119, 77, 68, 69, 49, 78, 68, 70, 97, 70, 119, 48, 121, 10, 77, 68, 65, 50, 77, 84, 99, 119, 77, 68, 69, 49, 78, 68, 70, 97, 77, 66, 52, 120, 72, 68, 65, 97, 66, 103, 78, 86, 66, 65, 77, 84, 69, 50, 70, 119, 99, 67, 53, 107, 90, 88, 89, 117, 99, 51, 108, 116, 90, 88, 82, 121, 97, 87, 69, 117, 97, 87, 56, 119, 87, 84, 65, 84, 10, 66, 103, 99, 113, 104, 107, 106, 79, 80, 81, 73, 66, 66, 103, 103, 113, 104, 107, 106, 79, 80, 81, 77, 66, 66, 119, 78, 67, 65, 65, 83, 50, 108, 54, 117, 90, 49, 106, 100, 54, 77, 110, 55, 51, 120, 109, 57, 87, 76, 112, 81, 90, 113, 69, 112, 74, 80, 110, 115, 84, 99, 99, 55, 104, 10, 87, 86, 105, 54, 106, 68, 76, 112, 101, 107, 112, 120, 89, 118, 115, 103, 84, 98, 105, 66, 100, 47, 69, 98, 105, 117, 101, 119, 106, 73, 71, 118, 56, 68, 81, 53, 66, 98, 75, 53, 66, 56, 78, 52, 47, 89, 85, 75, 86, 86, 78, 107, 111, 52, 73, 67, 103, 106, 67, 67, 65, 110, 52, 119, 10, 68, 103, 89, 68, 86, 82, 48, 80, 65, 81, 72, 47, 66, 65, 81, 68, 65, 103, 101, 65, 77, 66, 48, 71, 65, 49, 85, 100, 74, 81, 81, 87, 77, 66, 81, 71, 67, 67, 115, 71, 65, 81, 85, 70, 66, 119, 77, 66, 66, 103, 103, 114, 66, 103, 69, 70, 66, 81, 99, 68, 65, 106, 65, 77, 10, 66, 103, 78, 86, 72, 82, 77, 66, 65, 102, 56, 69, 65, 106, 65, 65, 77, 66, 48, 71, 65, 49, 85, 100, 68, 103, 81, 87, 66, 66, 84, 76, 104, 69, 81, 111, 71, 106, 77, 106, 110, 99, 112, 113, 54, 90, 116, 107, 106, 114, 70, 53, 111, 48, 43, 55, 90, 84, 65, 102, 66, 103, 78, 86, 10, 72, 83, 77, 69, 71, 68, 65, 87, 103, 66, 83, 111, 83, 109, 112, 106, 66, 72, 51, 100, 117, 117, 98, 82, 79, 98, 101, 109, 82, 87, 88, 118, 56, 54, 106, 115, 111, 84, 66, 118, 66, 103, 103, 114, 66, 103, 69, 70, 66, 81, 99, 66, 65, 81, 82, 106, 77, 71, 69, 119, 76, 103, 89, 73, 10, 75, 119, 89, 66, 66, 81, 85, 72, 77, 65, 71, 71, 73, 109, 104, 48, 100, 72, 65, 54, 76, 121, 57, 118, 89, 51, 78, 119, 76, 109, 108, 117, 100, 67, 49, 52, 77, 121, 53, 115, 90, 88, 82, 122, 90, 87, 53, 106, 99, 110, 108, 119, 100, 67, 53, 118, 99, 109, 99, 119, 76, 119, 89, 73, 10, 75, 119, 89, 66, 66, 81, 85, 72, 77, 65, 75, 71, 73, 50, 104, 48, 100, 72, 65, 54, 76, 121, 57, 106, 90, 88, 74, 48, 76, 109, 108, 117, 100, 67, 49, 52, 77, 121, 53, 115, 90, 88, 82, 122, 90, 87, 53, 106, 99, 110, 108, 119, 100, 67, 53, 118, 99, 109, 99, 118, 77, 68, 99, 71, 10, 65, 49, 85, 100, 69, 81, 81, 119, 77, 67, 54, 67, 69, 50, 70, 119, 99, 67, 53, 107, 90, 88, 89, 117, 99, 51, 108, 116, 90, 88, 82, 121, 97, 87, 69, 117, 97, 87, 43, 67, 70, 51, 100, 51, 100, 121, 53, 104, 99, 72, 65, 117, 90, 71, 86, 50, 76, 110, 78, 53, 98, 87, 86, 48, 10, 99, 109, 108, 104, 76, 109, 108, 118, 77, 69, 119, 71, 65, 49, 85, 100, 73, 65, 82, 70, 77, 69, 77, 119, 67, 65, 89, 71, 90, 52, 69, 77, 65, 81, 73, 66, 77, 68, 99, 71, 67, 121, 115, 71, 65, 81, 81, 66, 103, 116, 56, 84, 65, 81, 69, 66, 77, 67, 103, 119, 74, 103, 89, 73, 10, 75, 119, 89, 66, 66, 81, 85, 72, 65, 103, 69, 87, 71, 109, 104, 48, 100, 72, 65, 54, 76, 121, 57, 106, 99, 72, 77, 117, 98, 71, 86, 48, 99, 50, 86, 117, 89, 51, 74, 53, 99, 72, 81, 117, 98, 51, 74, 110, 77, 73, 73, 66, 66, 81, 89, 75, 75, 119, 89, 66, 66, 65, 72, 87, 10, 101, 81, 73, 69, 65, 103, 83, 66, 57, 103, 83, 66, 56, 119, 68, 120, 65, 72, 89, 65, 66, 55, 100, 99, 71, 43, 86, 57, 97, 80, 47, 120, 115, 77, 89, 100, 73, 120, 88, 72, 117, 117, 90, 88, 102, 70, 101, 85, 116, 50, 114, 117, 118, 71, 69, 54, 71, 109, 110, 84, 111, 104, 119, 65, 10, 65, 65, 70, 119, 56, 70, 119, 55, 120, 119, 65, 65, 66, 65, 77, 65, 82, 122, 66, 70, 65, 105, 66, 65, 80, 114, 98, 54, 67, 116, 116, 50, 114, 106, 88, 72, 111, 99, 120, 100, 65, 65, 71, 67, 105, 86, 112, 109, 97, 101, 86, 83, 47, 65, 73, 89, 67, 50, 114, 109, 47, 87, 56, 90, 10, 111, 119, 73, 104, 65, 77, 87, 75, 55, 73, 105, 119, 79, 114, 112, 86, 78, 110, 118, 67, 68, 68, 69, 66, 120, 53, 117, 81, 89, 86, 119, 116, 57, 112, 105, 65, 107, 87, 43, 51, 52, 50, 66, 83, 47, 70, 90, 117, 65, 72, 99, 65, 98, 49, 78, 50, 114, 68, 72, 119, 77, 82, 110, 89, 10, 109, 81, 67, 107, 85, 82, 88, 47, 100, 120, 85, 99, 69, 100, 107, 67, 119, 81, 65, 112, 66, 111, 50, 121, 67, 74, 111, 51, 50, 82, 77, 65, 65, 65, 70, 119, 56, 70, 119, 55, 43, 119, 65, 65, 66, 65, 77, 65, 83, 68, 66, 71, 65, 105, 69, 65, 110, 66, 87, 115, 89, 115, 74, 79, 10, 54, 78, 117, 49, 78, 97, 87, 56, 119, 70, 66, 110, 118, 110, 120, 97, 88, 108, 55, 49, 50, 104, 47, 79, 75, 103, 56, 65, 114, 69, 53, 120, 65, 108, 81, 67, 73, 81, 68, 53, 66, 97, 117, 52, 83, 71, 111, 100, 83, 86, 102, 105, 67, 114, 85, 100, 67, 86, 122, 81, 69, 113, 43, 109, 10, 65, 87, 74, 108, 120, 68, 87, 74, 116, 49, 78, 88, 102, 49, 105, 53, 116, 68, 65, 78, 66, 103, 107, 113, 104, 107, 105, 71, 57, 119, 48, 66, 65, 81, 115, 70, 65, 65, 79, 67, 65, 81, 69, 65, 102, 104, 98, 111, 102, 49, 115, 83, 72, 68, 113, 112, 88, 115, 109, 66, 106, 68, 116, 87, 10, 71, 101, 87, 117, 87, 54, 78, 117, 77, 80, 57, 100, 85, 87, 118, 104, 121, 108, 113, 118, 102, 90, 122, 80, 112, 73, 118, 52, 82, 74, 113, 112, 52, 121, 76, 80, 88, 119, 75, 115, 105, 53, 116, 83, 79, 86, 81, 48, 89, 69, 83, 98, 82, 54, 69, 119, 83, 122, 56, 57, 86, 43, 108, 85, 10, 101, 113, 56, 74, 47, 66, 43, 76, 118, 117, 65, 78, 49, 117, 88, 86, 102, 120, 65, 79, 105, 72, 90, 115, 116, 74, 51, 114, 89, 118, 82, 55, 53, 65, 77, 65, 112, 43, 111, 89, 73, 43, 52, 97, 118, 82, 99, 50, 121, 65, 107, 74, 83, 68, 114, 122, 69, 104, 120, 98, 106, 113, 68, 77, 10, 108, 79, 81, 108, 69, 103, 48, 85, 68, 120, 121, 74, 53, 114, 43, 88, 73, 103, 116, 100, 67, 75, 71, 86, 101, 104, 83, 65, 111, 110, 114, 110, 106, 43, 81, 55, 99, 113, 54, 68, 76, 104, 108, 77, 51, 117, 56, 90, 50, 119, 101, 83, 84, 109, 51, 86, 82, 120, 76, 103, 53, 54, 52, 85, 10, 120, 75, 48, 67, 84, 88, 116, 78, 86, 47, 78, 76, 89, 118, 69, 101, 83, 52, 109, 121, 78, 57, 114, 78, 102, 83, 74, 55, 109, 98, 109, 102, 100, 84, 85, 120, 105, 97, 120, 119, 89, 119, 74, 53, 111, 69, 122, 114, 113, 82, 87, 112, 80, 72, 54, 79, 55, 82, 104, 120, 90, 115, 54, 76, 10, 100, 117, 105, 122, 67, 98, 115, 90, 122, 122, 100, 97, 76, 76, 105, 114, 122, 99, 74, 84, 98, 97, 86, 70, 69, 89, 110, 89, 112, 82, 107, 78, 51, 86, 101, 84, 108, 87, 43, 81, 74, 66, 117, 120, 104, 89, 88, 85, 90, 57, 117, 52, 79, 87, 68, 89, 81, 53, 43, 52, 51, 78, 106, 69, 10, 83, 119, 61, 61, 10, 45, 45, 45, 45, 45, 69, 78, 68, 32, 67, 69, 82, 84, 73, 70, 73, 67, 65, 84, 69, 45, 45, 45, 45, 45, 10, 66, 97, 103, 32, 65, 116, 116, 114, 105, 98, 117, 116, 101, 115, 58, 32, 60, 69, 109, 112, 116, 121, 32, 65, 116, 116, 114, 105, 98, 117, 116, 101, 115, 62, 10, 115, 117, 98, 106, 101, 99, 116, 61, 67, 32, 61, 32, 85, 83, 44, 32, 79, 32, 61, 32, 76, 101, 116, 39, 115, 32, 69, 110, 99, 114, 121, 112, 116, 44, 32, 67, 78, 32, 61, 32, 76, 101, 116, 39, 115, 32, 69, 110, 99, 114, 121, 112, 116, 32, 65, 117, 116, 104, 111, 114, 105, 116, 121, 32, 88, 51, 10, 10, 105, 115, 115, 117, 101, 114, 61, 79, 32, 61, 32, 68, 105, 103, 105, 116, 97, 108, 32, 83, 105, 103, 110, 97, 116, 117, 114, 101, 32, 84, 114, 117, 115, 116, 32, 67, 111, 46, 44, 32, 67, 78, 32, 61, 32, 68, 83, 84, 32, 82, 111, 111, 116, 32, 67, 65, 32, 88, 51, 10, 10, 45, 45, 45, 45, 45, 66, 69, 71, 73, 78, 32, 67, 69, 82, 84, 73, 70, 73, 67, 65, 84, 69, 45, 45, 45, 45, 45, 10, 77, 73, 73, 69, 107, 106, 67, 67, 65, 51, 113, 103, 65, 119, 73, 66, 65, 103, 73, 81, 67, 103, 70, 66, 81, 103, 65, 65, 65, 86, 79, 70, 99, 50, 111, 76, 104, 101, 121, 110, 67, 68, 65, 78, 66, 103, 107, 113, 104, 107, 105, 71, 57, 119, 48, 66, 65, 81, 115, 70, 65, 68, 65, 47, 10, 77, 83, 81, 119, 73, 103, 89, 68, 86, 81, 81, 75, 69, 120, 116, 69, 97, 87, 100, 112, 100, 71, 70, 115, 73, 70, 78, 112, 90, 50, 53, 104, 100, 72, 86, 121, 90, 83, 66, 85, 99, 110, 86, 122, 100, 67, 66, 68, 98, 121, 52, 120, 70, 122, 65, 86, 66, 103, 78, 86, 66, 65, 77, 84, 10, 68, 107, 82, 84, 86, 67, 66, 83, 98, 50, 57, 48, 73, 69, 78, 66, 73, 70, 103, 122, 77, 66, 52, 88, 68, 84, 69, 50, 77, 68, 77, 120, 78, 122, 69, 50, 78, 68, 65, 48, 78, 108, 111, 88, 68, 84, 73, 120, 77, 68, 77, 120, 78, 122, 69, 50, 78, 68, 65, 48, 78, 108, 111, 119, 10, 83, 106, 69, 76, 77, 65, 107, 71, 65, 49, 85, 69, 66, 104, 77, 67, 86, 86, 77, 120, 70, 106, 65, 85, 66, 103, 78, 86, 66, 65, 111, 84, 68, 85, 120, 108, 100, 67, 100, 122, 73, 69, 86, 117, 89, 51, 74, 53, 99, 72, 81, 120, 73, 122, 65, 104, 66, 103, 78, 86, 66, 65, 77, 84, 10, 71, 107, 120, 108, 100, 67, 100, 122, 73, 69, 86, 117, 89, 51, 74, 53, 99, 72, 81, 103, 81, 88, 86, 48, 97, 71, 57, 121, 97, 88, 82, 53, 73, 70, 103, 122, 77, 73, 73, 66, 73, 106, 65, 78, 66, 103, 107, 113, 104, 107, 105, 71, 57, 119, 48, 66, 65, 81, 69, 70, 65, 65, 79, 67, 10, 65, 81, 56, 65, 77, 73, 73, 66, 67, 103, 75, 67, 65, 81, 69, 65, 110, 78, 77, 77, 56, 70, 114, 108, 76, 107, 101, 51, 99, 108, 48, 51, 103, 55, 78, 111, 89, 122, 68, 113, 49, 122, 85, 109, 71, 83, 88, 104, 118, 98, 52, 49, 56, 88, 67, 83, 76, 55, 101, 52, 83, 48, 69, 70, 10, 113, 54, 109, 101, 78, 81, 104, 89, 55, 76, 69, 113, 120, 71, 105, 72, 67, 54, 80, 106, 100, 101, 84, 109, 56, 54, 100, 105, 99, 98, 112, 53, 103, 87, 65, 102, 49, 53, 71, 97, 110, 47, 80, 81, 101, 71, 100, 120, 121, 71, 107, 79, 108, 90, 72, 80, 47, 117, 97, 90, 54, 87, 65, 56, 10, 83, 77, 120, 43, 121, 107, 49, 51, 69, 105, 83, 100, 82, 120, 116, 97, 54, 55, 110, 115, 72, 106, 99, 65, 72, 74, 121, 115, 101, 54, 99, 70, 54, 115, 53, 75, 54, 55, 49, 66, 53, 84, 97, 89, 117, 99, 118, 57, 98, 84, 121, 87, 97, 78, 56, 106, 75, 107, 75, 81, 68, 73, 90, 48, 10, 90, 56, 104, 47, 112, 90, 113, 52, 85, 109, 69, 85, 69, 122, 57, 108, 54, 89, 75, 72, 121, 57, 118, 54, 68, 108, 98, 50, 104, 111, 110, 122, 104, 84, 43, 88, 104, 113, 43, 119, 51, 66, 114, 118, 97, 119, 50, 86, 70, 110, 51, 69, 75, 54, 66, 108, 115, 112, 107, 69, 78, 110, 87, 65, 10, 97, 54, 120, 75, 56, 120, 117, 81, 83, 88, 103, 118, 111, 112, 90, 80, 75, 105, 65, 108, 75, 81, 84, 71, 100, 77, 68, 81, 77, 99, 50, 80, 77, 84, 105, 86, 70, 114, 113, 111, 77, 55, 104, 68, 56, 98, 69, 102, 119, 122, 66, 47, 111, 110, 107, 120, 69, 122, 48, 116, 78, 118, 106, 106, 10, 47, 80, 73, 122, 97, 114, 107, 53, 77, 99, 87, 118, 120, 73, 48, 78, 72, 87, 81, 87, 77, 54, 114, 54, 104, 67, 109, 50, 49, 65, 118, 65, 50, 72, 51, 68, 107, 119, 73, 68, 65, 81, 65, 66, 111, 52, 73, 66, 102, 84, 67, 67, 65, 88, 107, 119, 69, 103, 89, 68, 86, 82, 48, 84, 10, 65, 81, 72, 47, 66, 65, 103, 119, 66, 103, 69, 66, 47, 119, 73, 66, 65, 68, 65, 79, 66, 103, 78, 86, 72, 81, 56, 66, 65, 102, 56, 69, 66, 65, 77, 67, 65, 89, 89, 119, 102, 119, 89, 73, 75, 119, 89, 66, 66, 81, 85, 72, 65, 81, 69, 69, 99, 122, 66, 120, 77, 68, 73, 71, 10, 67, 67, 115, 71, 65, 81, 85, 70, 66, 122, 65, 66, 104, 105, 90, 111, 100, 72, 82, 119, 79, 105, 56, 118, 97, 88, 78, 121, 90, 121, 53, 48, 99, 110, 86, 122, 100, 71, 108, 107, 76, 109, 57, 106, 99, 51, 65, 117, 97, 87, 82, 108, 98, 110, 82, 121, 100, 88, 78, 48, 76, 109, 78, 118, 10, 98, 84, 65, 55, 66, 103, 103, 114, 66, 103, 69, 70, 66, 81, 99, 119, 65, 111, 89, 118, 97, 72, 82, 48, 99, 68, 111, 118, 76, 50, 70, 119, 99, 72, 77, 117, 97, 87, 82, 108, 98, 110, 82, 121, 100, 88, 78, 48, 76, 109, 78, 118, 98, 83, 57, 121, 98, 50, 57, 48, 99, 121, 57, 107, 10, 99, 51, 82, 121, 98, 50, 57, 48, 89, 50, 70, 52, 77, 121, 53, 119, 78, 50, 77, 119, 72, 119, 89, 68, 86, 82, 48, 106, 66, 66, 103, 119, 70, 111, 65, 85, 120, 75, 101, 120, 112, 72, 115, 115, 99, 102, 114, 98, 52, 85, 117, 81, 100, 102, 47, 69, 70, 87, 67, 70, 105, 82, 65, 119, 10, 86, 65, 89, 68, 86, 82, 48, 103, 66, 69, 48, 119, 83, 122, 65, 73, 66, 103, 90, 110, 103, 81, 119, 66, 65, 103, 69, 119, 80, 119, 89, 76, 75, 119, 89, 66, 66, 65, 71, 67, 51, 120, 77, 66, 65, 81, 69, 119, 77, 68, 65, 117, 66, 103, 103, 114, 66, 103, 69, 70, 66, 81, 99, 67, 10, 65, 82, 89, 105, 97, 72, 82, 48, 99, 68, 111, 118, 76, 50, 78, 119, 99, 121, 53, 121, 98, 50, 57, 48, 76, 88, 103, 120, 76, 109, 120, 108, 100, 72, 78, 108, 98, 109, 78, 121, 101, 88, 66, 48, 76, 109, 57, 121, 90, 122, 65, 56, 66, 103, 78, 86, 72, 82, 56, 69, 78, 84, 65, 122, 10, 77, 68, 71, 103, 76, 54, 65, 116, 104, 105, 116, 111, 100, 72, 82, 119, 79, 105, 56, 118, 89, 51, 74, 115, 76, 109, 108, 107, 90, 87, 53, 48, 99, 110, 86, 122, 100, 67, 53, 106, 98, 50, 48, 118, 82, 70, 78, 85, 85, 107, 57, 80, 86, 69, 78, 66, 87, 68, 78, 68, 85, 107, 119, 117, 10, 89, 51, 74, 115, 77, 66, 48, 71, 65, 49, 85, 100, 68, 103, 81, 87, 66, 66, 83, 111, 83, 109, 112, 106, 66, 72, 51, 100, 117, 117, 98, 82, 79, 98, 101, 109, 82, 87, 88, 118, 56, 54, 106, 115, 111, 84, 65, 78, 66, 103, 107, 113, 104, 107, 105, 71, 57, 119, 48, 66, 65, 81, 115, 70, 10, 65, 65, 79, 67, 65, 81, 69, 65, 51, 84, 80, 88, 69, 102, 78, 106, 87, 68, 106, 100, 71, 66, 88, 55, 67, 86, 87, 43, 100, 108, 97, 53, 99, 69, 105, 108, 97, 85, 99, 110, 101, 56, 73, 107, 67, 74, 76, 120, 87, 104, 57, 75, 69, 105, 107, 51, 74, 72, 82, 82, 72, 71, 74, 111, 10, 117, 77, 50, 86, 99, 71, 102, 108, 57, 54, 83, 56, 84, 105, 104, 82, 122, 90, 118, 111, 114, 111, 101, 100, 54, 116, 105, 54, 87, 113, 69, 66, 109, 116, 122, 119, 51, 87, 111, 100, 97, 116, 103, 43, 86, 121, 79, 101, 112, 104, 52, 69, 89, 112, 114, 47, 49, 119, 88, 75, 116, 120, 56, 47, 10, 119, 65, 112, 73, 118, 74, 83, 119, 116, 109, 86, 105, 52, 77, 70, 85, 53, 97, 77, 113, 114, 83, 68, 69, 54, 101, 97, 55, 51, 77, 106, 50, 116, 99, 77, 121, 111, 53, 106, 77, 100, 54, 106, 109, 101, 87, 85, 72, 75, 56, 115, 111, 47, 106, 111, 87, 85, 111, 72, 79, 85, 103, 119, 117, 10, 88, 52, 80, 111, 49, 81, 89, 122, 43, 51, 100, 115, 122, 107, 68, 113, 77, 112, 52, 102, 107, 108, 120, 66, 119, 88, 82, 115, 87, 49, 48, 75, 88, 122, 80, 77, 84, 90, 43, 115, 79, 80, 65, 118, 101, 121, 120, 105, 110, 100, 109, 106, 107, 87, 56, 108, 71, 121, 43, 81, 115, 82, 108, 71, 10, 80, 102, 90, 43, 71, 54, 90, 54, 104, 55, 109, 106, 101, 109, 48, 89, 43, 105, 87, 108, 107, 89, 99, 86, 52, 80, 73, 87, 76, 49, 105, 119, 66, 105, 56, 115, 97, 67, 98, 71, 83, 53, 106, 78, 50, 112, 56, 77, 43, 88, 43, 81, 55, 85, 78, 75, 69, 107, 82, 79, 98, 51, 78, 54, 10, 75, 79, 113, 107, 113, 109, 53, 55, 84, 72, 50, 72, 51, 101, 68, 74, 65, 107, 83, 110, 104, 54, 47, 68, 78, 70, 117, 48, 81, 103, 61, 61, 10, 45, 45, 45, 45, 45, 69, 78, 68, 32, 67, 69, 82, 84, 73, 70, 73, 67, 65, 84, 69, 45, 45, 45, 45, 45, 10 };
var cert = new X509Certificate2(rawCert, "symetria");

In windows, the certificate will not load. I get an WindowsCryptographicException with message Cannot find the requested object.

   at Internal.Cryptography.Pal.CertificatePal.FromBlobOrFile(Byte[] rawData, String fileName, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags)
   at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(Byte[] rawData, String password, X509KeyStorageFlags keyStorageFlags)
   at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(Byte[] rawData, String password)
   at [my code]

In linux, the certificate loads successfully. However, later:

fail: Microsoft.AspNetCore.Server.Kestrel[0]
      Unhandled exception while processing 0HLUCBELH5D73.
System.NotSupportedException: The server mode SSL must use a certificate with the associated private key.
   at System.Net.Security.SecureChannel.AcquireServerCredentials(Byte[]& thumbPrint, ReadOnlySpan`1 clientHello)
   at System.Net.Security.SecureChannel.GenerateToken(ReadOnlySpan`1 inputBuffer, Byte[]& output)
   at System.Net.Security.SecureChannel.NextMessage(ReadOnlySpan`1 incomingBuffer)
   at System.Net.Security.SslStream.ReceiveBlobAsync[TIOAdapter](TIOAdapter adapter)
   at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter adapter, Boolean receiveFirst, Byte[] reAuthenticationData, Boolean isApm)
   at Microsoft.AspNetCore.Server.Kestrel.Https.Internal.HttpsConnectionMiddleware.OnConnectionAsync(ConnectionContext context)
   at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Infrastructure.KestrelConnection.ExecuteAsync()

Oh, I thought I saw this work, I'm guessing I did something silly. (See, there is plenty of time left for me to prove I am not a genius) It's actually outputting a textual dump of the p12 file.

Let me see again..

Looking closer at this, OpenSSL seems to be trying really really hard to preserve the key as-written. The easiest thing at this point I think would be to do File.WriteAllBytes("out.p12", cert.Export(X509ContentType.Pkcs12, "password")) from Windows and let Windows write the P12 from scratch.

Our pipeline, including certificate generation, all runs in linux. I'll see if I can find a different workaround. I'll post if I find one.

We don't have an ECC calculator in the .NET layer;

I understand it's complex. I really think it should be considered one day, lest ye always be chasing inconsistencies between platforms.

I did some noodling to fix this in #33874. The Linux/OpenSSL case works, macOS I am tinkering with. I think this is doable in macOS, but I have the world's slowest Mac which doesn't help that macOS's APIs around all of this makes little sense to me.

@bartonjs instead of broadly permitting ECParameters Q to allow a null point, how would you feel about making a more targeting fix just for the Pkcs8/ECPrivateKey import code paths to start? I'm not suggesting it one way or the other right now, but it might be easier and wondering if that's sensible.

ImportParameters is abstract, so all custom types have to implement it. Doing magic in the PKCS8/ECPrivateKey layer means all custom types have to do the same "OK, I'll let this work" magic.

Sure, some types might end up needing to reject no-Q; but that seems easier for them to handle than intercepting the other import flows.

So... I'd rather not; but if it's complicatedly required, then I'll accept it.

@bartonjs is this widespread enough impact that we should try to hurry it into preview 3? I see only one report above.

@bartonjs another thought if we want something soonish for Preview 3: I have it working in CNG and OpenSSL, still need to figure out MacOS (haven't ruled it out..). Would you take a PR that fixes CNG/OpenSSL and MacOS throws a PNSE, and a separate PR to get MacOS working, or prefer to try and get it in all in one go?

Trying to figure if I should focus on MacOS or getting what I have polished and fully tested.

@vcsjones Let's go with "polish and PR". Maybe one of us, or a mysterious third party, will come up with something easy to slide in for macOS before it gets merged.

@joshlang

This has been fixed. I don't believe the fixes made the cut for preview3, but I did confirm that your original repro works with the latest nightly on Linux.

I've run into this D but not Q limitation several times before, whether for this, or stuff like deriving bitcoin addresses from private keys, etc.

This limitation has been removed. An EC private key that does not contain Q but does contain D will now work, and Q will be re-derived by the platform as needed.

@vcsjones Thanks! I saw the pull request close yesterday, with much excitement :D I kept refreshing nuget to see if preview3 was out.

Alas, I'll be patient and wait for the next one!

Thanks for taking care of this.