Pkcs12StoreBuilder with AES256-SHA256

[webprofusion-chrisc]

Hi! I'm looking at how to emulate the windows certificate UI PFX export options AES256-SHA256 (instead of TripleDES-SHA1) for better compatibility with current versions of openssl.

Currently the default Pkcs12Store (and Pkcs12StoreBuilder) will export with keyAlgorithm set to PkcsObjectIdentifiers.PbeWithShaAnd3KeyTripleDesCbc and certAlgorithm set to PkcsObjectIdentifiers.PbewithShaAnd40BitRC2Cbc however the other available definitions in PkcsObjectIdentifiers don't seem to extend to AES256, SHA256 etc, I assume that's because they're outside the current Pkcs12 standard.

Meanwhile OpenSSL 3 will refuse to read a PFX created with these default options and instead users have to resort to providing a --legacy flag (see openssl.exe pkcs12 -in example.pfx -info -nokeys -nocerts which yields :error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:../crypto/evp/evp_fetch.c:349:Global default library context, Algorithm (RC2-40-CBC : 0), Properties ()

This leads us to defaults of Pkcs12StoreBuilder being incompatible with the defaults of OpenSSL.

I'm hoping for some guidance as to what keyAlgorithm identifiers and certAlgorithm identifiers should be valid, I've (somewhat randomly) tried a few identifiers that looked likely candidates and tend to get a string should not be null exception which implies something isn't finding whatever it needs.

Note that settings certAlgorithm to PkcsObjectIdentifiers.PbeWithShaAnd3KeyTripleDesCbc does get us past the OpenSSL problem but I'm trying to identify how to get keyAlgorithm and certAlgorithm using more modern options.

I (clearly!) only have a very loose understanding of BouncyCastle and haven't been able to locate any example C# tackling this.

I'd also love to know how to set the MAC iteration count (if it can be set at all).

Any help greatly appreciated!

[ChlorideCull]

There's some basic support for PBES2 since 1.8.7 (officially since 1.8.9) - but it's only exposed for private keys. You can roughly mimic what Windows sets by calling SetKeyAlgorithm on the builder with Org.BouncyCastle.Asn1.Nist.NistObjectIdentifiers.IdAes256Cbc.Id and Org.BouncyCastle.Asn1.Pkcs.PkcsObjectIdentifiers.IdHmacWithSha256.Id, but you can't control iterations, which is always 1024.

For the certs, you're stuck with PkcsObjectIdentifiers.PbeWithShaAnd3KeyTripleDesCbc if you want to avoid legacy mode - Windows just leaves them unencrypted, but I don't think that's possible here with the API, and PBES2 isn't exposed for certs.

[webprofusion-chrisc]

Awesome, thanks for your help. I feel like I did try these combinations already and got an error but I'll check it out again! Looking at my work in progress I did try builder.SetKeyAlgorithm(Org.BouncyCastle.Asn1.Nist.NistObjectIdentifiers.IdAes256Cbc); so I need to investigate why that's not working for me.

[ChlorideCull]

You need to use the version of SetKeyAlgorithm with two parameters, that's why it's not working :)