PFX/PKCS12 to SNK conversion for mono

Question

This is follow up on Mono xbuild error CS1548 - key file has incorrect format

Hi, I have an application that is written in C# using VS2008. At present we are porting this app to Mac using Mono.

I have tried to extract the key from the pfx file. First I used

`sn -pc key.pfx key.snk`

this gave me an error of

'Failed to extract public key for key pair -- Keyset does not exist'.

I then used

`sn -p key.pfx key.snk`

this created the snk file that I wanted. I then in mono selected the project Option > Assembly Signing When built the error

'key.snk is missing private key needed for signing'.

I think I understand that if I make a new snk key that I can have both private and public keys in it. It just that because of Legacy issues we would really like to be able to use the original pfx key values.

score 8 · Accepted Answer · edited Mar 08 '16 at 14:54

Big thanks Poupou for coming up with the answer I have just added the code to the little program I made to get my snk.

using System.IO;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;

namespace PfxSnk
{
    internal class Program
    {
        private static void Main(string[] args)
        {
            X509Certificate2 cert = new X509Certificate2(@"KEY.pfx", "pfxPassword", X509KeyStorageFlags.Exportable | X509KeyStorageFlags.PersistKeySet);
            RSACryptoServiceProvider provider = (RSACryptoServiceProvider)cert.PrivateKey;

            byte[] array = provider.ExportCspBlob(!provider.PublicOnly);

            using (FileStream fs = new FileStream("FileName.snk", FileMode.Create, FileAccess.Write))
            {
                fs.Write(array, 0, array.Length);
            }
        }
    }
}

score 2 · Answer 2 · answered Feb 19 '12 at 17:05

2

sn -pis used to extract a public key from a strongname.

However you need the private key in order to sign an assembly - so this (built-in sn) conversion is not helpful for your goal.

Sadly a quick look at Microsoft sn options does not document any option to do what you're looking for.

My suggestion is to write a small tool, re-using Mono sn and Mono.Security.dll source code, to read the PFX (pkcs#12) file and write it back as a SNK file.

answered Feb 19 '12 at 17:05

poupou

43,413
6
77
174

Thanks poupou I am a bit of a beginner with signing assemblies etc. I understand what the tool should do just have no idea how to start making it. So can I use mono.security to read in the pfx and then get the private and public keys and then create the new snk file with mono sn and the retrieved keys. I have the password of the pfx file. Thanks in advance for any suggestions I really appreciate it. – Paul Williams Feb 23 '12 at 23:51
our pfx file has a password on it which we think will prevent mono reading the keys as in this link https://bugzilla.xamarin.com/show_bug.cgi?id=725. Also we dont know how to write a snk file with the exact private and public keys - it seems to generate new random keys. – Paul Williams Feb 24 '12 at 00:12
The class `X509Certificate2` can read PFX (PKCS#12) password protected file. It also has a `PrivateKey` property that will expose the `RSA` instance. With this you can use the `StrongName` class (from Mono.Security.dll) to save it back as a (password-less) `.snk` file. – poupou Feb 24 '12 at 01:25
Thank you poupou for this, I will give it a go and post my results. – Paul Williams Feb 29 '12 at 20:06

score -1 · Answer 3 · edited Feb 15 '12 at 05:26

-1

Try sn -p key.pfx key.snk instead.

edited Feb 15 '12 at 05:26

Peter O.

32,158
14
82
96

answered Feb 15 '12 at 03:10

Larry

1

2

From the question this looks identical to the second thing he tried. – poupou Feb 19 '12 at 16:58

PFX/PKCS12 to SNK conversion for mono

3 Answers3

Linked