- Openssl Ecparam
- Openssl Create Ecc Key
- Create Ecdsa Certificate Openssl
- Openssl Generate Ecc Certificate
- Secp256r1 Openssl
- Prime256v1 Secp256r1
https://jamielinux.com/docs/openssl-certificate-authority/create-the-root-pair.html
But modifying it to produce ECDSA certs. So the first step is to make
the private key. Jamie says:
openssl genrsa -aes256 -out private/ca.key.pem 4096
The -aes256 option supposedly password protects this private key. So
after some googling I created:
openssl ecparam -name secp256k1 -genkey -noout -out private/ca.key.pem
But openssl ecparam does not have any option equivalent (that I can
find) to -aes256
What am I missing.
And I successfully generated the root CA ECDSA cert with:
openssl req -config openssl.cnf -key private/ca.key.pem
-new -x509 -days 7300 -sha256 -extensions v3_ca -out
certs/ca.cert.pem
The config file is the one Jamie provides on his pages.
Also the following:
openssl ecparam -in private/ca.key.pem -text -noout
Gives me an error:
unable to load elliptic curve parameters
140598030526328:error:0906D06C:PEM routines:PEM_read_bio:no start
line:pem_lib.c:707:Expecting: EC PARAMETERS
Is this because I created the private key without including the
parameters? I got my ECDSA tips from:
https://wiki.openssl.org/index.php/Command_Line_Elliptic_Curve_Operations
Meanwhile on to the sub-CA cert.
thanks
Bob
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
After creating CSR using openSSL with secp256r1 curve inspecting the file using openssl asn1parse -i -in ecTest.csr the size of the signature is 73 bytes, why? I think the ASN.1 of the signature is. This simplifies the question a lot: in practice, average clients only support two curves, the ones which are designated in so-called NSA Suite B: these are NIST curves P-256 and P-384 (in OpenSSL, they are designated as, respectively, 'prime256v1' and 'secp384r1'). If you use any other curve, then some widespread Web browsers (e.g.
-->Cryptographic operations in .NET Core and .NET 5 are done by operating system (OS) libraries. This dependency has advantages:
- .NET apps benefit from OS reliability. Keeping cryptography libraries safe from vulnerabilities is a high priority for OS vendors. To do that, they provide updates that system administrators should be applying.
- .NET apps have access to FIPS-validated algorithms if the OS libraries are FIPS-validated.
The dependency on OS libraries also means that .NET apps can only use cryptographic features that the OS supports. While all platforms support certain core features, some features that .NET supports can't be used on some platforms. This article identifies the features that are supported on each platform.
This article assumes you have a working familiarity with cryptography in .NET. For more information, see .NET Cryptography Model and .NET Cryptographic Services. What browser to use with tor.
Hash algorithms
All hash algorithm and hash-based message authentication (HMAC) classes, including the *Managed
classes, defer to the OS libraries. While the various OS libraries differ in performance, they should be compatible.
Symmetric encryption
The underlying ciphers and chaining are done by the system libraries, and all are supported by all platforms.
Cipher + Mode | Windows | Linux | macOS |
---|---|---|---|
AES-CBC | ✔️ | ✔️ | ✔️ |
AES-ECB | ✔️ | ✔️ | ✔️ |
3DES-CBC | ✔️ | ✔️ | ✔️ |
3DES-ECB | ✔️ | ✔️ | ✔️ |
DES-CBC | ✔️ | ✔️ | ✔️ |
DES-ECB | ✔️ | ✔️ | ✔️ |
Authenticated encryption
Authenticated encryption (AE) support is provided for AES-CCM and AES-GCM via the System.Security.Cryptography.AesCcm and System.Security.Cryptography.AesGcm classes.
On Windows and Linux, the implementations of AES-CCM and AES-GCM are provided by the OS libraries.
AES-CCM and AES-GCM on macOS
On macOS, the system libraries don't support AES-CCM or AES-GCM for third-party code, so the AesCcm and AesGcm classes use OpenSSL for support. Users on macOS need to obtain an appropriate copy of OpenSSL (libcrypto) for these types to function, and it must be in a path that the system would load a library from by default. We recommend that you install OpenSSL from a package manager such as Homebrew.
Melio is a free vendor/bill payment tool that maximizes cash flow and minimizes busywork. Pay any vendor using bank transfer or debit card for free even if they only accept checks! You can also use your credit card where cards are not accepted to hold onto your cash longer and earn card rewards! Best invoice software free download. Best for: GST billing software for small businesses struggling to file GST returns as. Fakturama is a free and open source invoice management software for Windows. It can also be used as an open source billing software. Not just invoice and billings, you can also manage Sales, Customers, Products, Database of customers, etc. A secure, SaaS based Medical Billing, RCM Software that helps doctors to increase the collection, receive faster payment with improved automation.Features like Seamless Insurance Eligibility Verification (IEV), appointment scheduling, claims scrubbing, auto Posting, public health clinic make the software efficient and easy to use.
The libcrypto.0.9.7.dylib
and libcrypto.0.9.8.dylib
libraries included in macOS are from earlier versions of OpenSSL and will not be used. The libcrypto.35.dylib
, libcrypto.41.dylib
, and libcrypto.42.dylib
libraries are from LibreSSL and will not be used.
AES-CCM keys, nonces, and tags
Key Sizes
AES-CCM works with 128, 192, and 256-bit keys.
Nonce Sizes
The AesCcm class supports 56, 64, 72, 80, 88, 96, and 104-bit (7, 8, 9, 10, 11, 12, and 13-byte) nonces.
Tag Sizes
The AesCcm class supports creating or processing 32, 48, 64, 80, 96, 112, and 128-bit (4, 8, 10, 12, 14, and 16-byte) tags.
AES-GCM keys, nonces, and tags
Key Sizes
AES-GCM works with 128, 192, and 256-bit keys.
Nonce Sizes
The AesGcm class supports only 96-bit (12-byte) nonces.
Tag Sizes
The AesGcm class supports creating or processing 96, 104, 112, 120, and 128-bit (12, 13, 14, 15, and 16-byte) tags.
Asymmetric cryptography
This section includes the following subsections:
RSA
RSA (Rivest–Shamir–Adleman) key generation is performed by the OS libraries and is subject to their size limitations and performance characteristics.
RSA key operations are performed by the OS libraries, and the types of key that can be loaded are subject to OS requirements.
.NET does not expose 'raw' (unpadded) RSA operations.
The OS libraries are used for encryption and decryption padding. Not all platforms support the same padding options:
Padding Mode | Windows (CNG) | Linux (OpenSSL) | macOS | Windows (CAPI) |
---|---|---|---|---|
PKCS1 Encryption | ✔️ | ✔️ | ✔️ | ✔️ |
OAEP - SHA-1 | ✔️ | ✔️ | ✔️ | ✔️ |
OAEP - SHA-2 (SHA256, SHA384, SHA512) | ✔️ | ✔️ | ✔️ | ❌ |
PKCS1 Signature (MD5, SHA-1) | ✔️ | ✔️ | ✔️ | ✔️ |
PKCS1 Signature (SHA-2) | ✔️ | ✔️ | ✔️ | ⚠️* |
PSS | ✔️ | ✔️ | ✔️ | ❌ |
* Windows CryptoAPI (CAPI) is capable of PKCS1 signature with a SHA-2 algorithm. But the individual RSA object may be loaded in a cryptographic service provider (CSP) that doesn't support it.
RSA on Windows
- Windows CryptoAPI (CAPI) is used whenever
new RSACryptoServiceProvider()
is used. - Windows Cryptography API Next Generation (CNG) is used whenever
new RSACng()
is used. - The object returned by RSA.Create is internally powered by Windows CNG. This use of Windows CNG is an implementation detail and is subject to change.
- The GetRSAPublicKey extension method for X509Certificate2 returns an RSACng instance. This use of RSACng is an implementation detail and is subject to change.
- The GetRSAPrivateKey extension method for X509Certificate2 currently prefers an RSACng instance, but if RSACng can't open the key, RSACryptoServiceProvider will be attempted. The preferred provider is an implementation detail and is subject to change.
RSA native interop
.NET exposes types to allow programs to interoperate with the OS libraries that the .NET cryptography code uses. The types involved do not translate between platforms, and should only be directly used when necessary.
Type | Windows | Linux | macOS |
---|---|---|---|
RSACryptoServiceProvider | ✔️ | ⚠️1 | ⚠️1 |
RSACng | ✔️ | ❌ | ❌ |
RSAOpenSsl | ❌ | ✔️ | ⚠️2 |
1 On macOS and Linux, RSACryptoServiceProvider can be used for compatibility with existing programs. In that case, any method that requires OS interop, such as opening a named key, throws a PlatformNotSupportedException.
2 On macOS, RSAOpenSsl works if OpenSSL is installed and an appropriate libcrypto dylib can be found via dynamic library loading. If an appropriate library can't be found, exceptions will be thrown.
Openssl Ecparam
ECDSA
ECDSA (Elliptic Curve Digital Signature Algorithm) key generation is done by the OS libraries and is subject to their size limitations and performance characteristics.
ECDSA key curves are defined by the OS libraries and are subject to their limitations.
Elliptic Curve | Windows 10 | Windows 7 - 8.1 | Linux | macOS |
---|---|---|---|---|
NIST P-256 (secp256r1) | ✔️ | ✔️ | ✔️ | ✔️ |
NIST P-384 (secp384r1) | ✔️ | ✔️ | ✔️ | ✔️ |
NIST P-521 (secp521r1) | ✔️ | ✔️ | ✔️ | ✔️ |
Brainpool curves (as named curves) | ✔️ | ❌ | ⚠️1 | ❌ |
Other named curves | ⚠️2 | ❌ | ⚠️1 | ❌ |
Explicit curves | ✔️ | ❌ | ✔️ | ❌ |
Export or import as explicit | ✔️ | ❌3 | ✔️ | ❌3 |
1 Linux distributions don't all have support for the same named curves.
2 Support for named curves was added to Windows CNG in Windows 10. For more information, see CNG Named Elliptic Curves. Named curves are not available in earlier versions of Windows, except for three curves in Windows 7.
3 Exporting with explicit curve parameters requires OS library support, which is not available on macOS or earlier versions of Windows.
ECDSA Native Interop
.NET exposes types to allow programs to interoperate with the OS libraries that the .NET cryptography code uses. The types involved don't translate between platforms and should only be directly used when necessary.
Type | Windows | Linux | macOS |
---|---|---|---|
ECDsaCng | ✔️ | ❌ | ❌ |
ECDsaOpenSsl | ❌ | ✔️ | ⚠️* |
* On macOS, ECDsaOpenSsl works if OpenSSL is installed in the system and an appropriate libcrypto dylib can be found via dynamic library loading. If an appropriate library can't be found, exceptions will be thrown.
ECDH
ECDH (Elliptic Curve Diffie-Hellman) key generation is done by the OS libraries and is subject to their size limitations and performance characteristics.
The ECDiffieHellman class doesn't return the 'raw' value of the ECDH computation. All returned data is in terms of key derivation functions:
- HASH(Z)
- HASH(prepend || Z || append)
- HMAC(key, Z)
- HMAC(key, prepend || Z || append)
- HMAC(Z, Z)
- HMAC(Z, prepend || Z || append)
- Tls11Prf(label, seed)
ECDH key curves are defined by the OS libraries and are subject to their limitations.
Elliptic Curve | Windows 10 | Windows 7 - 8.1 | Linux | macOS |
---|---|---|---|---|
NIST P-256 (secp256r1) | ✔️ | ✔️ | ✔️ | ✔️ |
NIST P-384 (secp384r1) | ✔️ | ✔️ | ✔️ | ✔️ |
NIST P-521 (secp521r1) | ✔️ | ✔️ | ✔️ | ✔️ |
brainpool curves (as named curves) | ✔️ | ❌ | ⚠️1 | ❌ |
other named curves | ⚠️2 | ❌ | ⚠️1 | ❌ |
explicit curves | ✔️ | ❌ | ✔️ | ❌ |
Export or import as explicit | ✔️ | ❌3 | ✔️ | ❌3 |
1 Linux distributions don't all have support for the same named curves.
2 Support for named curves was added to Windows CNG in Windows 10. For more information, see CNG Named Elliptic Curves. Named curves are not available in earlier versions of Windows, except for three curves in Windows 7.
3 Exporting with explicit curve parameters requires OS library support, which is not available on macOS or earlier versions of Windows.
ECDH native interop
.NET exposes types to allow programs to interoperate with the OS libraries that .NET uses. The types involved don't translate between platforms and should only be directly used when necessary.
Type | Windows | Linux | macOS |
---|---|---|---|
ECDiffieHellmanCng | ✔️ | ❌ | ❌ |
ECDiffieHellmanOpenSsl | ❌ | ✔️ | ⚠️* |
* On macOS, ECDiffieHellmanOpenSsl works if OpenSSL is installed and an appropriate libcrypto dylib can be found via dynamic library loading. If an appropriate library can't be found, exceptions will be thrown.
DSA
DSA (Digital Signature Algorithm) key generation is performed by the system libraries and is subject to their size limitations and performance characteristics.
Function | Windows CNG | Linux | macOS | Windows CAPI |
---|---|---|---|---|
Key creation (<= 1024 bits) | ✔️ | ✔️ | ❌ | ✔️ |
Key creation (> 1024 bits) | ✔️ | ✔️ | ❌ | ❌ |
Loading keys (<= 1024 bits) | ✔️ | ✔️ | ✔️ | ✔️ |
Loading keys (> 1024 bits) | ✔️ | ✔️ | ⚠️* | ❌ |
FIPS 186-2 | ✔️ | ✔️ | ✔️ | ✔️ |
FIPS 186-3 (SHA-2 signatures) | ✔️ | ✔️ | ❌ | ❌ |
* macOS loads DSA keys bigger than 1024 bits, but the behavior of those keys is undefined. They don't behave according to FIPS 186-3.
DSA on Windows
- Windows CryptoAPI (CAPI) is used whenever
new DSACryptoServiceProvider()
is used. - Windows Cryptography API Next Generation (CNG) is used whenever
new DSACng()
is used. - The object returned by DSA.Create is internally powered by Windows CNG. This use of Windows CNG is an implementation detail and is subject to change.
- The GetDSAPublicKey extension method for X509Certificate2 returns a DSACng instance. This use of DSACng is an implementation detail and is subject to change.
- The GetDSAPrivateKey extension method for X509Certificate2 prefers an DSACng instance, but if DSACng can't open the key, DSACryptoServiceProvider will be attempted. The preferred provider is an implementation detail and is subject to change.
DSA native interop
.NET exposes types to allow programs to interoperate with the OS libraries that the .NET cryptography code uses. The types involved don't translate between platforms and should only be directly used when necessary.
Type | Windows | Linux | macOS |
---|---|---|---|
DSACryptoServiceProvider | ✔️ | ⚠️1 | ⚠️1 |
DSACng | ✔️ | ❌ | ❌ |
DSAOpenSsl | ❌ | ✔️ | ⚠️2 |
1 On macOS and Linux, DSACryptoServiceProvider can be used for compatibility with existing programs. In that case, any method that requires system interop, such as opening a named key, throws a PlatformNotSupportedException.
2 On macOS, DSAOpenSsl works if OpenSSL is installed and an appropriate libcrypto dylib can be found via dynamic library loading. If an appropriate library can't be found, exceptions will be thrown.
X.509 Certificates
The majority of support for X.509 certificates in .NET comes from OS libraries. To load a certificate into an X509Certificate2 or X509Certificate instance in .NET, the certificate must be loaded by the underlying OS library.
Read a PKCS12/PFX
Scenario | Windows | Linux | macOS |
---|---|---|---|
Empty | ✔️ | ✔️ | ✔️ |
One certificate, no private key | ✔️ | ✔️ | ✔️ |
One certificate, with private key | ✔️ | ✔️ | ✔️ |
Multiple certificates, no private keys | ✔️ | ✔️ | ✔️ |
Multiple certificates, one private key | ✔️ | ✔️ | ✔️ |
Multiple certificates, multiple private keys | ✔️ | ⚠️* | ✔️ |
* Available in .NET 5 preview releases.
Write a PKCS12/PFX
Scenario | Windows | Linux | macOS |
---|---|---|---|
Empty | ✔️ | ✔️ | ⚠️* |
One certificate, no private key | ✔️ | ✔️ | ⚠️* |
One certificate, with private key | ✔️ | ✔️ | ✔️ |
Multiple certificates, no private keys | ✔️ | ✔️ | ⚠️* |
Multiple certificates, one private key | ✔️ | ✔️ | ✔️ |
Multiple certificates, multiple private keys | ✔️ | ⚠️* | ✔️ |
Ephemeral loading | ✔️ | ✔️ | ⚠️* |
Combine contents of two columns in excel. * Available in .NET 5 preview releases.
macOS can't load certificate private keys without a keychain object, which requires writing to disk. Keychains are created automatically for PFX loading, and are deleted when no longer in use. Since the X509KeyStorageFlags.EphemeralKeySet option means that the private key should not be written to disk, asserting that flag on macOS results in a PlatformNotSupportedException.
Write a PKCS7 certificate collection
Windows and Linux both emit DER-encoded PKCS7 blobs. macOS emits indefinite-length-CER-encoded PKCS7 blobs.
X509Store
Openssl Create Ecc Key
On Windows, the X509Store class is a representation of the Windows Certificate Store APIs. Those APIs work the same in .NET Core and .NET 5 as they do in .NET Framework.
On Linux, the X509Store class is a projection of system trust decisions (read-only), user trust decisions (read-write), and user key storage (read-write).
On macOS, the X509Store class is a projection of system trust decisions (read-only), user trust decisions (read-only), and user key storage (read-write).
The following tables show which scenarios are supported in each platform. For unsupported scenarios (❌ in the tables), a CryptographicException is thrown.
The My store
Scenario | Windows | Linux | macOS |
---|---|---|---|
Open CurrentUserMy (ReadOnly) | ✔️ | ✔️ | ✔️ |
Open CurrentUserMy (ReadWrite) | ✔️ | ✔️ | ✔️ |
Open CurrentUserMy (ExistingOnly) | ✔️ | ⚠️ | ✔️ |
Open LocalMachineMy | ✔️ | ❌ | ✔️ |
On Linux, stores are created on first write, and no user stores exist by default, so opening CurrentUserMy
with ExistingOnly
may fail.
On macOS, the CurrentUserMy
store is the user's default keychain, which is login.keychain
by default. The LocalMachineMy
store is System.keychain
.
The Root store
Scenario | Windows | Linux | macOS |
---|---|---|---|
Open CurrentUserRoot (ReadOnly) | ✔️ | ✔️ | ✔️ |
Open CurrentUserRoot (ReadWrite) | ✔️ | ✔️ | ❌ |
Open CurrentUserRoot (ExistingOnly) | ✔️ | ⚠️ | ✔️ (if ReadOnly) |
Open LocalMachineRoot (ReadOnly) | ✔️ | ✔️ | ✔️ |
Open LocalMachineRoot (ReadWrite) | ✔️ | ❌ | ❌ |
Open LocalMachineRoot (ExistingOnly) | ✔️ | ⚠️ | ✔️ (if ReadOnly) |
On Linux, the LocalMachineRoot
store is an interpretation of the CA bundle in the default path for OpenSSL.
On macOS, the CurrentUserRoot
store is an interpretation of the SecTrustSettings
results for the user trust domain. The LocalMachineRoot
store is an interpretation of the SecTrustSettings
results for the admin and system trust domains.
The Intermediate store
Scenario | Windows | Linux | macOS |
---|---|---|---|
Open CurrentUserIntermediate (ReadOnly) | ✔️ | ✔️ | ✔️ |
Open CurrentUserIntermediate (ReadWrite) | ✔️ | ✔️ | ❌ |
Open CurrentUserIntermediate (ExistingOnly) | ✔️ | ⚠️ | ✔️ (if ReadOnly) |
Open LocalMachineIntermediate (ReadOnly) | ✔️ | ✔️ | ✔️ |
Open LocalMachineIntermediate (ReadWrite) | ✔️ | ❌ | ❌ |
Open LocalMachineIntermediate (ExistingOnly) | ✔️ | ⚠️ | ✔️ (if ReadOnly) |
The ECDiffieHellman class doesn't return the 'raw' value of the ECDH computation. All returned data is in terms of key derivation functions:
- HASH(Z)
- HASH(prepend || Z || append)
- HMAC(key, Z)
- HMAC(key, prepend || Z || append)
- HMAC(Z, Z)
- HMAC(Z, prepend || Z || append)
- Tls11Prf(label, seed)
ECDH key curves are defined by the OS libraries and are subject to their limitations.
Elliptic Curve | Windows 10 | Windows 7 - 8.1 | Linux | macOS |
---|---|---|---|---|
NIST P-256 (secp256r1) | ✔️ | ✔️ | ✔️ | ✔️ |
NIST P-384 (secp384r1) | ✔️ | ✔️ | ✔️ | ✔️ |
NIST P-521 (secp521r1) | ✔️ | ✔️ | ✔️ | ✔️ |
brainpool curves (as named curves) | ✔️ | ❌ | ⚠️1 | ❌ |
other named curves | ⚠️2 | ❌ | ⚠️1 | ❌ |
explicit curves | ✔️ | ❌ | ✔️ | ❌ |
Export or import as explicit | ✔️ | ❌3 | ✔️ | ❌3 |
1 Linux distributions don't all have support for the same named curves.
2 Support for named curves was added to Windows CNG in Windows 10. For more information, see CNG Named Elliptic Curves. Named curves are not available in earlier versions of Windows, except for three curves in Windows 7.
3 Exporting with explicit curve parameters requires OS library support, which is not available on macOS or earlier versions of Windows.
ECDH native interop
.NET exposes types to allow programs to interoperate with the OS libraries that .NET uses. The types involved don't translate between platforms and should only be directly used when necessary.
Type | Windows | Linux | macOS |
---|---|---|---|
ECDiffieHellmanCng | ✔️ | ❌ | ❌ |
ECDiffieHellmanOpenSsl | ❌ | ✔️ | ⚠️* |
* On macOS, ECDiffieHellmanOpenSsl works if OpenSSL is installed and an appropriate libcrypto dylib can be found via dynamic library loading. If an appropriate library can't be found, exceptions will be thrown.
DSA
DSA (Digital Signature Algorithm) key generation is performed by the system libraries and is subject to their size limitations and performance characteristics.
Function | Windows CNG | Linux | macOS | Windows CAPI |
---|---|---|---|---|
Key creation (<= 1024 bits) | ✔️ | ✔️ | ❌ | ✔️ |
Key creation (> 1024 bits) | ✔️ | ✔️ | ❌ | ❌ |
Loading keys (<= 1024 bits) | ✔️ | ✔️ | ✔️ | ✔️ |
Loading keys (> 1024 bits) | ✔️ | ✔️ | ⚠️* | ❌ |
FIPS 186-2 | ✔️ | ✔️ | ✔️ | ✔️ |
FIPS 186-3 (SHA-2 signatures) | ✔️ | ✔️ | ❌ | ❌ |
* macOS loads DSA keys bigger than 1024 bits, but the behavior of those keys is undefined. They don't behave according to FIPS 186-3.
DSA on Windows
- Windows CryptoAPI (CAPI) is used whenever
new DSACryptoServiceProvider()
is used. - Windows Cryptography API Next Generation (CNG) is used whenever
new DSACng()
is used. - The object returned by DSA.Create is internally powered by Windows CNG. This use of Windows CNG is an implementation detail and is subject to change.
- The GetDSAPublicKey extension method for X509Certificate2 returns a DSACng instance. This use of DSACng is an implementation detail and is subject to change.
- The GetDSAPrivateKey extension method for X509Certificate2 prefers an DSACng instance, but if DSACng can't open the key, DSACryptoServiceProvider will be attempted. The preferred provider is an implementation detail and is subject to change.
DSA native interop
.NET exposes types to allow programs to interoperate with the OS libraries that the .NET cryptography code uses. The types involved don't translate between platforms and should only be directly used when necessary.
Type | Windows | Linux | macOS |
---|---|---|---|
DSACryptoServiceProvider | ✔️ | ⚠️1 | ⚠️1 |
DSACng | ✔️ | ❌ | ❌ |
DSAOpenSsl | ❌ | ✔️ | ⚠️2 |
1 On macOS and Linux, DSACryptoServiceProvider can be used for compatibility with existing programs. In that case, any method that requires system interop, such as opening a named key, throws a PlatformNotSupportedException.
2 On macOS, DSAOpenSsl works if OpenSSL is installed and an appropriate libcrypto dylib can be found via dynamic library loading. If an appropriate library can't be found, exceptions will be thrown.
X.509 Certificates
The majority of support for X.509 certificates in .NET comes from OS libraries. To load a certificate into an X509Certificate2 or X509Certificate instance in .NET, the certificate must be loaded by the underlying OS library.
Read a PKCS12/PFX
Scenario | Windows | Linux | macOS |
---|---|---|---|
Empty | ✔️ | ✔️ | ✔️ |
One certificate, no private key | ✔️ | ✔️ | ✔️ |
One certificate, with private key | ✔️ | ✔️ | ✔️ |
Multiple certificates, no private keys | ✔️ | ✔️ | ✔️ |
Multiple certificates, one private key | ✔️ | ✔️ | ✔️ |
Multiple certificates, multiple private keys | ✔️ | ⚠️* | ✔️ |
* Available in .NET 5 preview releases.
Write a PKCS12/PFX
Scenario | Windows | Linux | macOS |
---|---|---|---|
Empty | ✔️ | ✔️ | ⚠️* |
One certificate, no private key | ✔️ | ✔️ | ⚠️* |
One certificate, with private key | ✔️ | ✔️ | ✔️ |
Multiple certificates, no private keys | ✔️ | ✔️ | ⚠️* |
Multiple certificates, one private key | ✔️ | ✔️ | ✔️ |
Multiple certificates, multiple private keys | ✔️ | ⚠️* | ✔️ |
Ephemeral loading | ✔️ | ✔️ | ⚠️* |
Combine contents of two columns in excel. * Available in .NET 5 preview releases.
macOS can't load certificate private keys without a keychain object, which requires writing to disk. Keychains are created automatically for PFX loading, and are deleted when no longer in use. Since the X509KeyStorageFlags.EphemeralKeySet option means that the private key should not be written to disk, asserting that flag on macOS results in a PlatformNotSupportedException.
Write a PKCS7 certificate collection
Windows and Linux both emit DER-encoded PKCS7 blobs. macOS emits indefinite-length-CER-encoded PKCS7 blobs.
X509Store
Openssl Create Ecc Key
On Windows, the X509Store class is a representation of the Windows Certificate Store APIs. Those APIs work the same in .NET Core and .NET 5 as they do in .NET Framework.
On Linux, the X509Store class is a projection of system trust decisions (read-only), user trust decisions (read-write), and user key storage (read-write).
On macOS, the X509Store class is a projection of system trust decisions (read-only), user trust decisions (read-only), and user key storage (read-write).
The following tables show which scenarios are supported in each platform. For unsupported scenarios (❌ in the tables), a CryptographicException is thrown.
The My store
Scenario | Windows | Linux | macOS |
---|---|---|---|
Open CurrentUserMy (ReadOnly) | ✔️ | ✔️ | ✔️ |
Open CurrentUserMy (ReadWrite) | ✔️ | ✔️ | ✔️ |
Open CurrentUserMy (ExistingOnly) | ✔️ | ⚠️ | ✔️ |
Open LocalMachineMy | ✔️ | ❌ | ✔️ |
On Linux, stores are created on first write, and no user stores exist by default, so opening CurrentUserMy
with ExistingOnly
may fail.
On macOS, the CurrentUserMy
store is the user's default keychain, which is login.keychain
by default. The LocalMachineMy
store is System.keychain
.
The Root store
Scenario | Windows | Linux | macOS |
---|---|---|---|
Open CurrentUserRoot (ReadOnly) | ✔️ | ✔️ | ✔️ |
Open CurrentUserRoot (ReadWrite) | ✔️ | ✔️ | ❌ |
Open CurrentUserRoot (ExistingOnly) | ✔️ | ⚠️ | ✔️ (if ReadOnly) |
Open LocalMachineRoot (ReadOnly) | ✔️ | ✔️ | ✔️ |
Open LocalMachineRoot (ReadWrite) | ✔️ | ❌ | ❌ |
Open LocalMachineRoot (ExistingOnly) | ✔️ | ⚠️ | ✔️ (if ReadOnly) |
On Linux, the LocalMachineRoot
store is an interpretation of the CA bundle in the default path for OpenSSL.
On macOS, the CurrentUserRoot
store is an interpretation of the SecTrustSettings
results for the user trust domain. The LocalMachineRoot
store is an interpretation of the SecTrustSettings
results for the admin and system trust domains.
The Intermediate store
Scenario | Windows | Linux | macOS |
---|---|---|---|
Open CurrentUserIntermediate (ReadOnly) | ✔️ | ✔️ | ✔️ |
Open CurrentUserIntermediate (ReadWrite) | ✔️ | ✔️ | ❌ |
Open CurrentUserIntermediate (ExistingOnly) | ✔️ | ⚠️ | ✔️ (if ReadOnly) |
Open LocalMachineIntermediate (ReadOnly) | ✔️ | ✔️ | ✔️ |
Open LocalMachineIntermediate (ReadWrite) | ✔️ | ❌ | ❌ |
Open LocalMachineIntermediate (ExistingOnly) | ✔️ | ⚠️ | ✔️ (if ReadOnly) |
On Linux, the CurrentUserIntermediate
store is used as a cache when downloading intermediate CAs by their Authority Information Access records on successful X509Chain builds. The LocalMachineIntermediate
store is an interpretation of the CA bundle in the default path for OpenSSL.
Create Ecdsa Certificate Openssl
The Disallowed store
Scenario | Windows | Linux | macOS |
---|---|---|---|
Open CurrentUserDisallowed (ReadOnly) | ✔️ | ⚠️ | ✔️ |
Open CurrentUserDisallowed (ReadWrite) | ✔️ | ⚠️ | ❌ |
Open CurrentUserDisallowed (ExistingOnly) | ✔️ | ⚠️ | ✔️ (if ReadOnly) |
Open LocalMachineDisallowed (ReadOnly) | ✔️ | ❌ | ✔️ |
Open LocalMachineDisallowed (ReadWrite) | ✔️ | ❌ | ❌ |
Open LocalMachineDisallowed (ExistingOnly) | ✔️ | ❌ | ✔️ (if ReadOnly) |
Openssl Generate Ecc Certificate
On Linux, the Disallowed
store is not used in chain building, and attempting to add contents to it results in a CryptographicException. A CryptographicException is thrown when opening the Disallowed
store if it has already acquired contents.
On macOS, the CurrentUserDisallowed and LocalMachineDisallowed stores are interpretations of the appropriate SecTrustSettings results for certificates whose trust is set to Always Deny
.
Nonexistent store
Scenario | Windows | Linux | macOS |
---|---|---|---|
Open non-existent store (ExistingOnly) | ❌ | ❌ | ❌ |
Open CurrentUser non-existent store (ReadWrite) | ✔️ | ✔️ | ⚠️ |
Open LocalMachine non-existent store (ReadWrite) | ✔️ | ❌ | ❌ |
On macOS, custom store creation with the X509Store API is supported only for CurrentUser
location. It will create a new keychain with no password in the user's keychain directory (~/Library/Keychains). To create a keychain with password, a P/Invoke to SecKeychainCreate
could be used. Similarly, SecKeychainOpen
could be used to open keychains in different locations. The resulting IntPtr
can be passed to new X509Store(IntPtr)
to obtain a read/write-capable store, subject to the current user's permissions.
X509Chain
Secp256r1 Openssl
macOS doesn't support Offline CRL utilization, so X509RevocationMode.Offline
is treated as X509RevocationMode.Online
.
macOS doesn't support a user-initiated timeout on CRL (Certificate Revocation List) / OCSP (Online Certificate Status Protocol) / AIA (Authority Information Access) downloading, so X509ChainPolicy.UrlRetrievalTimeout
is ignored.