Allow exporting PKCS12 cert private keys using AES encryption

dotnet / runtime

.NET is a cross-platform runtime for cloud, mobile, desktop, and IoT apps.

https://docs.microsoft.com/dotnet/core/

MIT License

15.46k stars 4.76k forks source link

Allow exporting PKCS12 cert private keys using AES encryption #29200

Open GrabYourPitchforks opened 5 years ago

GrabYourPitchforks commented 5 years ago

Win10 added a new struct PKCS12_PBES2_EXPORT_PARAMS and magic string PKCS12_PBES2_ALG_AES256_SHA256 which allows exporting .pfx files using AES as the key protection mechanism. (Without this flag, it defaults to 3DES.)

This option is exposed via the Certificate Export Wizard UI. We should also expose it via .NET Core.

bartonjs commented 5 years ago

It'll definitely have cross-platform complications, but once I get the cross-plat PFX read/write changed to use (slimmed down versions of) Pkcs12Info and Pkcs12Builder it'll be easier.

And then there's the question of do we re-encrypt things for older Windowses.

And, of course, where we even accept said option.