ghost
commented
3 years ago Tagging subscribers to this area: @bartonjs, @vcsjones, @krwq, @GrabYourPitchForks See info in area-owners.md if you want to be subscribed.
Issue Details
* Create a transient cert+key pair * "Perphemeral" PFX * cert.CopyWithPrivateKey(key) then dispose the key * Includes doing it via CertificateRequest * Grab a private key reference (e.g. cert.GetRSAPrivateKey() * Dispose the cert without having used the key yet * Use the private key With our current temporary keychain model this fails, because disposing the cert deletes the keychain, and later access of the key goes to the keychain and errors out. If we can't get off temporary keychains any time soon, then we should use a handle dependency, or other form of keep-alive, to keep the keychain from getting disposed while the key object is still valid in .NET space.
| Author: | bartonjs |
|---|---|
| Assignees: | - |
| Labels: | `area-System.Security`, `os-mac-os-x` |
| Milestone: | Future |
With our current temporary keychain model this fails, because disposing the cert deletes the keychain, and later access of the key goes to the keychain and errors out.
If we can't get off temporary keychains any time soon, then we should use a handle dependency, or other form of keep-alive, to keep the keychain from getting disposed while the key object is still valid in .NET space.
See #57381 for where this came up in practice.