microsoft / BCApps

Repository for collaboration on Microsoft Dynamics 365 Business Central applications.
https://microsoft.github.io/BCApps/
MIT License
330 stars 170 forks source link

[BC Idea]: Support of RSACryptoServiceProvider.ImportEncryptedPkcs8PrivateKey Method #309

Open marekvicar opened 1 year ago

marekvicar commented 1 year ago

BC Idea Link

https://experience.dynamics.com/ideas/idea/?ideaid=a9ddabfd-ca32-ee11-a81c-6045bdb6c2ac

Description

We need to be able to work with an encrypted private key in "DER-encoded encrypted PKCS8" format.

Specifically, to import and decrypt the key using the provided password, convert and save it to XmlString format.

Furthermore, use the key to sign the data using RSACryptoServiceProvider, SHA512 hash function, PKCS#1 v1.5 padding

In the BC22 System Application, there are appropriate codeunits 1474 "Signature Key" and 1266 "Cryptography Management", but they do not provide these functions.

The idea is to add new procedures to these codeunits to enable the desired functionality.



Internal work item: AB#479951

JesperSchulz commented 1 year ago

Just a little more patience. We're currently setting the right automations up between GitHub <-> DevOps <-> BCIdeas. Shortly we'll be ready to triage and approve ideas!

JesperSchulz commented 1 year ago

Approved! Please create your PR.

marekvicar commented 12 months ago

@JesperSchulz Hi, I created a draft pull request https://github.com/microsoft/BCApps/pull/409 But the code as we propose cannot be compiled successfully! We need your suggestion.

We got stuck using the DotNetRSACryptoServiceProvider.ImportEncryptedPkcs8PrivateKey function which has 2 different overloads and the AL compiler cannot recognize the call. Compiling fails on error "The call is ambiguous between the method 'ImportEncryptedPkcs8PrivateKey(DotNet "System.ReadOnlySpan", DotNet "System.ReadOnlySpan", DotNet "System.Int32&")' defined in DotNet ' System.Security.Cryptography.RSACryptoServiceProvider' by the extension 'System Application by Microsoft (24.0.0.0)' and the method 'ImportEncryptedPkcs8PrivateKey(DotNet "System.ReadOnlySpan", DotNet "System.ReadOnlySpan ", DotNet "System.Int32&")' defined in DotNet 'System.Security.Cryptography.RSACryptoServiceProvider' by the extension 'System Application by Microsoft (24.0.0.0)"

It's a problem of the ReadOnlySpan generic datatype, which AL language cannot handle properly. Is this somehow solvable using the standard AL language and BusinessCentral application?

If not, we may have to look for a completely different solution outside of standard System application.

JesperSchulz commented 12 months ago

Let me loop in someone from the compiler team! Stay tuned!

SBalslev commented 12 months ago

It may not be possible to be specific enough with AL. So, you'll need a .NET wrapper to disambiguate: ImportEncryptedPkcs8PrivateKey(System.ReadOnlySpan<System.Byte>, System.ReadOnlySpanSystem.Int32) ImportEncryptedPkcs8PrivateKey(System.ReadOnlySpan<System.Char>, System.ReadOnlySpan,System.Int32)

Byte vs. Char

https://learn.microsoft.com/en-us/previous-versions/dynamicsnav-2018-developer/Using-Generics

marekvicar commented 12 months ago

Yes, that's the point. We can't do this with the standard AL features available to developers. Microsoft would have to support this by a .NET wrapper provided, or somehow.

domingosbarreto commented 4 months ago

We have a similar situation where we are trying to use ImportFromPem, but our issue here is that the code compiles, but when executing we get an error stating that BC cannot load System.Private.CoreLib.

Cannot create an instance of the following .NET Framework object: assembly System.Private.CoreLib, Version=8.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e, type System.ReadOnlySpan1.`

Can you please help with this?