PFX/PKCS12 to SNK conversion for mono

Question

This is follow up on Mono xbuild error CS1548 - key file has incorrect format

Hi, I have an application that is written in C# using VS2008. At present we are porting this app to Mac using Mono.

I have tried to extract the key from the pfx file. First I used

`sn -pc key.pfx key.snk`

this gave me an error of

'Failed to extract public key for key pair -- Keyset does not exist'.

I then used

`sn -p key.pfx key.snk`

this created the snk file that I wanted. I then in mono selected the project Option > Assembly Signing When built the error

'key.snk is missing private key needed for signing'.

I think I understand that if I make a new snk key that I can have both private and public keys in it. It just that because of Legacy issues we would really like to be able to use the original pfx key values.

Answer 1

Big thanks Poupou for coming up with the answer I have just added the code to the little program I made to get my snk.

using System.IO;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;

namespace PfxSnk
{
    internal class Program
    {
        private static void Main(string[] args)
        {
            X509Certificate2 cert = new X509Certificate2(@"KEY.pfx", "pfxPassword", X509KeyStorageFlags.Exportable | X509KeyStorageFlags.PersistKeySet);
            RSACryptoServiceProvider provider = (RSACryptoServiceProvider)cert.PrivateKey;

            byte[] array = provider.ExportCspBlob(!provider.PublicOnly);

            using (FileStream fs = new FileStream("FileName.snk", FileMode.Create, FileAccess.Write))
            {
                fs.Write(array, 0, array.Length);
            }
        }
    }
}

Answer 2

sn -pis used to extract a public key from a strongname.

However you need the private key in order to sign an assembly - so this (built-in sn) conversion is not helpful for your goal.

Sadly a quick look at Microsoft sn options does not document any option to do what you're looking for.

My suggestion is to write a small tool, re-using Mono sn and Mono.Security.dll source code, to read the PFX (pkcs#12) file and write it back as a SNK file.

Answer 3

Try sn -p key.pfx key.snk instead.