[BC Idea]: Support of RSACryptoServiceProvider.ImportEncryptedPkcs8PrivateKey Method

[marekvicar]

BC Idea Link

https://experience.dynamics.com/ideas/idea/?ideaid=a9ddabfd-ca32-ee11-a81c-6045bdb6c2ac

Description

We need to be able to work with an encrypted private key in "DER-encoded encrypted PKCS8" format.

Specifically, to import and decrypt the key using the provided password, convert and save it to XmlString format.

Furthermore, use the key to sign the data using RSACryptoServiceProvider, SHA512 hash function, PKCS#1 v1.5 padding

In the BC22 System Application, there are appropriate codeunits 1474 "Signature Key" and 1266 "Cryptography Management", but they do not provide these functions.

The idea is to add new procedures to these codeunits to enable the desired functionality.

Internal work item: AB#479951

[JesperSchulz]

Just a little more patience. We're currently setting the right automations up between GitHub <-> DevOps <-> BCIdeas. Shortly we'll be ready to triage and approve ideas!

[JesperSchulz]

Approved! Please create your PR.

[marekvicar]

@JesperSchulz
Hi, I created a draft pull request #409
But the code as we propose cannot be compiled successfully!
We need your suggestion.

We got stuck using the DotNetRSACryptoServiceProvider.ImportEncryptedPkcs8PrivateKey function which has 2 different overloads and the AL compiler cannot recognize the call.
Compiling fails on error "The call is ambiguous between the method 'ImportEncryptedPkcs8PrivateKey(DotNet "System.ReadOnlySpan<System.Byte>", DotNet "System.ReadOnlySpan<System.Byte>", DotNet "System.Int32&")' defined in DotNet ' System.Security.Cryptography.RSACryptoServiceProvider' by the extension 'System Application by Microsoft (24.0.0.0)' and the method 'ImportEncryptedPkcs8PrivateKey(DotNet "System.ReadOnlySpan<System.Char>", DotNet "System.ReadOnlySpan<System.Byte> ", DotNet "System.Int32&")' defined in DotNet 'System.Security.Cryptography.RSACryptoServiceProvider' by the extension 'System Application by Microsoft (24.0.0.0)"

It's a problem of the ReadOnlySpan generic datatype, which AL language cannot handle properly.
Is this somehow solvable using the standard AL language and BusinessCentral application?

If not, we may have to look for a completely different solution outside of standard System application.

[JesperSchulz]

Let me loop in someone from the compiler team! Stay tuned!

[SBalslev]

It may not be possible to be specific enough with AL. So, you'll need a .NET wrapper to disambiguate:
ImportEncryptedPkcs8PrivateKey(System.ReadOnlySpan<System.Byte>, System.ReadOnlySpan<System.Byte>System.Int32) ImportEncryptedPkcs8PrivateKey(System.ReadOnlySpan<System.Char>, System.ReadOnlySpan<System.Byte>,System.Int32)

Byte vs. Char

https://learn.microsoft.com/en-us/previous-versions/dynamicsnav-2018-developer/Using-Generics

[marekvicar]

Yes, that's the point.
We can't do this with the standard AL features available to developers.
Microsoft would have to support this by a .NET wrapper provided, or somehow.

[domingosbarreto]

We have a similar situation where we are trying to use ImportFromPem, but our issue here is that the code compiles, but when executing we get an error stating that BC cannot load System.Private.CoreLib.

Cannot create an instance of the following .NET Framework object: assembly System.Private.CoreLib, Version=8.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e, type System.ReadOnlySpan1.`

Can you please help with this?