NonRepudiation keyUsage can be used for signing #119
Labels
bug
Something isn't working
Comments
|
Thanks! This should be fixed now. |
|
Thanks for the correction. When do you plan to release a version containing this correction ? |
|
I'll probably release it this weekend. I prefer to collect as many bug fixes as I can before I release. The problem is I always seem to get the bug reports on the day after I make a release. :-( |
|
OK thanks for your reactivity, we actually need the correction for our project. |
|
FWIW, I typically make a release every weekend for any week in which I've fixed at least 1 bug. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Actually, in CmsSigner class we have the following check:
if (flags != X509KeyUsageFlags.None && (flags & X509KeyUsageFlags.DigitalSignature) == 0)
throw new ArgumentException ("The certificate cannot be used for signing.");
Which is refuses NonRepudiation certificate keyUsage. Non repudiation key usage can be used for signature and the code must be changed to:
if ((flags != X509KeyUsageFlags.None && flags != X509KeyUsageFlags.NonRepudiation) && (flags & X509KeyUsageFlags.DigitalSignature) == 0)
throw new ArgumentException ("The certificate cannot be used for signing.");
The text was updated successfully, but these errors were encountered: