CryptographicException: Unknown private key format

Websocket · June 10, 2023, 1:06am

I have an issue, I created a certificate using certbot let's encrypt on debian for my subdomain, certificate was issued and ssl works.

I need to use that certificate for my websocket so I converted it .p12 file using command

openssl pkcs12 -export -in fullchain.pem -inkey privkey.pem -out certificate.p12

However, when I try to load .p12 file using

    private X509Certificate2 GetCertificate(string certificateName, string certificatePassword)
    {
        if (certificateName == null || certificatePassword == null) return null;

        var certificates = Directory.GetFiles(
            Environment.CurrentDirectory, 
            certificateName, 
            SearchOption.AllDirectories
        );

        var certificatePath = certificates.First(path => path.EndsWith(certificateName));
        
        return certificatePath != null ? new X509Certificate2(certificatePath, certificatePassword) : null;
    }

it return error

CryptographicException: Unknown private key format
  at Mono.Security.X509.PKCS12.AddPrivateKey (Mono.Security.Cryptography.PKCS8+PrivateKeyInfo pki) [0x0006c] in <fed5abf356e4410f878747dcbee46084>:0
  at Mono.Security.X509.PKCS12.ReadSafeBag (Mono.Security.ASN1 safeBag) [0x000e5] in <fed5abf356e4410f878747dcbee46084>:0
  at Mono.Security.X509.PKCS12.Decode (System.Byte[] data) [0x00242] in <fed5abf356e4410f878747dcbee46084>:0
  at Mono.Security.X509.PKCS12..ctor (System.Byte[] data, System.String password) [0x0000d] in <fed5abf356e4410f878747dcbee46084>:0
  at System.Security.Cryptography.X509Certificates.X509Certificate2ImplMono.ImportPkcs12 (System.Byte[] rawData, System.String password) [0x00023] in <0f3a92f18c3f4515965ea9093114785a>:0
  at System.Security.Cryptography.X509Certificates.X509Certificate2ImplMono.ImportPkcs12 (System.Byte[] rawData, Microsoft.Win32.SafeHandles.SafePasswordHandle password) [0x0001b] in <0f3a92f18c3f4515965ea9093114785a>:0
  at System.Security.Cryptography.X509Certificates.X509Certificate2ImplMono..ctor (System.Byte[] rawData, Microsoft.Win32.SafeHandles.SafePasswordHandle password, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags keyStorageFlags) [0x0002f] in <0f3a92f18c3f4515965ea9093114785a>:0
  at Mono.X509PalImpl.ImportFallback (System.Byte[] data, Microsoft.Win32.SafeHandles.SafePasswordHandle password, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags keyStorageFlags) [0x00000] in <0f3a92f18c3f4515965ea9093114785a>:0
  at Mono.X509PalImplMono.Import (System.Byte[] data, Microsoft.Win32.SafeHandles.SafePasswordHandle password, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags keyStorageFlags) [0x00000] in <0f3a92f18c3f4515965ea9093114785a>:0
  at Mono.SystemCertificateProvider.Import (System.Byte[] data, Microsoft.Win32.SafeHandles.SafePasswordHandle password, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags keyStorageFlags, Mono.CertificateImportFlags importFlags) [0x00017] in <0f3a92f18c3f4515965ea9093114785a>:0
  at Mono.SystemCertificateProvider.Mono.ISystemCertificateProvider.Import (System.Byte[] data, Microsoft.Win32.SafeHandles.SafePasswordHandle password, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags keyStorageFlags, Mono.CertificateImportFlags importFlags) [0x00000] in <0f3a92f18c3f4515965ea9093114785a>:0
  at System.Security.Cryptography.X509Certificates.X509Helper.Import (System.Byte[] rawData, Microsoft.Win32.SafeHandles.SafePasswordHandle password, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags keyStorageFlags) [0x00005] in <131fc96242a743e6b00bc8a8663638a3>:0
  at System.Security.Cryptography.X509Certificates.X509Certificate..ctor (System.String fileName, System.String password, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags keyStorageFlags) [0x0003e] in <131fc96242a743e6b00bc8a8663638a3>:0
  at System.Security.Cryptography.X509Certificates.X509Certificate..ctor (System.String fileName, System.String password) [0x00000] in <131fc96242a743e6b00bc8a8663638a3>:0
  at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor (System.String fileName, System.String password) [0x00000] in <0f3a92f18c3f4515965ea9093114785a>:0
  at WebSocketListener.WebSocketNetworkListener.GetCertificate (System.String certificateName, System.String certificatePassword) [0x0004b] in C:\Users\Joe\Desktop\Work\unity\Vamps\GameEngine\Assets\Networking\WebGL\WebSocketNetworkListener.cs:133
  at WebSocketListener.WebSocketNetworkListener..ctor (DarkRift.Server.NetworkListenerLoadData pluginLoadData) [0x00014] in C:\Users\Joe\Desktop\Work\unity\Vamps\GameEngine\Assets\Networking\WebGL\WebSocketNetworkListener.cs:26
  at (wrapper managed-to-native) System.Reflection.RuntimeConstructorInfo.InternalInvoke(System.Reflection.RuntimeConstructorInfo,object,object[],System.Exception&)

This is implementation of GitHub - flejmer/DarkRift2-WebSocketListener: WebSocket Network Listener for DarkRift 2 for unity-webgl socket

Websocket · June 10, 2023, 1:08am

Also tried openssl pkcs12 -keypbe PBE-SHA1-3DES -export -in fullchain.pem -inkey privkey.pem -out certificate.p12 Still getting CryptographicException: Unknown private key format

orangepizza · June 10, 2023, 1:13am

from what you post on ssl - CryptographicException: Unknown private key format while trying to load p12 file - Stack Overflow
I think you may need to force certbot to request rsa certificate with --key-type rsa option

_az · June 10, 2023, 2:08am

Mmm, I think it's super unlikely that .NET/Mono can't handle an ECDSA key.

I ran the program below in Mono 5.0.0 (released 2017) and it runs fine. An older release (Mono 4.4.2 released in 2016 fails, but with a different error to OP).

@Websocket, what .NET runtime (and version) are you using?

using System;
using System.Security.Cryptography.X509Certificates;

public class Program
{
    public static void Main()
    {
		/*
		# openssl pkey -in privkey.pem -noout -text
			Private-Key: (256 bit)
			priv:
				00:c2:fd:35:71:4d:2b:eb:fb:70:d8:df:d8:eb:6b:
				69:c1:9b:b7:e3:98:9a:0f:10:4e:f2:5f:82:b9:95:
				26:f9:4f
			pub:
				04:67:d1:ad:c8:06:6f:3f:60:ab:b3:41:72:8e:4a:
				7b:7a:b1:67:6d:89:cd:81:bd:74:53:c2:8e:76:cd:
				9e:28:7e:1d:d9:96:e6:e8:ff:0b:d9:3f:12:5c:b4:
				1c:0d:5c:eb:cd:1f:0c:b7:ec:c0:26:01:20:a1:64:
				f9:11:80:ae:9d
			ASN1 OID: prime256v1
			NIST CURVE: P-256
		*/
		
		/* This program prints the same public key:
			Certificate Public Key: 04-67-D1-AD-C8-06-6F-3F-60-AB-B3-41-72-8E-4A-7B-7A-B1-67-6D-89-CD-81-BD-74-53-C2-8E-76-CD-9E-28-7E-1D-D9-96-E6-E8-FF-0B-D9-3F-12-5C-B4-1C-0D-5C-EB-CD-1F-0C-B7-EC-C0-26-01-20-A1-64-F9-11-80-AE-9D
		*/
		
		/* openssl pkcs12 -export -in fullchain.pem -inkey privkey.pem -out certificate.p12 */
        string base64Pfx = "MIIIMgIBAzCCB/gGCSqGSIb3DQEHAaCCB+kEggflMIIH4TCCBtcGCSqGSIb3DQEHBqCCBsgwggbEAgEAMIIGvQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQIlHOjHec3q+UCAggAgIIGkEKB4q4rcRVRFQoHcGnycyG7QQdixRjfYXBZGpTMxRL9Edf5TCbDSSFNzZbz96w7iCd7M0nVQkrMzXBu0ok2ty8sdVDM5xJtqEdSPRxgCbgPQMSfRIoxudVoGpk7g6cewEiYEQCu/++O1EKHf3mU7HE6ogUSeREOTX2z+dVHftgANO4BbD/4dAEIxkQA2uvq4hXfPeQ4eFXxBYn+b21ar7/3mnFrSVxD+JZQ0n6Gd66yLAuF/bmG9bBD5d3YfeLn298MF3H7jIc3q1l7mxyaQ9gRvCuADYiC2cgFkFb9KV2jpCEHt/c0WjJsekQXCHOzNf9jEmGV5wohcG/BOanVtoSUkq4F6A5Q2SC+G89nkX9F/4zCHXuaDbOQLi7BY6RaaVCjeeMpZNKCcMBz9Dyq4CsCIfR3s9wibEvDnkO3yQRDTo/M/WHh3ucuk7LieUNjGrQtv8Fr4wyp+2aZdu8/Kb2ndkcGNSakdNfz+PDjX6z/SzCILIk3QfscqyXKBqhPrO7iuXCFTKHcxq3EU0S0gSeOU4fLnQl5WOl63PGE9pTJSp6TH6PIgDiYlcUREi4BDKqywTMYpeFPo6+CZgndjuBYGLscblyLVOdYh7kbqGZoqhgGAfc/mSCBliKqpvl5mjPhQg7R5aDuX2Ig5Vh4F2f0SoB8rO0UEFfJG/tFjah4wrG33LHC4nKJLNKTpHPaXFv6Fn8ryctHsVYvHelhEu/Bdg852uOZVrZnn/updZwgJokYdmQebXaMwR+pMUiSTCDd7gDv1Nq6V4Ol4KWJzUAcenpy6yuZm+IpNYehNgX7lu4/vR9UL3MUrUqI83xFvbG0GQZMjf0Yicgj/RsxpNVsUKP80IS49U/t1SI+qboZKmnf/JbwVWf0FpTNMI2cXJjVW/qFpCP5Bz/l+b4+wgcF3Q304sVWLDlZnUi3gXdogRqO/ke9zijgOrC4zBgQx1Hw26P2SF5b1s8BEra4BzUgc9q9MRBlVWdgHum/P4ESgb7tWvh1tARx88rDMMuM3gXvn1YP6VVzzAbcJgzriHsuABCJOzDjLXbK3e+OE9qiF9uENOWH2uukjCpsnXJuco4Dz/ef1xA4ecCFblAOnYhR1gd6Iy8ugQqIn64hTKhukEz/8TJEPMmv9lGQThgoD8+ownQa8ro2grTSiAXSb9bfZlvOrnVspYpNgp6IXXt1qkDRXMB9BMF7ZWsAmFAbri9NwRkslOmzDo8IOgK/L2WSZ05z7/NFGpiWcCF0E6h3hxJEND92J+aj0nM8qzy9WUK5GxiINrBHPaGkB9j0lyc4A85kOiKH6c+i6kt3TN++FuoP5c3sawnm+QXzAjKjJQJBma8gaPp/3zXq9vd/GSoUGWDYh4AMAuE2lc8auSABeyAobnlni6UY1uEIxuYkoW9WPiQbn7nsMr9Mcz3/13Uvz0kfQFfOsx1wJeZK9sx0s82tUzur7rXO1abMG5Y/JSTi3C3WvZAiHDSm0MmNWIJhDvOwBiILKR0pMqkLeDnMzrjvFZUvfqGnnXnJdCBfiV7hf9iH/mfxJRDcrkVCoFnmaIPUFRHDZGCgS9hRF5a/sAZScQ1V8snHnBausdjhb5bqzG1bhkTBkm4pa0ccrdmNtQxa6UmD9yd88s/8aywJFLsWSe0IRg+vGSQixsp5hK+NWPOaM/SVIeoxeGih6RGadvPXVtfP9jx5DpUwq9Aaa14rFH6fb50QXAsOwXGUdDhi4M42EuDBgSeKw7CanhLtMW2r3kY5aCDkRGCDNZdJv9qb6b0ZVshdmnggFhOj6U3AotJE9/THUAVpgPeEYw2YLJGoaZyWrk0w3HVoBpR8hma+Q5mKP/VijKHYvjuDBkCBu0U+FobrxNj1iTag7zeW0UEhgv2ePNZJ0Kw14oFwbgAzBUs5eI+dWROhkxpTCXzeA4Css68KB2NusKPBVbgkLyPNMMIqlqhMVYWZAx9R3EkqCtrEMmSlYirN9ooRkGyMEg2nNyga63dW7RzkrEN1shzgPkrIfalox3NaMHWda8MiYqexfSC9pDUQFZTmYd+PQ1584uRSMf1NN30gFBPgn1UlNWohoGkhNf1w4eQWlu0bqQ0r5ebIEHzRYB22VSFsj7XqXVvf9DNCiRHfEtM0MQm46jCujbEai3obWfsz2vJj7gI0i497RmCEY/eDUP5avgfgq23hB1GS6dvLGGdggx993pgSzdd9bqVS3uB6AWL8aCy+Id32c5Jya3Dh3zCCAQIGCSqGSIb3DQEHAaCB9ASB8TCB7jCB6wYLKoZIhvcNAQwKAQKggbQwgbEwHAYKKoZIhvcNAQwBAzAOBAhn46kJx/O01gICCAAEgZCOkmlZiNeAHc6WYw/v5ivrLrCKEpDsl2IbMh/ho5UaenzvdXUoe1evacEn7favay7HVHW6sbxUp1amDKG41itaZ7GKvtUw142sB/9nbTUGFue8soxpXSlknDgKeDRtmz7RGbWfH76GnD7a3u2GMJuTbDQHkh83SIAaEOWDSYVOTVXxxZJNv0NAjiCUdZYAR60xJTAjBgkqhkiG9w0BCRUxFgQUuotiyDoxRBNTwuQJY1l4XnmTriowMTAhMAkGBSsOAwIaBQAEFB0+yrn2tbTGLaUNalnmqw1uZqYuBAhrG+L8I1EOiQICCAA=";
        byte[] pfxBytes = Convert.FromBase64String(base64Pfx);

        try
        {
            // Load the PFX archive into an X509Certificate2 object
            X509Certificate2 certificate = new X509Certificate2(pfxBytes);

            // Display some information about the certificate
            Console.WriteLine("Certificate Subject: " + certificate.Subject);
            Console.WriteLine("Certificate Thumbprint: " + certificate.Thumbprint);
            Console.WriteLine("Certificate Public Key: " + BitConverter.ToString(certificate.GetPublicKey()));
        }
        catch (Exception ex)
        {
            Console.WriteLine("Error loading PFX archive: " + ex.Message);
        }
    }
}

Websocket · June 10, 2023, 7:59am

_az · June 10, 2023, 8:03am

Wow that is ridiculously old! I am amazed. Yes, you will need to recreate the certificate with --key-type rsa.

Websocket · June 10, 2023, 8:04am

I can switch to net framework in unity API compability level, but I don't know which version is used

_az · June 10, 2023, 8:08am

I think it's worth trying to create the certificate with Certbot again using --key-type rsa, since it seems that for webgl, things with SSL are a bit different to a regular .NET environment.

Websocket · June 10, 2023, 10:19am

Unity say's 2021 version using net framework 4.8

So I

and it say's

Websocket · June 10, 2023, 12:55pm

This one worked, but now new problem come, if I try to connect to websocket it connecting like 1 minute, then disconnect

system · July 10, 2023, 12:55pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Expecting a .key private certificate Help	5	664	November 16, 2022
Getting a RSA privkey from the letsencrypt generated pem Help	24	23463	January 1, 2023
I have downloaded private key , and cert key in notepad in txt format, how to combined it t .crt ? or what i have to do next to it make in .crt format? Help	3	1997	May 18, 2018
May i know the issue and how to correct this? Help	4	1196	November 17, 2022
Create pfx-certificate Help	4	23520	March 25, 2019

CryptographicException: Unknown private key format

Related topics