-
Notifications
You must be signed in to change notification settings - Fork 55
Win8.x Store targeted apps are rejected due to Win32 crypto APIs #97
Comments
You'll have to be more specific. bcrypt.dll is Windows Store compliant. The MSDN documentation states that most of its functions are available for Store apps, for example BCryptDecrypt. |
Supported API test FAILED
|
Thanks. What type of application are you building? Win8.0, Win8.1, UWP? |
Oh sorry I forgot to mention that. It's a Windows 8.1 application. The best way to check if it's compatible is to run the App Cert tools locally with the dll referenced in the Win 8.1 program. |
Thanks. I wonder if the MSDN docs are imprecise and this is allowed in UWP but not Win8.x. I'll do some digging. |
BTW, in the meantime you can use an older (1.x) version of PCLCrypto, which doesn't depend on BCrypt. |
Yes that is already done thanks I detected the bcrypt problem after upgrading to 2.x. So Irolled back. Envoyé depuis mon smartphone Samsung Galaxy. -------- Message d'origine -------- BTW, in the meantime you can use an older (1.x) version of PCLCrypto, which doesn't depend on BCrypt. You are receiving this because you authored the thread. |
In trying to repro it, I didn't get any errors about BCrypt. But I did see some PInvoke.Kernel32 errors. This is inconsistent with MSDN docs. But although it failed when certifying the Debug package, it passed when certifying the Release package. Did you try with debug or release? |
Oh, interesting. So for Windows 8.1 apps all the NCrypt functions were rejected. For UWP they are allowed. |
Ah yes interesting indeed. I will think about upgrading my project to uwp. Thanks for the enlightenment Envoyé depuis mon smartphone Samsung Galaxy. -------- Message d'origine -------- Oh, interesting. So for Windows 8.1 apps all the NCrypt functions were rejected. For UWP they are allowed. You are receiving this because you authored the thread. |
I had the same trouble with a Windows Phone 8.1 app. |
Hello,
|
Hi, De : DenisSkygate [mailto:notifications@github.com] Hello, {Windows.UI.Xaml.UnhandledExceptionEventArgs} — |
Hi @AArnott , any ETA for the fix if possible? Thank you. |
I wish I had one. The only "fix" I know of right now is to target UWP apps. Microsoft has acknowledged the bug on their side, but I suspect their motivation to fix the process for 8.x targeted apps is relatively low. |
Got it. Thank you. |
I had the same issue with UWP application, but with ncrypt.dll. API BCryptCloseAlgorithmProvider in ncrypt.dll is not supported for this application type. App.dll calls this API. I'm using PCLCrypto 2.0.147, with Xamarin. |
@AArnott Would you consider reverting to the 1.x implemention without the BCrypt dependency? It isn't very useful to have a library that doesn't pass the Windows Store certification tests (at least not to me). I spent a bunch of time building a working app and now it looks like I need to either throw all the crypto code away and start over, or use an old version of this library which I assume has bugs that have been fixed in later versions. Also, note that targeting UWP does not pass certification, as my app is a Windows 8.1 UWP app and it fails certification to the Windows Store as of today. It's quite easy to repro the failure by running the certification test after building a Windows 8.1 UWP package for the Windows Store. Thanks! |
There haven't been any security bugs in this library thus far. If an older version works for you, go for it. Mostly each new version adds features and platforms. The only real "bugs" have been in serialized key pair interop across platforms, which very few folks need. I'm told by the Windows folks that they've updated the Store certification to allow these functions. Your local certification test may fail, but the online one should pass. Can you confirm or deny this? Even if that works, it's still feedback I'll pass onto the Windows SDK team to get an update to the local certification tool. |
@AArnott I can confirm that the online validation fails. I tried once with the default nuget installation, which installs outdated versions of all of the PInvoke dependencies, and again after updating all of the PInvoke dependencies. Online validation failed both times, exactly as it did locally. I appreciate the workaround, but I'm sure anyone else down the road would also appreciate not having to find out the hard way that their Windows Store submission fails and on top of that, find this thread with the workaround buried somewhere above. For anyone searching for how to get a valid Windows 8.1 build, you have to uninstall all of the nuget 2.x packages (PCLCrypto, PInvoke.*) in the right order (just keep trying to uninstall them one at a time until you eventually get rid of them all), and then install version 1.0.2.15130 (I'm not sure, but it seems like the 1.0.8x builds might also depend on the PInvoke packages). That worked for me and passed both local and online store validation for Windows 8.1. I haven't tried Windows Phone 8.1 yet. Oh, and I should note that even with these troubles, I'm sure that this library still saved me time in the long run since I needed CryptoStream and that looks like some significant work to implement on WinRT. So thanks for this library! |
Thanks for the info. I'll dig up the old thread I had with the Windows SDK folks and hopefully can press on them to fix this. Can you do me a favor and send me the failure report you're getting? Both the online version and the local test results, if possible? I'll use it both to update PInvoke to workaround the issue and to make the case to the WinSDK folks that the problem is not fixed. |
Thanks, Andrew! I've sent the failures to the email address in your profile, and here's a dump of the API failures from the online failure report:
|
When I create a UWP app and install PCLCrypto to it, then package it up and run the cert check, it passes. I wonder if this problem is exclusive to Win8 targeted apps. |
It could be specific to Windows 8. The Windows 10 version of my app doesn't use PCLCrypto because all of the crypto API's I needed are in the .NET Standard SDK. |
Our UWP app is now also failing Certification because of the FindFirstFileEx API, however I've been told by a MS Support agent that a fix should be available by the end of this week. I will try publishing again next Monday 07/08/2017 and update. |
@almudy I can't say without approval from the Store folks. But @HelenMamalaki's report sounds very encouraging, I'd say. |
@mattrichnz (For future reference: if something is deprecated, we have a process for doing so that ensures things don't just disappear overnight. They are marked |
@ptorr-msft @AArnott Thanks for your answers, good to clarify a few points. Fortunately, we've been able to switch over to .NET Standard libraries using System.Security.Cryptography and remove PCLCrypto. It is a shame as it was a great library but no doubt will use it again in the future once this issue is resolved. |
I opened a Support Incident today with the Store folks. To do this, go to the Store Dashboard, tap the question mark icon near the top right of the screen, and select Support. Then select Account Management and Setup and click either Chat Now or Submit an incident. I had a good response from the MS representative - helpful and patient, and acknowledged the issue is their side and hope to have it resolved by the end of the week. We also plan to switch to using the .NET Standard Crypto library - we'll need to check the speed issues mentioned by @AArnott. Also we still need to get our current submission out to production - hopefully that goes through by the end of the week using PCLCrypto. |
Any news on this? My submission still gets rejected. |
I hear from the Store folks that a rollout with the fix was delayed when their testing discovered a bug in the new version. They're working to fix it. |
This is the current word from the Store folks, as at 5:00 p.m. EST 8/8/17:
|
The Store folks reached out to me today to resubmit our app. It passed and is busy publishing since about 2:30 p.m. EST 8/14/2017. |
@apwillies from your votes above it looks like yours is a UWP app that passed certification. That's great to hear. |
@AArnott Yes - it is up and running. Thanks for the help on this. I'm sure all the other interested parties will be happy also. |
I can confirm this. Our app passed certification, too. Nice! |
I believe all UWP apps are unblocked now. |
So now the app pass the certification without any issue? |
Yes
Von: Magic73 [mailto:notifications@github.com]
Gesendet: Dienstag, 12. September 2017 17:43
An: AArnott/PCLCrypto <PCLCrypto@noreply.github.com>
Cc: Alexander Handtke <alex@algrande.net>; Mention <mention@noreply.github.com>
Betreff: Re: [AArnott/PCLCrypto] Win8.x Store targeted apps are rejected due to Win32 crypto APIs (#97)
So now the app pass the certification without any issue?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub<#97 (comment)>, or mute the thread<https://github.com/notifications/unsubscribe-auth/APGn9EojWGcwcqWHiH5DhRC7RbIKn8nKks5shqU5gaJpZM4Ic4mc>.
|
AFAIK Win8 store apps may still have an issue, since the last update I heard was that only UWP app submission had been fixed. |
The only thing we needed was MD5 hashing, so by removing the PInvoke libraries, we were able to pass the local cert kit. |
Thanks, @ItsRobbAllen. I've pinged the Windows Store certification folks to see if I can get the ball rolling for fixing 8.1 certification. |
@ItsRobbAllen Was this a local cert kit check that failed? If so, can you please download the latest SDK / cert check kit? The Store folks suggest that the latest one should pass (when run locally) and they expect the Store should not have rejected this. |
@ozzy1873 the failures you're seeing are due to a legit bug in PInvoke. It's defining the functions you've listed in the Store version of the library although those functions aren't available to Store apps. I will see those get fixed ASAP and you can update the PInvoke package used in your project by installing the latest one to apply the fix to your app. |
Yes, that is the exhaustive list of failures. Thanks for the quick turnaround!
|
I'm closing this issue now that the Store issues have been resolved (with last remaining PInvoke issue tracked by the above issue). |
I tried submitting to the store, but it failed for the same reason. I did update all the libraries as well as ensured I had the latest SDKs, but to no avail. I put in the request ticket to MS this thread, I hope they can either give a waiver or at least inform me how to get our app to pass. The only thing we're using the library for is MD5 hashing as the Windows cryptography library won't work on the iPad, and both our apps share the same code bases. |
@ItsRobbAllen I believe this has been fixed, just not yet published. |
@ozzy1873 Are you talking about the PInvoke issue you called out before? Because @ItsRobbAllen hit a different set of errors that suggest to me that it's a store cert problem, as opposed to the list you (@ozzy1873) hit that was due to a set of methods that PInvoke truly shouldn't have had for Store apps. |
Yes, I was talking about the PInvoke issue I called out before. Sorry, when he said it failed for the same reason, I assumed it was the same set of errors. |
Due to use of bcrypt.dll
The text was updated successfully, but these errors were encountered: