LoadPkcs12 returns wrong error message if certificate has wrong key usage

[Eneuman]

I got stuck on this problem until I checked the source code.
Maby add another error message to this?

On this line

MimeKit/MimeKit/Cryptography/CmsSigner.cs

Line 192 in 2249574

if (PrivateKey == null)

The code checkes if it has found a private key, if not it returns "The stream does not contain a private key".

But on this line, it skips all certificates that doesnt have the correct key usage.

MimeKit/MimeKit/Cryptography/CmsSigner.cs

Line 177 in 2249574

if (flags != X509KeyUsageFlags.None && (flags & SecureMimeContext.DigitalSignatureKeyUsageFlags) == 0)

So if you use a self signed certificate, that contains a private key, but has the wrong usage, you get the wrong error message :(

To reproduce, create a key like this and try and sign with it:

New-SelfSignedCertificate -Type Custom -Subject "CN=TestCertificate" -KeyUsage DataEncipherment -KeyAlgorithm RSA -KeyLength 2048 -SmimeCapabilities -CertStoreLocation "Cert:\CurrentUser\My"

[jstedfast]

I’ll look into it.