Re: PKCS#12 / PFX

Dr Stephen Henson Wed, 20 Oct 1999 03:33:42 -0700
[EMAIL PROTECTED] wrote:
> 
> We have some old certifcate mangling binaries, - they have been around so long
> that no-one knows where they came from or what the scripts using them do,
> but.....
> They output a file which contains The users Public Cert and private key, all
> password protected.
> We thought it was PKCS#12 or PFX , but the openssl pkcs12 -info -in nnnn command
> just returns:
> 
> 145:error:0D080071:asn1 encoding routines:d2i_ASN1_INTEGER:expecting an integer:
> .\crypto\asn1\a_int.c:241:
> 145:error:0D0FE004:asn1 encoding routines:d2i_PKCS12:nested asn1 error:.\crypto\
> pkcs12\p12_lib.c:86:address=9633856 offset=4
> error in pkcs12
> 
> An ASN1PARSE of the file gives:
>     0:d=0  hl=4 l=6702 cons: SEQUENCE
>     4:d=1  hl=2 l=  54 cons: cont [ 0 ]
>     6:d=2  hl=2 l=  33 cons: SEQUENCE
>     8:d=3  hl=2 l=   9 cons: SEQUENCE
>    10:d=4  hl=2 l=   5 prim: OBJECT            :sha1
>    17:d=4  hl=2 l=   0 prim: NULL
>    19:d=3  hl=2 l=  20 prim: OCTET STRING
>    41:d=2  hl=2 l=  17 prim: BIT STRING
>    60:d=1  hl=4 l=6642 cons: cont [ 1 ]
>    64:d=2  hl=2 l=   9 prim: OBJECT            :pkcs7-data
>    75:d=2  hl=4 l=6627 cons: cont [ 0 ]
>    79:d=3  hl=4 l=6623 prim: OCTET STRING
> 
> But, things get stranger because Netscape 4.51 and IE 4 / 5 both import the
> certs / private key from the file succesfully as PKCS#12 format?
> Anyone have any tips / utilities that could help me further?
> 

Looks like a PFX file (not PKCS#12) to me. Check out my PKCS#12 FAQ
(reachable from my homepage) for more info and an ancient utility to
handle PFX files, which may need a bit of hacking to work with the
latest OpenSSL.

Warning: the PFX code is horrible. It dates from the time when I didn't
know as much about SSLeay as I do now. The PFX format is also horrible
and fortunately it is now obsolete: so it never got incorporated into
OpenSSL.

Alternatively import the file into Netscape, export it then use the
PKCS#12 utility to extract the info.

Steve.
-- 
Dr Stephen N. Henson.   http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED] 
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the   OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]
Re: PKCS#12 / PFX

Reply via email to
