"Tipton, Michael" wrote:
>
> I am using OpenSLL to extract the private keys from my IIS Key Backup files.
> I am able to accomplish this fine except for certain servers we have. These
> servers keys/certs are marked as OFX (Financial Exchange). These are a
> special type of key/cert that you have to specificly request from Verisign ,
> etc.. When I try to extract from these files I am getting the same error
> that I get if I use a wrong password.
>
> unable to load key
> 207:error:0D08C007:asn1 encoding routines:D2I_NETSCAPE_PKEY:expecting an
> asn1 se
> quence:n_pkey.c:311:address=167888280 offset=0
> 207:error:0D08E08B:asn1 encoding routines:d2i_Netscape_RSA_2:unable to
> decode rs
> a private key:n_pkey.c:268:
> 207:error:0D08D06F:asn1 encoding routines:d2i_Netscape_RSA:decoding
> error:n_pkey
> .c:2450:address=167873496 offset=17
>
> I am guessing that there is a string that marks the type of key/cert and
> openssl is not recognizing the code for OFX when it unencrypts / validates
> the file. It checks the info and does not find an expected string so thinks
> the passowrd/unencrypt is bad.. This is pure speculation on my part.
>
> Does anyone have any idea if this is what is going on, and more importantly
> a way to fix / workaround it?
>
Try using the -sgckey option in OpenSSL 0.9.6
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
