Re: retrive the private key from RSA KEON CA certificate

[Wu Junwei]

Hi,   I do not know whether the head is the standard PEM .It is issued by KEON, so maybe there will be some problems.   As to the FORMAT_PKCS12,  yes,  you are right. I have tried some pfx files exported form IE, I could retrive the private key by using load_key() in app.c with the format FORMAT_PKCS12.     But the problem is I can not choose the format such as PEM or DER in RSA Keon when exporting the CA certificate in PKCS#12 format.       I will do more test .   Thanks a lot,   wjw         ----- Original Message ----- From: Kiyoshi Watanabe To: [EMAIL PROTECTED] ; [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Monday, June 23, 2003 6:56 PM Subject: Re: retrive the private key from RSA KEON CA certificate Hello, >            -----BEGIN CERTIFICATE AND KEY----- Is this the standard PEM encorded pkcs12 format? As long as I see the header checking definitions for PEM formats in pem.h, no such a header is defined. Why don't you convert or issue the PKCS#11 in DER format. I believe the openssl will read the starndard PKCS12 binary file without having any problem and you can use FORMAT_PKCS12. -Kiyoshi Kiyoshi Watanabe     > I have a CA certificate exported from RSA KEON, which is PEM encoded pkcs#12 > certificate (listed below.) > It seems encoded by base64 , I have tried different methods to try to get > the private key inside the certificate by the functions in the openssl.  ( > such as using FORMAT_PKCS12 and FORMAT_PEM in apps.c/load_key().) > But it always failed. > It is exported by me so I know password used for the private key protection. > > Question: > 1,So, is it possible to retrive the private key inside the pkcs#12 > certificate as follows exported from KEON? > 2,If it is possible , how can I retrieve the private key in it by the > functions in OpenSSL? > > Thanks in advance. > > /******************************** the certificate exported from KEON > *****************************/ > The following passphrase protected PKCS #12 object, displayed in PEM encoded > format, contains the certificate and private key for CATest1_1. It also > contains the friendly name "CATest1_1". > >            -----BEGIN CERTIFICATE AND KEY----- > MIIF0wIBAzCCBY0GCSqGSIb3DQEHAaCCBX4EggV6MIIFdjCCBXIGCSqGSIb3DQEH > AaCCBWMEggVfMIIFWzCCAvAGCyqGSIb3DQEMCgECoIICpTCCAqEwGwYKKoZIhvcN > AQwBAzANBAhGyCbImOLSZwIBAQSCAoDPZJurj3+1kM7e4/cPp1kYM1qcsLPAQsIQ > 5eycmvECjgi7ZILdv28dvm3RNjTlmrH/Zr29i2gHANSgxRW8VQ5KFq/BZIEOG+KN > EsyVC/Xwpp1joEvxODb2UIymruFxqTAJYJIbXtnH4SHUzp2WXupmt8Cme8axoTwW > 1Dms4u/G/VyP9qlCVQOFfBpEdBzy+U9DC2QTnaN4XA6Sx8BxMS8TGTP+3LTPDK4b > k3ROX80znDIqd3povWsPk1MGCi1s6l6c817Nm2k8eu9S7agGsKmtYw/VzdbRIGYM > oP6l8H6IL9dvWBeMW8WgZj9rWFDg89CZW9qX3LuJ6IDqSJ8MU9xvs1ZdJHbjtABh > nzoZoSoPuMEYHf6L2JctLIEHNUJNYefh+Ck+INsNlofWW7OnavgT9Omrb4TiW1IA > mGe4F6gK6benv1bDTltTDPabraLE3jJY4VE4CtlsZeFLwZ6Y5q2JnSbSJCxZtMBP > zp6OOIkS8ZJK1BCZBQCIIw+1NLTRzrrfnJQuEcJ41LZhfCw2xdwVM4qtc7I3SXQA > Xs/UYFlvif4dMWyG5PtuQ/PrzM4OJ5KVXzjYRqa8ixLvDtqYsqwzlzGezz1HnKvE > vNTbT9qajK8AIxwnhhQ4ErMDVTbtjYrvWNfseu8WwRTIZfy3YLJS1vbwHNmdukql > AbsXmYGDEjgEgOuzS0I0qH3m/CoH1g6QEOxAFqXBU9HuZ91I+s7gprJwi5/dziMv > rl9WRkcDnTltijijvpXnTIGylWpS9To4pQhEuxa5GsNyvUgmQtU5v11hZWF+V3a4 > G3ZMDksr34VzflfHsIjfx6to3NUWVP1xo6Q+LjNKfie2ceM1fESUMTgwEwYJKoZI > hvcNAQkVMQYEBAAAAAEwIQYJKoZIhvcNAQkUMRQeEgBDAEEAVABlAHMAdAAxAF8A > MTCCAmMGCyqGSIb3DQEMCgEDoIICGDCCAhQGCiqGSIb3DQEJFgGgggIEBIICADCC > AfwwggFlAhB5U/4UwzOflq9K1i22Xqv3MA0GCSqGSIb3DQEBBQUAMD0xCzAJBgNV > BAYTAkpQMRIwEAYDVQQKEwlGdWppeGVyb3gxDDAKBgNVBAsTA0NTVzEMMAoGA1UE > AxMDV3UxMB4XDTAzMDYxOTA2MDAxMVoXDTA2MDQyNjExMDAxMVowQTELMAkGA1UE > BhMCSlAxCzAJBgNVBAoTAmZ4MQwwCgYDVQQLEwNjc3cxFzAVBgNVBAMTDnNvbiBv > ZiBDQVRlc3QxMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDegClxP28gBnrJ > s5RVqY5TMM5AIoHHDmQeIvj55DtMmIuRHnk6kBPmZJtqNetPwRfRwMIBtu9/T1Vy > psOO4QuAZz1C5wvRbC4Ylh4/nAnR1xY4fIN5lTflam1ohVUFZmx9jRNxp89VznSp > 56wcsiJMzNrB6Nev3j4bfKlz7iULCQIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAF2l > QSp+wQ7n98p7VeBh9wVnv/TTzb9ebgDEZSb9I6FZpeQ3242/cTsoe2y2NtmhjmmY > OURbW66jhV/pKZliEFM53Fc7xoPstN0SKFQyOHUsO0lQbZu+o8wk6oWptg/KPEZR > 1Xx6zu3E2Qwx+6vqOFGrfDdiQe7pDp4a4j6oYP1GMTgwEwYJKoZIhvcNAQkVMQYE > BAAAAAEwIQYJKoZIhvcNAQkUMRQeEgBDAEEAVABlAHMAdAAxAF8AMTA9MCEwCQYF > Kw4DAhoFAAQUy0Edy1Bxr38oc0jumiqofA19OeYEFIjlSSn4K2WLg6m2D9YYQgx6 > +bjkAgIEAA== >       -----END CERTIFICATE AND KEY----- > > > wjw ______________________________________________________________________ OpenSSL Project                                 http://www.openssl.org User Support Mailing List                    [EMAIL PROTECTED] Automated List Manager                           [EMAIL PROTECTED]