Hi, To put some context on the below - the PKCS12 password interop issue cannot be resolved by limiting the password input to 32 characters (not counting the terminating NULL) external to the OpenSSL API - as the password string's null is counted as an additional (Unicode) character for the purposes of the MAC generation in the PKCS12_key_gen_uni function - a different MAC to that of MS is generated at this point.
Is this the appropriate forum to raise the issue below, or should it be raised with '[EMAIL PROTECTED] Best regards, Deane Sloan -----Original Message----- From: Deane Sloan To: '[EMAIL PROTECTED]' Sent: 8/11/2004 11:42 PM Subject: PKCS12 password >=32 chars interop issue with Microsoft cert stor es? Hi, We are using the OpenSSL PKCS#12 features for creating files for import to/from the Microsoft user stores - using PKCS12_parse and PKCS12_create ( nid_key=NID_pbe_WithSHA1And3_Key_TripleDES_CBC, nid_cert=NID_pbe_WithSHA1And40BitRC2_CBC, iter=2000, mac_iter=2000, keytype=0). Our tests have uncovered an issue where passwords of 32 ASCII chars or larger used on either side (MS store or OpenSSL) result in neither system reading files generated by the other due to MAC verification failure (ERR_GET_LIB(...) == ERR_LIB_PKCS12 && ERR_GET_REASON(...) == PKCS12_R_MAC_VERIFY_FAILURE ) on the PKCS12_parse side and similar password related errors on the certificate import wizard side (assuming PFXVerifyPassword failure in the CryptoAPI). Basically - it would seem that MS's MAC generation is based on a maximum of 32 characters (for example - try exporting from the MS user store with a password greater than 32 chars, re-import the file to the store but only supply the first 32 characters back). Changing the following in the PKCS12_key_gen_uni function in p12_key.c, line 136, from: if(passlen) Plen = v * ((passlen+v-1)/v); to: if(passlen) Plen = v * ((min(passlen,0x40L)+v-1)/v); results in correct operation (from the *limited* testing I've undertaken) for both import to and from OpenSSL and the MS stores - at character lengths >= 32 ASCII chars. This has been tested against 0.9.7d - however I note that p12_key.c hasn't changed in the 0.9.7d release. Is the Microsoft approach correct? If not - is there possible scope for a #define option for users where MS PKCS#12 interop is desirable? (apologies in advance if such an option does exist) Best regards, Deane Sloan ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
