The same thing is happening with pkcs12 from openssl. What you said is right, I don't think I have RC2. Can you help me on how to include this.
thanks a lot, Sudha OpenSSL> pkcs12 -passin pass:scott -in /flash/security/Moto-Sparky.p12 -clcerts -nokeys -out MotOLTCert.cert.pem MAC verified OK Error outputting keys and certificates 166698096:error:06074079:digital envelope routines:EVP_PBE_CipherInit:unknown pbe algorithm:evp_pbe.c:89:TYPE=pbeWithSHA 1And40BitRC2-CBC 166698096:error:23077073:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 algor cipherinit error:p12_decr.c:83: 166698096:error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe crypt error:p12_decr.c:123: error in pkcs12 OpenSSL> version OpenSSL 0.9.8a 11 Oct 2005 OpenSSL> OpenSSL> penssl:Error: 'help' is an invalid command. Standard commands asn1parse ca ciphers crl crl2pkcs7 dgst dh dhparam dsa dsaparam enc errstr gendh gendsa genrsa nseq ocsp passwd pkcs12 pkcs7 pkcs8 prime rand req rsa rsautl s_client s_server s_time sess_id smime spkac verify version x509 Message Digest commands (see the `dgst' command for more details) md2 md4 md5 rmd160 sha sha1 Cipher commands (see the `enc' command for more details) aes-128-cbc aes-128-ecb aes-192-cbc aes-192-ecb aes-256-cbc aes-256-ecb base64 des des-cbc des-cfb des-ecb des-ede des-ede-cbc des-ede-cfb des-ede-ofb des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb des-ofb des3 desx rc4 rc4-40 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dr. Stephen Henson Sent: Friday, September 07, 2007 12:43 PM To: openssl-users@openssl.org Subject: Re: PKCS12 parse fails with unknown pbe algorithm even after including openSSL_add_all_algorithms On Fri, Sep 07, 2007, Mulpur Sudha-MGI2496 wrote: > Hi, > > I am having problems in parsing a PKCS12 file. I was able to parse > other > PKCS12 files (with single CA certificates). > But this particular one has two level CA certificates and I get the > error that pbe algorithm is unknown. I am including > openSSL_add_all_algorithms but still see the problem. I am using > OpenSSL version 0.9.8.a. I saw from FAQ that this happens if I do not > include openSSL_add_all_algorithms but it happens to me even though I > did include the function call. > Can anyone help me on this. > > thanks a lot, > Sudha > > AXS2200> set security-ipsec load certs 7-11:01:36.440 [ERR]: Error > parsing PKCS12 file > > 154412560:error:06074079:digital envelope > routines:EVP_PBE_CipherInit:unknown pbe > algorithm:evp_pbe.c:89:TYPE=pbeWithSHA > 1And40BitRC2-CBC > 154412560:error:23077073:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 algor > cipherinit error:p12_decr.c:83: > 154412560:error:2306A075:PKCS12 > routines:PKCS12_item_decrypt_d2i:pkcs12 > pbe crypt error:p12_decr.c:123: > 154412560:error:23076072:PKCS12 routines:PKCS12_parse:parse > error:p12_kiss.c:127: > > IPSEC CERT file load failed > > AXS2200> > > > > > PKCS12 *p12; > X509 *cert=NULL; > STACK_OF(X509) *ca = NULL; > EVP_PKEY * privateKey = NULL; > FILE * fpCert; > FILE * fpKey; > FILE * fpCa; > FILE * fpCertOut; > int i; > char pkcsFile[50], passphrase[50]; > > sprintf(pkcsFile,"/flash/security/Sparky.p12"); > > sprintf(passphrase,"scott"); > > status = FAIL_RESP; > > FILE * fp = fopen(&pkcsFile,"rb"); > > OpenSSL_add_all_algorithms(); > OpenSSL_add_all_ciphers(); > OpenSSL_add_all_digests(); > SSL_load_error_strings(); > > if(!fp) > { > printf("Error opening pkcs file\n"); > return(status); > } > > p12 = d2i_PKCS12_fp(fp,NULL); > if(!p12) > { > printf("Error NULL p12\n"); > return(status); > } > > > if(!PKCS12_parse(p12,&passphrase, &privateKey, &cert, &ca)) > { > printf("Error parsing PKCS12 file\n"); > ERR_print_errors_fp(stderr); > return(status); > } > > } > > Well you don't need the to add ciphers and digests because they are included when you add algorithms. Check to see if "openssl pkcs12" does them same. You aren't running a version of OpenSSL where RC2 support has been disabled are you? Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
