Steve/Kyle, Thanks again for your help. I've created a new private key:
-----BEGIN ENCRYPTED PRIVATE KEY----- MIICoDAaBgkqhkiG9w0BBQMwDQQIOvzJDTjEproCAQUEggKA9QSxNpqmrPiz7Tyd nXHRI7urfaCn0tEZp9v8fOpNTP18EaybbDM0zMvJ/g8uNP6wKgLlj159BdFmtmV6 rTDjqM+Xo7G3uwlOn2HWK6kkfwS9ZzVo+f3vYJ6VOCfSpOC8N82CWRLbXRhz3SfY v/eoPnEWlRt3GDUB3+qUaLUHwO+Vb+/eXaUa4oE7YNDz3ntAGqR4guvBPq3/IZ13 UZM4OC8elZlhSOzSyCo59DC2qJkQu4qqBOTZKNk0MZLiilk3QzSZjnzCSh+Q5AyK r2SDnaUyfuERPSLs109DSXDgC5v7gaKe1IWTaaCwCSjYxbzoxIE+ksXlJIgKg0tD M6U4oDb0PwrkYF+v0L2Ymxef0varqhhzE0in++wmmUB2W6hh5sKzmtp3piDoQbRG TMG9u9zfB+7Gu+JKwgCfoG4Fx1XphdzU6u2I1DbeFbTTrfQbx7YL9haOv2xMWHOs TUj9ULdsKXiJeQiv4MKt742+pca127gVP7L2m0D5q8cpsNBij4gOgSnfBY8YIVAb FT7hzxyLg2pbg/tXspqY0I1m3NZtCvqMPl6K4cb3rh57ICaZMbv+G35/9WYNcogU 4SmMhco+entpeXgoxiPuQQAaNn9urTGVuc+ySAiL4ni6JT7hqyyorJsH2mzuv1rz LvpnUkNBT1wC5zybYclQfuJ4SnvV/jelFv+620kTsVRlcs5+bw+EpnLdOGorFyAX XjftAPic4O1qUNaq5jVKCC9ycIC4tYzAGAkg1pRxruYp6iPw+SKDSdYqY0h8pFWn AEnnrShwE+762P43gB0XbPzIhY3byYqKyRjxMHCFtil4sBcaEhMEoQShxO2beWyu W/kcJQ== -----END ENCRYPTED PRIVATE KEY----- The password is "Strawberries". I also confirmed Steve's analysis that the algorithm is MD5. I'll look into trying to create a key sans encryption. Bob -----Original Message----- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dr. Stephen Henson Sent: Wednesday, February 11, 2009 3:55 PM To: openssl-users@openssl.org Subject: Re: Generating a PKCS#12 file On Wed, Feb 11, 2009, Bob Barnes wrote: > Kyle, > > Thanks for the response. Just to clarify a bit, our proprietary code > is simply a wrapper around the third party libraries, which are SSLPlus/BSAFE. > As far as I know they should be generating/storing the private key in > a standards compliant way. > > The first 2 lines of the private key are: > > MIICmDAaBgkqhkiG9w0BBQMwDQQIgeyJNiNcE90CAQUEggJ4arTMz0VmFuBiCw3P > 5LHhLjmOKpdTdby6Dy9BP34zrwL/7yKR+lt3cor+SzhH4vGedhD4SQafw4iM7+1j > > Can you confirm that my basic understanding as described in my first > email is essentially correct or am I out in left field someplace? > Analysis of that data suggests it *should* be a valid PKCS#8 format key. The algorithm used is pbeWithMD5AndDES-CBC which is ancient and low security. That error message is usually caused by passing the wrong password. It is possible it might be due to a bad fromat key being produced by the other library. Without seeing a sample key (including password) it isn't possible to tell. If there is some way to use a different algorithm for encrypting the key (or not encryptiing it at all) I'd suggest you try that. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
