The output is the same as "openssl pkcs12 -in "User.p12" -info"
Thanks for your response. Nicolas Pelloux-Prayer 2010/2/17 Ashok Kumar <ashok.ku...@csueastbay.edu> > I am not sure if you are using the following command. It parses the > certs & keys. > > #openssl pkcs12 -info -nodes -in <pkcs12 input file> > > Thanks > -Ashok > > On Wed, Feb 17, 2010 at 9:33 AM, Nicolas Pelloux-Prayer > <nicolaspellouxpra...@gmail.com> wrote: > > I'm trying to extract the cert/private key pair from a pkcs#12 file using > > the PKCS12_parse method. It works fine for most p12 I used before, then I > > ran into a strange p12 which doesnt work (returned cert & pkey are both > > NULL). > > > > Its structure is : > > > > > > > ********************************************************************************************************************* > >>openssl pkcs12 -in "User.p12" -info > > > > Enter Import Password: > > MAC Iteration 2000 > > MAC verified OK > > PKCS7 Data > > Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2000 > > Bag Attributes > > localKeyID: 01 00 00 00 > > Key Attributes: <No Attributes> > > > > -----BEGIN RSA PRIVATE KEY----- > > Proc-Type: 4,ENCRYPTED > > DEK-Info: DES-EDE3-CBC,54F8D05BE328D3E7 > > > > n377+hfeUZS2[...] > > -----END RSA PRIVATE KEY----- > > Certificate bag > > Bag Attributes > > localKeyID: 01 00 00 00 > > subject=/CN=User > > User/SN=User/GN=User/L=Lyon/OU=Mobile/O=test/C=FR/emailAddress= > u...@test.net > > issuer=/CN=test/L=Paris/OU=NC/O=test/C=FR > > -----BEGIN CERTIFICATE----- > > MIIEGzCCAwO[...] > > -----END CERTIFICATE----- > > > ********************************************************************************************************************* > > > > It seems to me that this p12 file could be broken, as i usually use p12 > file > > containing first a cert bag then a shrouded bag. This LocalKeyID seems > > strange too, maybe it's the source of the problem ? > > Import it in IE or firefox works fine though, so I tried to debug the > inside > > of PKCS12_parse to find where the parsing fails. > > > > As far as I understand it, the Bag order makes the asn1 parsing fail at a > > point, some tests using "openssl asn1parse" command on a file containing > the > > certificate PEM block first then the private-key PEM block, the parsing > > succeeds. When running the same command on a file containing the > private-key > > PEM block first then the certificate PEM block it fails (same order as in > my > > p12 file). These calls are logged below. > > . > > > > I couldn't understand in the pkcs#12 norm if this order is wrong or not > in > > term of asn1 syntax so I wrote this little post :) . > > > > Could someone (in)-validate this analysis and eventually explain the whys > > and hows of this issue please. > > > > Thanks in advance, > > > > Nicolas Pelloux-Prayer > > > > > > > ********************************************************************************************************************* > >>openssl asn1parse -in keyfirst.pem -i -dump > > > > 0:d=0 hl=4 l=1189 cons: SEQUENCE > > 4:d=1 hl=2 l= 1 prim: INTEGER :00 > > 7:d=1 hl=4 l= 257 prim: INTEGER > > :A3A4D74BE2BE77C4775260C1DEAFA4154067B61631A5F401A579FE338E83D487823 > > > BD19452C5D7DC68C4440F484798411DE81C4D6639855A54B3DCF0A9565C5454C4829D7AF95A1AEABF96E449D8A707447B0DCA5074FB467A3E272 > > > C51EBCA0DEB09529E6E99CF0BE9EC2553F0B076E7183E84F3609588CF2D0D15DA8B2DC67A652B8AC7A565ABFDFCDA0181264FBB59FBFCF15ED82 > > 1ABB81785DBC08E5D00021AC50FE9FAE7FD3B475E729E18C4222EA2EDB9F > > 268:d=1 hl=2 l= 3 prim: INTEGER :010001 > > 273:d=1 hl=4 l= 256 prim: INTEGER > > :3D6D8E67ED08A47ABA73D0E05590471EB71B774DA37B713A00FCE740413A195878B > > > 4F2EA239C22A899273B89250FC306868C6FBB5A293376B21F064BCCB51F5984AC737F5BFF2824BC8408C74F352595E3CDF162458B741B839DBB2 > > > AD20021607B0608E56091D26B95B8C62658757F9D57113D186AC72CC6422EDA3A5872B47E0F3B219900F37E8706908014F8CB2DFC6F24BE932BA > > FD04218FB5BD6A0B6693925B25D0B165BA493E5913D53092645578892429 > > 533:d=1 hl=3 l= 129 prim: INTEGER > > :E773A7413DEE5B82C3E4468A13D2C30D8303091CA73F2DF455DE3420C57E58A809F > > > C9192DDD46333A1D3614CEDAF29326EF1CF062F4377E89278A8F3E984A9B323E56D8AE2D87EA76D698D04B9B2E78DE51208A6B44EB4FB9029C99 > > 665:d=1 hl=3 l= 129 prim: INTEGER > > :B50013F4A1D44EE350073A32BB7E616981EA22085EEF237FBCA6C4A86B8D61A1B50 > > > FBD0A875DC6D0F836B29F4CAB2710FD472ACAB3788DB61D7B7B45B8E19E9928F488FC963E4285339A7C4FAB17459D61A14944D3B1CD23FC561B8 > > 797:d=1 hl=3 l= 129 prim: INTEGER > > :BAABBB94D2174135393B0E6D64C992C97E05DFBE7D616675EF1F74D98D8F767FA8F > > > 6227EDA6CE6C988D60C5ED84072B09B6C69756A7F36E19BE8B7136A1EB623A66AEF2B9A03D43AC2F2E36A913F2AA475C152BAE927A5AE533A70C > > 929:d=1 hl=3 l= 129 prim: INTEGER > > :AC8A787B7951342A88FD7AC325ECA1DBBC167F7ECF50D3DC4EF003043212C2812E5 > > > AFE406D2E3DFAB2C3219FADAC723F45D273BE6B3B7E8B9EAB39A60B4A38AFF454B7C96147D48DB9D588AF417F9BC31D706CB209C3B2B49D35506 > > 1061:d=1 hl=3 l= 129 prim: INTEGER > > :BBD3149E16F8417CD2C183BA7D1B81FACE36A080509C9785455AAC5E8E1F9DD622D > > > FB89EC460F8F87B6221AE6F765B6B25588F211323187A74E68EF603FC4F703CC53E1BD74C3A07A2ED82F22555FD9CAD31BAE4582414C05FC9B06 > > 1193:d=0 hl=2 l= 4 prim: appl [ 21 ] > > 1199:d=0 hl=2 l= 107 cons: appl [ 18 ] > > Error in encoding > > 4516:error:0D07209B:asn1 encoding routines:ASN1_get_object:too > > long:.\crypto\asn1\asn1_lib.c:142: > > > > > ********************************************************************************************************************* > >>openssl asn1parse -in certfirst.pem -i -dump > > > > 0:d=0 hl=4 l=1051 cons: SEQUENCE > > 4:d=1 hl=4 l= 771 cons: SEQUENCE > > 8:d=2 hl=2 l= 3 cons: cont [ 0 ] > > 10:d=3 hl=2 l= 1 prim: INTEGER :02 > > 13:d=2 hl=2 l= 1 prim: INTEGER :0C > > 16:d=2 hl=2 l= 13 cons: SEQUENCE > > 18:d=3 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption > > 29:d=3 hl=2 l= 0 prim: NULL > > 31:d=2 hl=2 l= 84 cons: SEQUENCE > > 33:d=3 hl=2 l= 24 cons: SET > > 35:d=4 hl=2 l= 22 cons: SEQUENCE > > 37:d=5 hl=2 l= 3 prim: OBJECT :commonName > > 42:d=5 hl=2 l= 15 prim: PRINTABLESTRING :test > > 59:d=3 hl=2 l= 13 cons: SET > > 61:d=4 hl=2 l= 11 cons: SEQUENCE > > 63:d=5 hl=2 l= 3 prim: OBJECT :localityName > > 68:d=5 hl=2 l= 4 prim: PRINTABLESTRING :test > > 74:d=3 hl=2 l= 11 cons: SET > > 76:d=4 hl=2 l= 9 cons: SEQUENCE > > 78:d=5 hl=2 l= 3 prim: OBJECT > :organizationalUnitName > > 83:d=5 hl=2 l= 2 prim: PRINTABLESTRING :NC > > 87:d=3 hl=2 l= 15 cons: SET > > 89:d=4 hl=2 l= 13 cons: SEQUENCE > > 91:d=5 hl=2 l= 3 prim: OBJECT :organizationName > > 96:d=5 hl=2 l= 6 prim: PRINTABLESTRING :test > > 104:d=3 hl=2 l= 11 cons: SET > > 106:d=4 hl=2 l= 9 cons: SEQUENCE > > 108:d=5 hl=2 l= 3 prim: OBJECT :countryName > > 113:d=5 hl=2 l= 2 prim: PRINTABLESTRING :test > > 117:d=2 hl=2 l= 30 cons: SEQUENCE > > 119:d=3 hl=2 l= 13 prim: UTCTIME :090605122816Z > > 134:d=3 hl=2 l= 13 prim: UTCTIME :110605122816Z > > 149:d=2 hl=3 l= 161 cons: SEQUENCE > > 152:d=3 hl=2 l= 24 cons: SET > > 154:d=4 hl=2 l= 22 cons: SEQUENCE > > 156:d=5 hl=2 l= 3 prim: OBJECT :commonName > > 161:d=5 hl=2 l= 15 prim: PRINTABLESTRING :test > > 178:d=3 hl=2 l= 17 cons: SET > > 180:d=4 hl=2 l= 15 cons: SEQUENCE > > 182:d=5 hl=2 l= 3 prim: OBJECT :surname > > 187:d=5 hl=2 l= 8 prim: PRINTABLESTRING :test > > 197:d=3 hl=2 l= 15 cons: SET > > 199:d=4 hl=2 l= 13 cons: SEQUENCE > > 201:d=5 hl=2 l= 3 prim: OBJECT :givenName > > 206:d=5 hl=2 l= 6 prim: PRINTABLESTRING :test > > 214:d=3 hl=2 l= 13 cons: SET > > 216:d=4 hl=2 l= 11 cons: SEQUENCE > > 218:d=5 hl=2 l= 3 prim: OBJECT :localityName > > 223:d=5 hl=2 l= 4 prim: PRINTABLESTRING :test > > 229:d=3 hl=2 l= 15 cons: SET > > 231:d=4 hl=2 l= 13 cons: SEQUENCE > > 233:d=5 hl=2 l= 3 prim: OBJECT > :organizationalUnitName > > 238:d=5 hl=2 l= 6 prim: PRINTABLESTRING :Mobile > > 246:d=3 hl=2 l= 15 cons: SET > > 248:d=4 hl=2 l= 13 cons: SEQUENCE > > 250:d=5 hl=2 l= 3 prim: OBJECT :organizationName > > 255:d=5 hl=2 l= 6 prim: PRINTABLESTRING :test > > 263:d=3 hl=2 l= 11 cons: SET > > 265:d=4 hl=2 l= 9 cons: SEQUENCE > > 267:d=5 hl=2 l= 3 prim: OBJECT :countryName > > 272:d=5 hl=2 l= 2 prim: PRINTABLESTRING :test > > 276:d=3 hl=2 l= 35 cons: SET > > 278:d=4 hl=2 l= 33 cons: SEQUENCE > > 280:d=5 hl=2 l= 9 prim: OBJECT :emailAddress > > 291:d=5 hl=2 l= 20 prim: IA5STRING :t...@test.net > > 313:d=2 hl=4 l= 290 cons: SEQUENCE > > 317:d=3 hl=2 l= 13 cons: SEQUENCE > > 319:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption > > 330:d=4 hl=2 l= 0 prim: NULL > > 332:d=3 hl=4 l= 271 prim: BIT STRING > > 0000 - 00 30 82 01 0a 02 82 01-01 00 a3 a4 d7 4b e2 be > > .0...........K.. > > 0010 - 77 c4 77 52 60 c1 de af-a4 15 40 67 b6 16 31 a5 > > w.wr`.....@g..1. > > 0020 - f4 01 a5 79 fe 33 8e 83-d4 87 82 3b aa 82 8e c8 > > ...y.3.....;.... > > 0030 - 34 6c bb f1 e8 c3 96 2f-2e 7e f0 ed e6 a9 d6 e7 > > 4l...../.~...... > > 0040 - a7 5d 7d fe 20 bd 19 45-2c 5d 7d c6 8c 44 40 f4 .]}. > > ..E,]}...@. > > 0050 - 84 79 84 11 de 81 c4 d6-63 98 55 a5 4b 3d cf 0a > > .y......c.U.K=.. > > 0060 - 95 65 c5 45 4c 48 29 d7-af 95 a1 ae ab f9 6e 44 > > .e.ELH).......nD > > 0070 - 9d 8a 70 74 47 b0 dc a5-07 4f b4 67 a3 e2 72 b9 > > ..ptG....O.g..r. > > 0080 - bb e7 be 43 c5 8a 6b ed-f2 d3 4d 42 cc 9b 02 de > > ...C..k...MB.... > > 0090 - de 29 c1 70 db df 5b 69-0c 51 eb ca 0d eb 09 52 > > .).p..[i.Q.....R > > 00a0 - 9e 6e 99 cf 0b e9 ec 25-53 f0 b0 76 e7 18 3e 84 > > .n.....%S..v..>. > > 00b0 - f3 60 95 88 cf 2d 0d 15-da 8b 2d c6 7a 65 2b 8a > > .`...-....-.ze+. > > 00c0 - c7 a5 65 ab fd fc da 01-81 26 4f bb 59 fb fc f1 > > ..e......&O.Y... > > 00d0 - 5e d8 20 70 9b 18 22 23-f5 d4 38 53 70 8f 60 4d ^. > > p.."#..8Sp.`M > > 00e0 - 3b 29 3f fb d9 25 a1 19-a3 35 00 86 1a bb 81 78 > > ;)?..%...5.....x > > 00f0 - 5d bc 08 e5 d0 00 21 ac-50 fe 9f ae 7f d3 b4 75 > > ].....!.P......u > > 0100 - e7 29 e1 8c 42 22 ea 2e-db 9f 02 03 01 00 01 > > .)..B"......... > > 607:d=2 hl=3 l= 169 cons: cont [ 3 ] > > 610:d=3 hl=3 l= 166 cons: SEQUENCE > > 613:d=4 hl=2 l= 31 cons: SEQUENCE > > 615:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key > > Identifier > > 620:d=5 hl=2 l= 24 prim: OCTET STRING > > 0000 - 30 16 80 14 a1 79 be c5-4b c1 76 ef 9a f8 a9 c9 > > 0....y..K.v..... > > 0010 - 90 2f ac 6b d4 e6 13 21- ./.k...! > > 646:d=4 hl=2 l= 14 cons: SEQUENCE > > 648:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Key Usage > > 653:d=5 hl=2 l= 1 prim: BOOLEAN :255 > > 656:d=5 hl=2 l= 4 prim: OCTET STRING > > 0000 - 03 02 06 c0 .... > > 662:d=4 hl=2 l= 31 cons: SEQUENCE > > 664:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Subject > > Alternative Name > > 669:d=5 hl=2 l= 24 prim: OCTET STRING > > 0000 - 30 16 81 14 66 64 65 70-69 65 72 72 65 40 61 72 > 0...t...@te > > 0010 - 6b 6f 6f 6e 2e 6e 65 74- st.net > > 695:d=4 hl=2 l= 29 cons: SEQUENCE > > 697:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Extended Key > > Usage > > 702:d=5 hl=2 l= 22 prim: OCTET STRING > > 0000 - 30 14 06 08 2b 06 01 05-05 07 03 04 06 08 2b 06 > > 0...+.........+. > > 0010 - 01 05 05 07 03 02 ...... > > 726:d=4 hl=2 l= 51 cons: SEQUENCE > > 728:d=5 hl=2 l= 3 prim: OBJECT :X509v3 CRL > Distribution > > Points > > 733:d=5 hl=2 l= 44 prim: OCTET STRING > > 0000 - 30 2a 30 28 a0 26 a0 24-86 22 68 74 74 70 3a 2f > > 0*0(.&.$."http:/ > > 0010 - 2f 63 72 6c 2e 61 72 6b-6f 6f 6e 2e 6e 65 74 2f > > /crl.test.net/ > > 0020 - 61 72 6b 6f 6f 6e 68 77-2e 63 72 6c testhw.crl > > 779:d=1 hl=2 l= 13 cons: SEQUENCE > > 781:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption > > 792:d=2 hl=2 l= 0 prim: NULL > > 794:d=1 hl=4 l= 257 prim: BIT STRING > > 0000 - 00 0e d0 4c 77 d8 52 91-69 35 83 84 2c d3 74 66 > > ...Lw.R.i5..,.tf > > 0010 - 50 b7 4e 6b a2 e3 58 37-72 ef 4c 46 4d ac da ab > > P.Nk..X7r.LFM... > > 0020 - 96 36 cf 6d d0 c3 32 85-45 5c 1a bd 73 4c e1 af > > .6.m..2.E\..sL.. > > 0030 - e1 88 8d ec d2 69 4f be-9c 94 c8 68 1d bd 48 08 > > .....iO....h..H. > > 0040 - 85 e1 b9 7e 87 9e 25 be-25 6c 84 81 ea 42 07 7e > > ...~..%.%l...B.~ > > 0050 - 7c 39 18 0e 73 5e 23 11-23 a7 70 01 cf 61 8f 8b > > |9..s^#.#.p..a.. > > 0060 - d5 42 a0 f6 f3 3d 44 ef-b8 21 37 67 1f 9e 0e 4e > > .B...=D..!7g...N > > 0070 - ce 6c f2 d8 90 02 95 38-61 f6 df 27 5b 4f 65 87 > > .l.....8a..'[Oe. > > 0080 - f3 6b 7a ce d0 f9 f4 41-c4 c5 af be 39 76 37 36 > > .kz....A....9v76 > > 0090 - ab c6 c9 b6 0a e7 37 73-b7 43 6a 46 f8 23 a7 39 > > ......7s.CjF.#.9 > > 00a0 - fd 12 d8 89 9c f5 3d 24-d5 95 03 89 9a 87 3f 62 > > ......=$......?b > > 00b0 - ad 19 8e 94 ac ba 93 71-33 5a f3 bc 48 a3 23 51 > > .......q3Z..H.#Q > > 00c0 - da d2 54 99 87 fc 9a 5c-44 c2 64 4a 70 1f cc 2d > > ..T....\D.dJp..- > > 00d0 - 29 80 c0 f2 9d a5 e7 9f-e3 c2 cf 22 2f bb ca 6a > > ).........."/..j > > 00e0 - 67 b6 0e 6b d0 be 3c 56-70 08 c5 3b b5 53 df f6 > > g..k..<Vp..;.S.. > > 00f0 - 6c 17 c1 07 69 bf 9a fb-4c f5 d1 d9 b7 38 f0 6b > > l...i...L....8.k > > 0100 - 1d > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org >
