[dev-crypto-csharp] Generate PFX, "Iteration 1024" but I hope "Iteration 2048" - Differences

Wed, 18 Dec 2013 20:40:51 -0800 

Hi,

I need to generate PFX, with openssl I get:

#openssl pkcs12 -info -noout -in expected.pfx
MAC Iteration *2048*
MAC verified OK
PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration *2048*
Certificate bag
PKCS7 Data
Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration *2048*

With my code I get:

#openssl pkcs12 -info -noout -in obtained.pfx
MAC Iteration *1024*
MAC verified OK
PKCS7 Data
Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration *1024*
PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration *1024*
Certificate bag

----- groovy file -----

    def myMethod(){
        cerPath = "mycer.cer"
        keyPath = "mykey.key"
        keyPass = "mypass"

        def pfxPath = "obtained.pfx"

        StringWriter sw = new StringWriter();
        PEMWriter pw = new PEMWriter(sw);

        BouncyCastleProvider provider = new BouncyCastleProvider();

        File cfile = new File(cerPath)
        InputStream is =  cfile.newInputStream()

        CertificateFactory factory =
CertificateFactory.getInstance("X.509", provider)

        X509Certificate[] chain = new Certificate[1];
        chain[0] = (X509Certificate) factory.generateCertificate(is)

        File kfile = new File(keyPath)
        InputStream isp = kfile.newInputStream()
        PKCS8Key pkcs8 = new PKCS8Key( isp, keyPass.toCharArray() );

        byte[] decrypted = pkcs8.getDecryptedBytes();
        PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec( decrypted );
        PrivateKey pk = (PrivateKey) KeyFactory.getInstance( "RSA"
).generatePrivate( spec );

        KeyStore pkcs12KeyStore = KeyStore.getInstance("PKCS12", provider);
        pkcs12KeyStore.load( null, keyPass.toCharArray() )
        pkcs12KeyStore.setKeyEntry("", pk, keyPass.toCharArray(), chain)
        pkcs12KeyStore.store(new FileOutputStream ( pfxPath ),
                     keyPass.toCharArray())
    }

-----

What is wrong?.

Best Regards.

-- 
Ignacio Ocampo Millán

Reply via email to