Hi,
I am having problem in reading PKCS#8 file generated by OpenSSL command
line tool ("opnessl pkcs8").
OpenSSL supports a number of encryption algorithms with option v1 and v2
(http://www.openssl.org/docs/apps/pkcs8.html).
I can only successfully read the PKCS#8 file generated using enryption
alogrithm with following OID:
SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC which is also
the same
encryption algorithm used by NSS for encrypting PKCS#12 file.
(I have used following command to generate the file : openssl pkcs8 -in
userkey_uenc.pem -topk8 -v1 PBE-SHA1-3DES -out
userkey_v1_pbe_sha1_3des.pk8)
My question is can I read PKCS#8 file other than PBE-SHA1-3DES algorithm?
Here is the code fragment that I have used to read the PKCS#8 file:
SECItem pkcs8DERItem = NULL;
// Load pkcs8DERItem with PKCS#8 data from file
SECKEYEncryptedPrivateKeyInfo* encPrivateKeyInfo = NULL;
rv = SEC_ASN1DecodeItem(arena, encPrivateKeyInfo,
SEC_ASN1_GET(SECKEY_EncryptedPrivateKeyInfoTemplate),
&pkcs8DERItem);
CERTCertificate* keyCert = NULL;
// initilize keyCert
SECItem* publicValue = NULL;
SECKEYPublicKey* pubKey = CERT_ExtractPublicKey(keyCert);
KeyType keyType = pubKey->keyType;
publicValue = CERT_getPublicValueAndType(pubKey, &keyType);
unsigned int keyUsage = keyCert->keyUsage;
SECItem nicknameItem;
PORT_Memset(&nicknameItem, 0, sizeof(SECItem));
nicknameItem.data = (unsigned char*)PORT_Strdup(keyCert->nickName);
nicknameItem.len = PORT_Strlen(keyCert->nickName) + 1
PK11SlotInfo* keySlotInfo = NULL;
nsCOMPtr<nsIInterfaceRequestor> uiCxt = nsnull;
SECItem pkcs8UunicodePWItem;
PRBool isPerm = PR_TRUE;
PRBool isPrivate = PR_TRUE;
srv = PK11_ImportEncryptedPrivateKeyInfo(
keySlotInfo,
encPrivateKeyInfo, &pkcs8UunicodePWItem,
&nicknameItem, publicValue,
isPerm, isPrivate,
keyType, keyUsage,
uiCxt
);
Any help is very much appreciated.
--
Subrata
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
