Hi, I am having problem in reading PKCS#8 file generated by OpenSSL command line tool ("opnessl pkcs8"). OpenSSL supports a number of encryption algorithms with option v1 and v2 (http://www.openssl.org/docs/apps/pkcs8.html).
I can only successfully read the PKCS#8 file generated using enryption alogrithm with following OID: SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC which is also the same encryption algorithm used by NSS for encrypting PKCS#12 file. (I have used following command to generate the file : openssl pkcs8 -in userkey_uenc.pem -topk8 -v1 PBE-SHA1-3DES -out userkey_v1_pbe_sha1_3des.pk8) My question is can I read PKCS#8 file other than PBE-SHA1-3DES algorithm? Here is the code fragment that I have used to read the PKCS#8 file: SECItem pkcs8DERItem = NULL; // Load pkcs8DERItem with PKCS#8 data from file SECKEYEncryptedPrivateKeyInfo* encPrivateKeyInfo = NULL; rv = SEC_ASN1DecodeItem(arena, encPrivateKeyInfo, SEC_ASN1_GET(SECKEY_EncryptedPrivateKeyInfoTemplate), &pkcs8DERItem); CERTCertificate* keyCert = NULL; // initilize keyCert SECItem* publicValue = NULL; SECKEYPublicKey* pubKey = CERT_ExtractPublicKey(keyCert); KeyType keyType = pubKey->keyType; publicValue = CERT_getPublicValueAndType(pubKey, &keyType); unsigned int keyUsage = keyCert->keyUsage; SECItem nicknameItem; PORT_Memset(&nicknameItem, 0, sizeof(SECItem)); nicknameItem.data = (unsigned char*)PORT_Strdup(keyCert->nickName); nicknameItem.len = PORT_Strlen(keyCert->nickName) + 1 PK11SlotInfo* keySlotInfo = NULL; nsCOMPtr<nsIInterfaceRequestor> uiCxt = nsnull; SECItem pkcs8UunicodePWItem; PRBool isPerm = PR_TRUE; PRBool isPrivate = PR_TRUE; srv = PK11_ImportEncryptedPrivateKeyInfo( keySlotInfo, encPrivateKeyInfo, &pkcs8UunicodePWItem, &nicknameItem, publicValue, isPerm, isPrivate, keyType, keyUsage, uiCxt ); Any help is very much appreciated. -- Subrata _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto