Robert Relyea <[EMAIL PROTECTED]> wrote in message news:<[EMAIL PROTECTED]>... > Pierre wrote: > > > I have an EncryptedPrivateKeyInfo (epki) object created with the > > PK11_ExportEncryptedPrivateKeyInfo NSS function. > > This epki object was created with PBE_SHA1_DES_CBC algo and a > > password. > > > > We are trying to decrypt this epki to get the PrivateKeyInfo object > > but the decryption function doesn't seems to return a valid > > PrivateKeyInfo (It doesn't look like an asn1 structure) > > > > Our decrytion function is ok because it decrypt a epki sample from > > "RSA Security". > > > What are you using to generate your PBE? PBE_SHA1_DES_CBC uses pkcs 5 > v1, not pkcs 12 or pkcs 5 v2. >
We are using pkcs5v1 of the oid found in the asn1 structure (1.2.840.113549.1.5.10). > > > > > So what's wrong ? > > > > - Did the PK11_ExportEncryptedPrivateKeyInfo function from the NSS > > library return a valid PKCS8 structure ? > > > Yes, it should. > > > > - Are the SHA1 and DES algorithms implementation standard inside the > > NSS ? > > > Yes, they are implemented in the softoken. > > > > - Did someone succeed to decrypt a epki object ouside the NSS ? > > > The reverse is true, that is NSS has been able to decrypt epki objects > from outside using PBE_SHA1_DES_CBC. (OpenSSL keys have been imported > into NSS using PKCS #12 DES). NSS successfully exports PKCS #12 files to > openSSL and EI using triple-DES. > > bob > We try to decrpyt an epki object generated from NSS with OpenSSL pkcs8 tool but without success ! Here is the DER encoded epki object: 0x30 0x82 0x01 0x81 0x30 0x1B 0x06 0x09 0x2A 0x86 0x48 0x86 0xF7 0x0D 0x01 0x05 0x03 0x30 0x0E 0x04 0x08 0xA1 0x55 0xA4 0xF2 0xC4 0x24 0xB3 0x99 0x02 0x02 0x08 0x00 0x04 0x82 0x01 0x60 0x8A 0xA0 0xCF 0x92 0x7C 0x37 0xF9 0xAA 0xFB 0x48 0x06 0xDB 0xC5 0x5C 0x56 0x3D 0xDB 0xE7 0xEA 0x41 0x82 0x09 0x7F 0x93 0xBC 0x9C 0xDC 0x83 0x06 0x91 0x76 0x69 0x48 0xEB 0xED 0xB5 0x63 0x6F 0x30 0x36 0x32 0xCB 0xED 0x61 0x14 0xDE 0x7B 0x0A 0x36 0x15 0xD5 0x59 0xE6 0x68 0xA6 0xC5 0x06 0xEC 0x51 0x42 0x0D 0x10 0xA4 0x86 0x25 0x89 0x7A 0xB3 0x87 0xF9 0xF2 0x6C 0xE0 0x93 0x49 0xE0 0xFD 0x61 0xFF 0x97 0x1E 0x1E 0x6D 0x52 0x38 0xDC 0x53 0x37 0x1B 0xFA 0x1E 0x41 0xB9 0x1C 0xB2 0x17 0x7D 0x70 0xDC 0x58 0x34 0x5E 0xD9 0x52 0x16 0x43 0x74 0x3C 0x98 0x68 0x17 0xCC 0xF0 0x91 0x36 0x36 0x28 0x9A 0xD0 0xF5 0x2E 0x15 0xEC 0x27 0x6B 0x82 0xC5 0xFA 0x51 0xC5 0xCC 0x95 0x0B 0x02 0x64 0xC9 0x61 0xB4 0x8E 0x64 0x8F 0x03 0xE1 0x89 0xBC 0xCF 0xCA 0x2F 0x58 0xDE 0x20 0x3B 0x2D 0x96 0xB6 0x8D 0x67 0x7F 0x53 0x88 0x0D 0xFE 0x54 0x3D 0x9C 0xE4 0xEA 0x1F 0x05 0x97 0x4E 0x53 0x41 0x32 0x4B 0x21 0x28 0x32 0x7D 0x19 0x4F 0x99 0x6B 0x07 0x2E 0xB6 0x7A 0xA3 0x3B 0x29 0x45 0xDB 0x92 0xD7 0x32 0x10 0xF2 0xD9 0x5B 0x54 0x55 0x9D 0xEA 0xCD 0xD0 0x5F 0x4B 0x0B 0x6B 0x87 0x85 0x80 0x8E 0x43 0xCB 0xFC 0x95 0x3D 0xAC 0x7B 0x69 0x30 0xB7 0x52 0xFA 0x3F 0x0D 0x31 0x4E 0xBD 0x2A 0x7C 0xC0 0xD7 0x45 0x1B 0x89 0x31 0xFF 0xD8 0x2B 0x57 0x2E 0x4B 0xFB 0x10 0x18 0xCF 0xA9 0xE6 0x60 0xB0 0xC3 0xBB 0x07 0x1E 0xAA 0x07 0x14 0x7A 0x85 0x03 0x2A 0x82 0x99 0x9B 0x72 0x9A 0xAC 0xE1 0xE2 0x8C 0x9F 0x1B 0x99 0x80 0x73 0x1D 0x3C 0xFC 0x53 0xC3 0xF7 0x1E 0x85 0x43 0xC4 0x23 0x08 0x99 0x9F 0x7A 0x06 0x9F 0x7F 0x54 0x75 0x9D 0xC1 0x7E 0x4A 0x40 0x51 0x37 0x22 0x54 0xC2 0xBE 0xDB 0xE9 0x66 0xB0 0x24 0x26 0xD5 0x77 0xC7 0x7D 0x40 0x90 0xFF 0x22 0x03 0xA6 0x68 0x52 0x5F 0x54 0x1D 0x24 0x36 0xF6 0xD4 0x08 0xEB 0xE3 0xB1 0x0C 0x81 0xC2 0xDB 0xB9 0xC2 0xAF 0x7D 0x2E 0xC4 0x0F 0x96 0x4D 0xE8 0xD1 It has been encrypt with "test" password. When trying to use the following command ... openssl pkcs8 -in encoded.der -inform DER -out encoded.out ... we get the following error message : Error decrypting key 1028:error:06065064:digital envelope routines:EVP_DecryptFinal:bad decrypt:evp_enc.c:277: 1028:error:23077074:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 cipherfinal error:p12_decr.c:95: 1028:error:2306A075:PKCS12 routines:PKCS12_decrypt_d2i:pkcs12 pbe crypt error:p12_decr.c:121: So what's wrong ? > > > > > Any help welcome ! > >
