Victor wrote:
when pk12util imports a private key, the only software that sees the decrypted key is the key store. If you are importing into a properly configured hardware token, the private key isn't even visible to the software.HelloI would like to know, if is posible to extract the private key from a pkcs#12 file, without to import it into the keystore. I've tried it using the next code in c++: ... The variable p12dcx is a pointer to SEC_PKCS12DecoderContext, and it's initializated like in the file pk12util.c ...
NSS is very conservative in it's handling of private keys.
while (SEC_PKCS12DecoderIterateNext(p12dcx, &dip) == SECSuccess)
{
if (dip->der == NULL)
cout << "Type: " << dip->type << " dip->der ==
NULL" << endl;
else
cout << "Type: " << dip->type << " dip->der !=
NULL" << endl;
}
The result is:
Type: 163 dip->der == NULL
Type: 164 dip->der != NULL
Type: 164 dip->der != NULL
The problem is that I've been able to get the certs, but not the private
key.
1) import the key into the token and extract the private key by hand, or 2) crack the pkcs #12 file yourself. Most of the PKCS #12 code cracking happens in the smime shared library.. bob
smime.p7s
Description: S/MIME Cryptographic Signature
