Hi all, I have been working to the SCEP command, in particular to a command (now openca-scep) for parsing an generating SCEP messages (the latter part is not yet implemented). Right now I succeeded in loading and text-printing a simple PKCSReq message but it should not take long to have other messages parsed as well.
The usage, so far, is:
OpenCA Simple Certificate Enrollment Protocol Tools
(c) 2002 by Massimiliano Pala and OpenCA Group
OpenCA licensed software
USAGE: openca-scep [ args ]
-new build a new SCEP message.
-in file input SCEP message file (default is stdin)
-out file write SCEP message to file (default is stdout).
-msgtype new message format type (default is PKCSREQ).
-certfile file encoding certificate for SCEP message.
-certform certificate file format (default is PEM).
-keyfile file decoding secret key file.
-keyform decoding secret key file format (default is PEM).
-CAfile file CA's trusted certificate.
-passin arg Password passing method (check openssl for options).
-passwd pwd Password protecting the private key (if any).
-text Prints out data in human readable form.
-print_scert print signer's certificate.
-print_req print request data (PKCSReq messages).
-print_nonce print used NONCE.
-noout Do not output original data.
-version Print Package Version and exits.
-debug Output Debugging information.
-v Talk alot while doing things
Here it is a typical usage of the command:
$ ./openca-scep -in scep_pkiOp_31884.p7 -keyfile \
../examples/key_03_nopwd.pem -text
and here it is the output:
SCEP Message:
Message Type: PKCSReq (19)
Signed Data:
Signature Algorithm: md5
Signer Info:
Serial Number: 0x0 (fake)
Subject: /unstructuredName=magari.mpnet.hackmasters.net
Issuer: /unstructuredName=magari.mpnet.hackmasters.net
Signed Attributes:
Message Type:
19
Transaction ID:
C825DB390B346059CF4096AC42EC137F
Sender Nonce:
80:7b:c1:81:56:70:b3:72:9:3f:7f:6d:25:4d:cd:dc
Enveloped Data:
Encryption Algorithm: des-cbc
Recipient Info:
Serial Number: 0x03 (3)
Issuer: /C=IT/O=Hackmasters.net/CN=Certification
[EMAIL PROTECTED]
Decrypted Data:
00:88:05:08:f0:c8:05:08:00:c9:05:08:01:00:00:00:00:00:
00:00:19:00:00:00:01:00:00:00:02:00:00:00:18:c9:05:08:
00:00:00:00:18:00:00:00:21:00:00:00:00:ac:05:08:e8:ab:
05:08:03:00:00:00:00:00:00:00:00:00:00:00:08:00:00:00:
20:00:00:00:19:00:00:00:10:86:05:08:00:00:00:00:40:86:
05:08:00:00:00:00:18:00:00:00:31:00:00:00:b8:a1:05:08:
10:84:05:08:b8:84:05:08:68:85:05:08:00:00:00:00:19:00:
00:00:38:96:2b:40:38:96:2b:40:00:00:00:00:00:00:00:00:
30:00:00:00:19:00:00:00:b0:83:05:08:d0:a1:05:08:00:00:
00:00:00:00:00:00:00:00:00:00:19:00:00:00:02:00:00:00:
13:00:00:00:d0:83:05:08:00:00:00:00:00:00:00:00:11:00:
00:00:55:04:06:40:30:96:2b:40:10:00:00:00:21:00:00:00:
00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:18:a2:
05:08:a0:88:05:08:00:00:00:00:21:00:00:00:00:00:00:00:
00:00:00:00:00:00:00:00:09:00:00:00:38:a2:05:08:09:00:
00:00:00:00:00:00:19:00:00:00:2a:86:48:86:f7:0d:01:07:
03:00:00:00:00:00:00:00:18:00:00:00:51:00:00:00:00:04:
00:00:e8:a3:05:08:20:00:00:00:41:00:00:00:00:00:00:00:
00:00:00:00:a0:a2:05:08:20:00:00:00:20:00:00:00:00:00:
00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:
00:00:00:00:00:00:00:00:d3:5d:b4:fc:01:00:00:00:00:00:
00:00:89:00:00:00:a5:fd:22:53:1f:6d:ba:25:ab:8f:f5:d9:
f5:60:e8:fb:ce:b9:d4:cd:61:57:e0:32:ec:18:b4:1e:1a:c1:
02:c9:22:e3:73:fb:0e:db:72:92:b6:71:ba:96:ef:39:d4:3c:
8b:c4:c4:9e:a4:ac:71:01:b2
to be able to get the decrypted data simply add the -print_req switch
and then the output will be:
SCEP Message:
Message Type: PKCSReq (19)
Signed Data:
Signature Algorithm: md5
Signer Info:
Serial Number: 0x0 (fake)
Subject: /unstructuredName=magari.mpnet.hackmasters.net
Issuer: /unstructuredName=magari.mpnet.hackmasters.net
Signed Attributes:
Message Type:
19
Transaction ID:
C825DB390B346059CF4096AC42EC137F
Sender Nonce:
80:7b:c1:81:56:70:b3:72:9:3f:7f:6d:25:4d:cd:dc
Enveloped Data:
Encryption Algorithm: des-cbc
Recipient Info:
Serial Number: 0x03 (3)
Issuer: /C=IT/O=Hackmasters.net/CN=Certification
[EMAIL PROTECTED]
Decrypted Data:
00:88:05:08:f0:c8:05:08:00:c9:05:08:01:00:00:00:00:00:
00:00:19:00:00:00:01:00:00:00:02:00:00:00:18:c9:05:08:
00:00:00:00:18:00:00:00:21:00:00:00:00:ac:05:08:e8:ab:
05:08:03:00:00:00:00:00:00:00:00:00:00:00:08:00:00:00:
20:00:00:00:19:00:00:00:10:86:05:08:00:00:00:00:40:86:
05:08:00:00:00:00:18:00:00:00:31:00:00:00:b8:a1:05:08:
10:84:05:08:b8:84:05:08:68:85:05:08:00:00:00:00:19:00:
00:00:38:96:2b:40:38:96:2b:40:00:00:00:00:00:00:00:00:
30:00:00:00:19:00:00:00:b0:83:05:08:d0:a1:05:08:00:00:
00:00:00:00:00:00:00:00:00:00:19:00:00:00:02:00:00:00:
13:00:00:00:d0:83:05:08:00:00:00:00:00:00:00:00:11:00:
00:00:55:04:06:40:30:96:2b:40:10:00:00:00:21:00:00:00:
00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:18:a2:
05:08:a0:88:05:08:00:00:00:00:21:00:00:00:00:00:00:00:
00:00:00:00:00:00:00:00:09:00:00:00:38:a2:05:08:09:00:
00:00:00:00:00:00:19:00:00:00:2a:86:48:86:f7:0d:01:07:
03:00:00:00:00:00:00:00:18:00:00:00:51:00:00:00:00:04:
00:00:e8:a3:05:08:20:00:00:00:41:00:00:00:00:00:00:00:
00:00:00:00:a0:a2:05:08:20:00:00:00:20:00:00:00:00:00:
00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:
00:00:00:00:00:00:00:00:d3:5d:b4:fc:01:00:00:00:00:00:
00:00:89:00:00:00:a5:fd:22:53:1f:6d:ba:25:ab:8f:f5:d9:
f5:60:e8:fb:ce:b9:d4:cd:61:57:e0:32:ec:18:b4:1e:1a:c1:
02:c9:22:e3:73:fb:0e:db:72:92:b6:71:ba:96:ef:39:d4:3c:
8b:c4:c4:9e:a4:ac:71:01:b2
Certificate Request:
Data:
Version: 0 (0x0)
Subject:
serialNumber=7674189/unstructuredName=magari.mpnet.hackmasters.net
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:ca:40:63:f2:53:5a:1f:39:e2:e1:c9:48:80:09:
aa:d2:6e:77:00:fc:04:fe:f0:ba:5b:b3:7d:86:c6:
af:f3:e4:08:4b:56:a2:d0:02:33:f8:19:6f:f4:26:
14:01:d1:4e:c3:f5:91:ef:fb:0d:b4:87:f3:42:30:
86:70:74:08:b2:33:27:59:fd:05:35:ef:b2:01:71:
ac:a4:9e:c4:c4:8b:3c:d4:39:ef:96:ba:71:b6:92:
72:db:0e:fb:73:e3:22:c9:02:c1:1a:1e:b4:18:ec:
32:e0:57:61:cd:d4:b9:ce:fb:e8:60:f5:d9:f5:8f:
ab:25:ba:6d:1f:53:22:fd:a5
Exponent: 65537 (0x10001)
Attributes:
challengePassword :stamina
Signature Algorithm: md5WithRSAEncryption
9c:29:54:45:79:7e:4c:b4:52:91:49:8e:49:01:8a:03:9b:28:
27:8c:4a:9d:ad:40:11:bb:42:cb:66:d4:65:a4:b4:ea:41:6b:
a6:0f:0b:b2:f9:53:8b:66:51:78:3e:ca:f9:bd:79:7b:02:f6:
6a:42:b1:e7:5b:21:3a:fc:b3:d5:72:df:a4:42:0e:99:19:4b:
37:2a:18:dd:72:2a:cd:29:ae:bd:a4:78:aa:03:24:de:39:1f:
c6:8f:56:a6:1e:44:a8:f2:e7:b8:3b:29:97:0e:1f:c1:e3:24:
a9:23:83:44:4a:28:e8:b7:a0:5d:18:19:2d:97:4a:77:c6:08:
b9:8e
-----BEGIN CERTIFICATE REQUEST-----
MIIBtTCCAR4CAQAwPTE7MA4GA1UEBRMHNzY3NDE4OTApBgkqhkiG9w0BCQIWHG1h
Z2FyaS5tcG5ldC5oYWNrbWFzdGVycy5uZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0A
MIGJAoGBAMpAY/JTWh854uHJSIAJqtJudwD8BP7wuluzfYbGr/PkCEtWotACM/gZ
b/QmFAHRTsP1ke/7DbSH80IwhnB0CLIzJ1n9BTXvsgFxrKSexMSLPNQ575a6cbaS
ctsO+3PjIskCwRoetBjsMuBXYc3Uuc776GD12fWPqyW6bR9TIv2lAgMBAAGgODAW
BgkqhkiG9w0BCQcxCRMHc3RhbWluYTAeBgkqhkiG9w0BCQ4xERQPMA0wCwYDVR0P
BAQDAgWgMA0GCSqGSIb3DQEBBAUAA4GBAJwpVEV5fky0UpFJjkkBigObKCeMSp2t
QBG7Qstm1GWktOpBa6YPC7L5U4tmUXg+yvm9eXsC9mpCsedbITr8s9Vy36RCDpkZ
SzcqGN1yKs0prr2keKoDJN45H8aPVqYeRKjy57g7KZcOH8HjJKkjg0RKKOi3oF0Y
GS2XSnfGCLmO
-----END CERTIFICATE REQUEST-----
To simply get the request (only the PEM) simply don't use the
-text and use the -print_req.
This is just the starting, but let me know what do you think
about this. Actually the package is available from the CVS
(src/scep).
--
C'you,
Massimiliano Pala
--o-------------------------------------------------------------------------
Massimiliano Pala [OpenCA Project Manager] [EMAIL PROTECTED]
[EMAIL PROTECTED]
http://www.openca.org Tel.: +39 (0)59 270 094
http://openca.sourceforge.net Mobile: +39 (0)347 7222 365
smime.p7s
Description: S/MIME Cryptographic Signature
