> I'm trying to extract private keys from Netscape Enterprise Server 3.5 or 3.6,
> and wonder if anyone knows details of the format.
To answer my own question, here are the details:
The "key.db" file is in Berkeley DB v1.85 "Hash" format (www.sleepycat.com
have code you can download to mess with this). This contains two records of
interest; one is a 16-byte block with key "global-salt", and the other a
variable length block with key "Server-Key".
The "Server-Key" block contains the following:
- a 16 byte "entry salt" BER-encoded as an integer (!) i.e.
02 10 x1 x2 x3 .... x16
- the following stuff, BER-encoded:
SEQUENCE {
SEQUENCE {
RC4 Encryption Algorithm Object ID (06 08 2A 86 48 86 F7 0D 03 04)
NULL item (05 00)
}
OCTETSTRING xx
}
The Octetstring needs to be decoded as follows:
Concatenate the global salt (16 bytes) and the password (use
'strlen(password)' bytes i.e. omitting terminating zero), and SHA-1 hash it:
saltedpasswd = SHA1( global_salt | password )
Concatenate the 'entry salt' (use the bytes in order x1..x16, i.e. treat the
'integer' encoding as MS byte-first) with the SHA-1 hash, and MD5 hash it.
rc4key = MD5 ( entry_salt | saltedpasswd );
This is used as a 16-byte RC4 key, to decode the above octet string.
The result contains the following, also BER-encoded:
SEQUENCE {
version number (INTEGER, should be 0)
SEQUENCE {
RSA object ID (06 09 2A 86 48 86 F7 0D 01 01 01)
NULL item (05 00)
}
OCTETSTRING yy
}
The resulting octet string contains the key as a BER-encoded "RSAPrivateKey"
as defined in PKCS#1 i.e. you can base64-encode this to get a PEM.
(Commercial considerations stop me from posting some code to do this right
now, but I'm sure someone can lash something up!)
Cheers
IH
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
