Xavier Gonzalez wrote:
>
>
> I tried again whith the first beta release of OpenSSL 0.9.5, and I had
> the same error.
>
> Here comes the PKCS12 file test. It was created whith Baltimore Toolkit
> "PKI-plus".
I suspected something awful was going on when the error occurred in RSA
decoding code.
Here's what the PKCS#8 format for the "DSA" key from that PKCS#12 file
looks like with dumpasn1:
22 30 42: SEQUENCE {
24 02 1: INTEGER 0
27 30 13: SEQUENCE {
29 06 9: OBJECT IDENTIFIER rsaEncryption (1 2 840 113549 1 1 1)
40 05 0: NULL
: }
42 04 22: OCTET STRING, encapsulates {
44 02 20: INTEGER
: 0D 0E FD 79 DB C8 3F 03 63 EB 63 4E 47 A2 1F D4
: 41 E1 92 46
: }
: }
Two problems here. It's supposed to be a DSA key but it says
rsaEncryption. The parameters are absent which may well be as a result
of the first problem.
I suggest you report the bug if this is a current version of the
toolkit. The correct DSA format is defined in PKCS#11 v2.01 section
11.9.
Its tricky to provide an OpenSSL work around because of the missing
parameters.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
