Xavier Gonzalez wrote:
>
> Hi,
>
> I tried to read a pkcs12 file which contains a DSA certificate and
> private key.
> Application failed whith this error:
>
> OpenSSL> pkcs12 -in AutoSign_1024_DSA.p12 -info
> Enter Import Password:
> MAC Iteration 1
> MAC verified OK
> PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 1
> Key bag
> Bag Attributes
> localKeyID: 00 00 00 00 00 00 00 01
> friendlyName: NetscapeKeyFriendlyName
> Error outputting keys and certificates
> 151:error:0D09D082:asn1 encoding
> routines:d2i_RSAPrivateKey:parsing:.\crypto\asn1\d2i_r_pr.c:116:
> 151:error:0606F072:digital envelope routines:EVP_PKCS82PKEY:decode
> error:.\crypto\evp\evp_pkey.c:111
>
> Is it a bug ???
Maybe but probably not in OpenSSL. DSA private keys in PKCS#8 (which
PKCS#12 uses) have a standard format defined in PKCS#11 but this is well
hidden.
As a result vendors have often made up their own "standard". There are
currently three different formats which are in use. Maybe yours is
another form.
Try the latest OpenSSL snapshot and see if that works: it has support
for all three forms. If it doesn't then please send me a test file and
password and I'll see if I can add support for another broken DSA
format.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
