Hi folks, I have the strong feeling this *has* to be a FAQ, but google was unhelpfull, so let me try to ask it here:
I have various code signing certificates from different CAs, in evil M$ .spc/.pvk format. I'm effectively looking for a way to convert those into standard pkcs#12 format (so the mozilla tools will be able to use them). Now I found the PKCS#12 faq at http://www.drh-consultancy.demon.co.uk/pkcs12faq.html and the "pvk" utility, which I compiled and linked with openssl - and used it to convert the .pvk part (the private key) into PEM format. So the difficult part is already done ;-) Now, above FAQ says: Q. What are SPC files? A. They are simply DER encoded PKCS#7 files containing the certificates. Well they are in the newer versions of the tools. The older versions used an invalid PKCS#7 format. And indeed, when I run: openssl pkcs7 -inform DER -in code_signing.spc -print_certs it says: unable to load PKCS7 object 3859:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:/usr/src/crypto/dist/openssl/crypto/asn1/tasn_dec.c:1290: 3859:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:/usr/src/crypto/dist/openssl/crypto/asn1/tasn_dec.c:380:Type=PKCS7 Is this error the same as "The older versions used an invalid PKCS#7 format."? All this certificates have been created by different commercial CAs within the last few months, so I would hope not - but with this "proprietary" formats you never know. Any chance to extract and convert the certificate? Martin ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
