pkcs12 with frienlyNames seems to be erroneous

Tue, 01 Sep 2009 08:54:47 -0700 

Being unable to using a PKCS#12 file created by openSSL with 3 different
applications - Java jarsigner, Firefox/Thunderbird and KeyStoreBuilder
of the package "not-yet-commons-ssl"
<http://juliusdavies.ca/commons-ssl/> - I think that the problem may
well be attributed to an error in the PKCS#12 file.

All 3 errors are due to the use of the "friendlyName" in the PKCS#12 file.
Even so the Mozilla products don't explain why they don't accept the
file contents, removing the friendlyName from the the p12 file makes it
acceptable.
The java utility jarsigner and KeyStorBuilder 0.3.9 issue the error message:
"java.io.IOException: Attribute 1.2.840.113549.1.9.20.9.20 should have a
value DerInputStream.getLength(): lengthTag=32, too big"

OID 1.2.840.113549.1.9.20 represents "PKCS-9 Attribute : friendlyName".

KeyStoreBuilder even tracks the error:

java.io.IOException: Attribute 1.2.840.113549.1.9.20 should have a value
DerInputStream.getLength(): lengthTag=32, too big.
        at
sun.security.pkcs12.PKCS12KeyStore.loadSafeContents(PKCS12KeyStore.java:1426)
        at
sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1291)
        at java.security.KeyStore.load(KeyStore.java:1201)
        at
org.apache.commons.ssl.KeyStoreBuilder.tryJKS(KeyStoreBuilder.java:450)
        at
org.apache.commons.ssl.KeyStoreBuilder.parse(KeyStoreBuilder.java:341)
        at
org.apache.commons.ssl.KeyStoreBuilder.build(KeyStoreBuilder.java:98)
     at
org.apache.commons.ssl.KeyStoreBuilder.main(KeyStoreBuilder.java:540)

Even so the problem may be attributed to the applications, I suspect
that the fact that it happens with 3 applications rather points to an
error in the PKCS#12 file.

Any ideas

Regards
Willy Weisz

-- 
-----------------------------------------------------------
Willy Weisz

European Centre for Parallel Computing at Vienna (VCPC)
          Institute of Scientific Computing
               University of Vienna
                 Nordbergstrasse 15/C312
                 A-1090 Wien
Tel: (+43 1) 4277 - 39424          Fax: (+43 1) 4277 - 9394
                e-mail: we...@vcpc.univie.ac.at
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to