Hi! Recently we purchased Aladdin eToken USB with digital signature inside that uses GOST 34.11/34.10-2001 for official electronic contacts with Russian Government. It works just fine with Windows XP and CryptoPro CSP.
I've exported it with its private key to pfx file (PKCS#12 format) using standard WinXP interface. Now I try to convert it to PKCS#7 format using openssl 1.0.1c built with GOST support but it fails: $ /usr/local/bin/openssl pkcs12 -in file.pfx -out file.pem Enter Import Password: MAC verified OK Error outputting keys and certificates 675239592:error:06074079:digital envelope routines:EVP_PBE_CipherInit:unknown pbe algorithm:evp_pbe.c:167:TYPE=1.2.840.113549.1.12.1.80 675239592:error:23077073:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 algor cipherinit error:p12_decr.c:83: 675239592:error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe crypt error:p12_decr.c:130: It seems this PFX uses PBE 1.2.840.113549.1.12.1.80 unknown to openssl, isn't it? I use FreeBSD 8.3-STABLE and openssl 1.0.1c built using Ports Collection. What should I do to be able to convert this PFX to PKCS#7? I'm ready to apply patches etc. Please help. Eugene Grosbein ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
