Michael Cohen wrote: > Hello all. I am in need of help with the following problem: > > SEC_PKCS12DecoderVerify failing with a return code of > SEC_ERROR_PKCS12_INVALID_MAC (-8113) [snip] > The problem is with the PKCS12 Decoder. I can successfully create a decoder > and update it with the pkcs12 that I've read in. > > However, the call to SEC_PKCS12DecoderVerify, is failing with a > SEC_ERROR_PKCS12_INVALID_MAC return code.
How did you create that PKCS12 file? Did you create it by exporting your key and cert from Windows' key store? Did you create the PKCS12 file with a password to protect it? Did you use an empty password? or a non-empty one? The most likely cause of this error (IINM) is that the password/key used to decrypt the PKCS12 file was not the same as the password/key used to encrypt it. This is especially common for files created with no password or an empty password, as is common among people who create PKCS12 files with Windows' cert utility (which does not require a non-empty password). If you created the PKCS12 file with an empty password, the easiest and best solution (IMO) is to re-create the PKCS12 file with a non-empty password. -- Nelson B _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
