On Fri, 2006-11-17 at 22:41 +0100, Nils Larsch wrote: > John T. Guthrie III wrote: > > Hello all, > > > > The following may sound like a rather strange question. First a bit of > > background. The company that I work for recently acquired some APC 7931 > > power > > distribution units. These PDUs are quite nice for what they do, and they > > are > > quite nicely managable. However, in order to put keys and certs onto these > > (for things like HTTPS and SSH), you have to use this wizard under Windows > > that generates a file in PKCS #15 format right in the file system. (Yes, > > you > > read that correctly.) In the case of SSH host keys, you just export these > > files onto the PDU. In the case of certificates, what you get is a private > > key in a .p15 file (That is, a file in PKCS #15 format.), and a certificate > > request in X.509 format. After you get the signed request back in X.509 > > format, the wizard generates yet another .p15 file that contains both the > > cert and the private key. You can then export this onto the PDU. This all > > works fine, but sometimes I would like to be able to do this under linux > > using > > openssl or something similar. Unfortunately, openssl doesn't handle .p15 > > files. opensc/openct expect the PKCS #15 data to come from a physical > > smart card, not a file in the file system. Does anyone on this list know of > > a way to convert between X.509/PKCS #12 data and PKCS #15 data without using > > a smart card? > > Could you send me such a file ?
Sorry, I totally spaced, and forgot to offer that. Attached at the end of this email are actually three of these files. They are named ssh_host_key.p15, certificate_private_rsa_key.p15, and certificate_and_key.p15. The first one should be self-explanatory. The second one contains a freshly created RSA key that a certificate signing request has been created for. The last one contains that RSA private key and a signed certificate. (I signed it using a private CA.) All of these .p15 files were created by APC's security wizard application. If you are really interested, it looks like you can download it from here: https://www.apcc.com/tools/download/software_comp.cfm?sw_sku=SFNMCSECWIZ211&tsk=f817x However, it will require a registration, so that might not be desirable. (I was able to download it after registering.) If you are able to extract the certificate and keys, here are some fingerprints: --- Host Key's Fingerprints --- SSHv1: EB:93:1F:FC:53:76:9C:AF:61:C2:DA:DD:B6:D2:39:1D SSHv2: 39:24:07:3E:0B:C5:D8:43:53:4A:8F:E5:84:7E:29:23 --- Certificate's General Information --- SHA Fingerprint: 4D:FB:85:3F:F9:E1:EF:43:05:36:BA:AB:DC:C7:DD:46:76:65:46:E4 MD5 Fingerprint: 53:A5:F4:4E:4F:E2:74:81:27:28:75:D8:44:9D:FF:55 On Fri, 2006-11-17 at 16:17 -0500, Chaskiel M Grundman wrote: > pkcs15 does define file formats (for smart cards that use "transparent" > files), but "a file in PKCS #15 format" is nonsensical. At the very least, > there are multiple file formats depending on what sort of data you are > storing. A first step in figuring out what these files are is determining > if they are, in fact, asn.1 structures. use "openssl asn1parse -inform DER > -in <file>" and we should be able to tell based on the structure and OIDs > if the format actually comes from PKCS #15 I could easily be mistaken about the relationship of these files to PKCS #15, if any. I'm really going on the fact that the application won't save a file unless it has a .p15 extension. (That and the fact that these files are being used in a security context.) For the file with the certificate and private key and the host key file, I get the following error: 0:d=0 hl=2 l= 0 prim: BOOLEAN Bad boolean 20098:error:0D08E06A:asn1 encoding routines:d2i_ASN1_BOOLEAN:boolean is wrong length:a_bool.c:110: However, for the file that contains just an RSA private key, I get the following output: 0:d=0 hl=4 l=1102 cons: SEQUENCE 4:d=1 hl=2 l= 10 prim: OBJECT :1.2.840.113549.1.15.3.1 16:d=1 hl=4 l=1086 cons: cont [ 0 ] 20:d=2 hl=4 l=1082 cons: SEQUENCE 24:d=3 hl=2 l= 1 prim: INTEGER :00 27:d=3 hl=4 l=1075 cons: SEQUENCE 31:d=4 hl=4 l= 841 cons: cont [ 0 ] 35:d=5 hl=4 l= 837 cons: cont [ 0 ] 39:d=6 hl=4 l= 833 cons: SEQUENCE 43:d=7 hl=2 l= 13 cons: SEQUENCE 45:d=8 hl=2 l= 11 prim: UTF8STRING 58:d=7 hl=2 l= 33 cons: SEQUENCE 60:d=8 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:91C53EA04F53F34AEF34C72C46919EF19C8D8D13 82:d=8 hl=2 l= 2 prim: BIT STRING 86:d=8 hl=2 l= 1 prim: BOOLEAN :0 89:d=8 hl=2 l= 2 prim: BIT STRING 93:d=7 hl=4 l= 779 cons: cont [ 1 ] 97:d=8 hl=4 l= 775 cons: SEQUENCE 101:d=9 hl=4 l= 767 cons: cont [ 2 ] 105:d=10 hl=2 l= 1 prim: INTEGER :02 108:d=10 hl=2 l= 105 cons: SET 110:d=11 hl=2 l= 103 cons: cont [ 3 ] 112:d=12 hl=2 l= 1 prim: INTEGER :00 115:d=12 hl=2 l= 27 cons: cont [ 0 ] 117:d=13 hl=2 l= 9 prim: OBJECT :PBKDF2 128:d=13 hl=2 l= 14 cons: SEQUENCE 130:d=14 hl=2 l= 8 prim: OCTET STRING [HEX DUMP]:85560626DABDA934 140:d=14 hl=2 l= 2 prim: INTEGER :03E8 144:d=12 hl=2 l= 35 cons: SEQUENCE 146:d=13 hl=2 l= 11 prim: OBJECT :1.2.840.113549.1.9.16.3.9 159:d=13 hl=2 l= 20 cons: SEQUENCE 161:d=14 hl=2 l= 8 prim: OBJECT :des-ede3-cbc 171:d=14 hl=2 l= 8 prim: OCTET STRING [HEX DUMP]:BE38E61B021D079D 181:d=12 hl=2 l= 32 prim: OCTET STRING [HEX DUMP]:1FDECE0DEA32A8B72E29C0522AD28C45E8BB7FDD203C0ABCB6242A03C0DADE0D 215:d=10 hl=4 l= 653 cons: SEQUENCE 219:d=11 hl=2 l= 9 prim: OBJECT :pkcs7-data 230:d=11 hl=2 l= 20 cons: SEQUENCE 232:d=12 hl=2 l= 8 prim: OBJECT :des-ede3-cbc 242:d=12 hl=2 l= 8 prim: OCTET STRING [HEX DUMP]:E224212955320531 252:d=11 hl=4 l= 616 prim: cont [ 0 ] 872:d=9 hl=2 l= 2 prim: INTEGER :80 876:d=4 hl=3 l= 227 cons: cont [ 1 ] 879:d=5 hl=3 l= 224 cons: cont [ 0 ] 882:d=6 hl=3 l= 221 cons: SEQUENCE 885:d=7 hl=2 l= 13 cons: SEQUENCE 887:d=8 hl=2 l= 11 prim: UTF8STRING 900:d=7 hl=2 l= 33 cons: SEQUENCE 902:d=8 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:91C53EA04F53F34AEF34C72C46919EF19C8D8D13 924:d=8 hl=2 l= 2 prim: BIT STRING 928:d=8 hl=2 l= 1 prim: BOOLEAN :0 931:d=8 hl=2 l= 2 prim: BIT STRING 935:d=7 hl=3 l= 168 cons: cont [ 1 ] 938:d=8 hl=3 l= 165 cons: SEQUENCE 941:d=9 hl=3 l= 162 cons: cont [ 0 ] 944:d=10 hl=3 l= 159 cons: SEQUENCE 947:d=11 hl=2 l= 13 cons: SEQUENCE 949:d=12 hl=2 l= 9 prim: OBJECT :rsaEncryption 960:d=12 hl=2 l= 0 prim: NULL 962:d=11 hl=3 l= 141 prim: BIT STRING I hope this helps. Thank you very much again to everybody for their help. -- John Guthrie [EMAIL PROTECTED]
ssh_host_key.p15
Description: Binary data
certificate_private_rsa_key.p15
Description: Binary data
certificate_and_key.p15
Description: Binary data
_______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel