On Sat, 18 Nov 2006, John T. Guthrie wrote:
On Fri, 2006-11-17 at 16:17 -0500, Chaskiel M Grundman wrote:
pkcs15 does define file formats (for smart cards that use "transparent"
files), but "a file in PKCS #15 format" is nonsensical. At the very
least, there are multiple file formats depending on what sort of data
you are storing. A first step in figuring out what these files are is
determining if they are, in fact, asn.1 structures. use "openssl
asn1parse -inform DER -in <file>" and we should be able to tell based
on the structure and OIDs if the format actually comes from PKCS #15
I could easily be mistaken about the relationship of these files to PKCS
#15, if any. I'm really going on the fact that the application won't
save a file unless it has a .p15 extension. (That and the fact that
these files are being used in a security context.)
It appears that I am the one who was mistaken. pkcs15 defines the type
"PKCS15Token", which rfc2985 says is used "When software
variants of [PKCS#15] tokens are stored in a directory service"
For the file with the certificate and private key and the host key file,
I get the following error:
0:d=0 hl=2 l= 0 prim: BOOLEAN Bad boolean
20098:error:0D08E06A:asn1 encoding routines:d2i_ASN1_BOOLEAN:boolean is
wrong length:a_bool.c:110:
The ssh_host_key.p15 and certificate_and_key.p15 include a 228 byte header
that isn't asn.1, followed by an ASN.1 sequence consisting of the OID
pkcs15-ct-PKCS15Token and a PKCS15Object (from PKCS#15)
certificate_rsa_key.p15 just contains the ASN.1
It should be possible to construct an appropriate PKCS15Object from a
PKCS#12 file, but I do not know of any publicly available code that does.
Such code does not seem to be relevant to opensc.
FWIW, I attempted to analyze ssh_private_key.p15 using the pkcs15v2 ASN.1
module, and have determined that this pkcs#15 implementation is probably
faulty. in particular, it's encoding of PublicRSAKeyAttributes appears
wrong (does not include the non-OPTIONAL modulusLength, and the
RSAPublicKeyChoice uses the SubjectPublicKeyInfo branch without including
the context tag [1], which I do not see any way to omit (both CHOICEs are
SEQUENCE types))
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
