Martin :
I think that the problem is that you are generating the private key with a
legnth of 1024 bits, and maybe you have IE 5 with 40 bits of protection.
Test again creating a keys of 512 bits.
Slds
Raul Gutierrez
----- Original Message -----
From: Ziacek Martin <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, December 06, 1999 5:01 AM
Subject: Problem with import PKCS12 to Windows
>
> Dear openssl-bugs,
>
> I am not sure, if I found bug in openssl, but I cannot solve some
problems,
> please help me.
>
> For testing purposes of my project I need to generate some certificates
> and corresponding private keys in pkcs12 format. I need
> import these key sets to Outlook.
> I was looking for CA, which is able to generate it for me and from
> one CA I have web link to Your software.
> >From second CA I got pkcs12 files, which has same bug as I have found
> (all files You will find in attached zip files).
>
> OpenSSL details:
> OpenSSL 0.9.4 09 Aug 1999
> built on: date not available
> platform: information not available
> options: bn(64,32) md2(int) rc4(idx,int) des(idx,cisc,4,long) idea(int)
> blowfish(idx)
> compiler: information not available
>
> Operating System Details:
> Windows NT 4.0 Workstation build 1381 Service Pack 5 (i386 version)
> Internet Explorer 5 (5.00.2314.1003)
> Signcode for IE5
>
> Compiler Details
> Microsoft (R) 32-bit C/C++ Optimizing Compiler Version 12.00.8168 for
80x86
> from Visual C++ 6.0 with Service pack 3
>
> Application Details
> Certificate Manager ver. 5.131.1863.1 (CERTMGR.EXE)
>
> Problem Description:
> Pkcs12 file generated by openssl is not possible to import to Windows.
>
> Certificate manager does import. When I import pkcs12 file, I get
> error message (from Certificate manager import wizard):
> "The input information is invalid."
> Of course, nothing is imported. However, this message is showed only for
> pkcs12 file with DSA keys. File containing RSA keys is possible import
> without any problem.
> Following commands generates all files:
>
> dsaparam -outform PEM 1024 -out DSAparam.pem
> req -new -newkey dsa:dsaparam.pem -sha1 file://saved in req.txt
> ca -msie_hack -in req.txt -out sign.txt
> pkcs12 -export -keysig -inkey privkey.pem -in sign.txt -out
> c:\temp\martin.pfx
> x509 -in sign.txt -out c:\temp\martin.der -outform DER
> (as PEM pass phrase and Export Password was used string 'password')
>
> I tried another switches, but without any success. Currently I am not
sure,
> if it is bug in openssl or in Windows. It is interesting, I am able to
> import
> martin.der file. As CA I used SSLeay demo server. All generated files You
> will
> find in files.zip.
>
> I have another set of files from CA, with same error on import. I think,
> this CA use openssl or ssleay (files are in swh.zip, export password
> for pkcs12 files is '1111').
>
> Well, if You know something about described problem, please help and let
> me known about fix.
>
> Thank and best regards
>
> Martin
>
>
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
