Adrian Peck wrote:
>
> At 09:23 PM 1/11/00 -0500, Freitas, Nathanial wrote:
> >
> >Did you ever find a solution this problem? I am facing
> >it right now, and would really appreciate any help
> >or advice!
> >
>
> Yes we did eventually find the solution. However we have our own exe to
> convert .key files to .pem files so we didn't make the change in openssl.
>
> Essentially for a normal .key file you calculate
> MD5 ( password )
> and use the answer as the RC4 key to decrypt the private key in the .key file.
>
> In an SGC .key file you calculate
> MD5 ( MD5 ( password ) + "SGCKEYSALT" )
> and use the answer as the RC4 key.
>
Hmmm interesting. The usual technique is looking in the .key file for
the string "private-key" then back tracking until you see 30 82 (hex)
which is an ASN1 SEQUENCE and feeding the result into openssl rsa
-inform NET. I presume the same ASN1 structure is present but with the
different key derivation you mention?
We could add an option to the 'rsa' utility that modifies the key
derivation in this way.
Getting the certificate chain is of course the other requirement. This
at least is easy enough if you have the IIS server working:
openssl s_client -connect hostname:443 -dumpcerts
should do the job, or you can even use IE5 to dump the chain in PKCS#7
format.
Having said that SGC might now become obsolete anyway.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]