Extracting from PKCS8ShroudedKeyBag

Asger Henriksen Fri, 26 Jan 2001 02:50:06 -0800
Hi,

I am trying to convert a keyfile/certificate pair for a webserver from 
webstar (mac) format to basic textmode base64 encoded files.

I need the private key in a seperate file.

Running 


openssl asn1parse -inform DER -in privkey                 
    0:d=0  hl=4 l= 704 cons: SEQUENCE          
    4:d=1  hl=2 l=  11 prim: OBJECT            :pkcs8ShroudedKeyBag
   17:d=1  hl=4 l= 685 cons: cont [ 0 ]        
   21:d=2  hl=4 l= 681 cons: SEQUENCE          
   25:d=3  hl=2 l=  35 cons: SEQUENCE          
   27:d=4  hl=2 l=   9 prim: OBJECT            :pbeWithSHA1AndDES-CBC
   38:d=4  hl=2 l=  22 cons: SEQUENCE          
   40:d=5  hl=2 l=  16 prim: OCTET STRING      
   58:d=5  hl=2 l=   2 prim: INTEGER           :0400
   62:d=3  hl=4 l= 640 prim: OCTET STRING      
  706:d=1  hl=2 l=   0 cons: SET             

gives this output, and I logically assumed that


openssl pkcs8 -inform DER -in privkey -out key.pem -v1 PBE-SHA1-DES

would extract the key into key.pem.
but openssl complains with:

Error reading key
30734:error:0D0A0007:asn1 encoding routines:d2i_X509_ALGOR:expecting an
asn1 sequence:x_algor.c:85:address=135523396 offset=0


Regardsless of wether I specify the v1 algorithm or not.


I tried to run the dumpasn1 program on the keyfile:


   0 30  704: SEQUENCE {
   4 06   11:   OBJECT IDENTIFIER
            :     pkcs-12-pkcs-8ShroudedKeyBag (1 2 840 113549 1 12 10 1
2)
  17 A0  685:   [0] {
  21 30  681:     SEQUENCE {
  25 30   35:       SEQUENCE {
  27 06    9:         OBJECT IDENTIFIER
            :           pbeWithSHAAndDES-CBC (1 2 840 113549 1 5 10)
  38 30   22:         SEQUENCE {
  40 04   16:           OCTET STRING
            :             77 F9 A7 FF C4 61 77 05 BE E3 F2 60 88 D1 5A
27
  58 02    2:           INTEGER 1024
            :           }
            :         }
  62 04  640:       OCTET STRING
<snip>

which confirms that the file contains a pkcs-8 shrouded key bag, with
one entry, encoded
with SHA-DES

What am I doing wrong? The openssl.txt in the documentation area
specifies a number of NID_pbeXXX modes
for encrypting data, but SHA-DES is not one of them.

I checked Webstars (starnine.com) website, and they  seem to use
openssl/modssl for their SSL part (or so it seems,
since [open|mod]ssl is mentioned in the credits part of the manual.



Regards,
Asger Henriksen
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]
Extracting from PKCS8ShroudedKeyBag

Reply via email to
