Hi,
I am trying to convert a keyfile/certificate pair for a webserver from
webstar (mac) format to basic textmode base64 encoded files.
I need the private key in a seperate file.
Running
openssl asn1parse -inform DER -in privkey
0:d=0 hl=4 l= 704 cons: SEQUENCE
4:d=1 hl=2 l= 11 prim: OBJECT :pkcs8ShroudedKeyBag
17:d=1 hl=4 l= 685 cons: cont [ 0 ]
21:d=2 hl=4 l= 681 cons: SEQUENCE
25:d=3 hl=2 l= 35 cons: SEQUENCE
27:d=4 hl=2 l= 9 prim: OBJECT :pbeWithSHA1AndDES-CBC
38:d=4 hl=2 l= 22 cons: SEQUENCE
40:d=5 hl=2 l= 16 prim: OCTET STRING
58:d=5 hl=2 l= 2 prim: INTEGER :0400
62:d=3 hl=4 l= 640 prim: OCTET STRING
706:d=1 hl=2 l= 0 cons: SET
gives this output, and I logically assumed that
openssl pkcs8 -inform DER -in privkey -out key.pem -v1 PBE-SHA1-DES
would extract the key into key.pem.
but openssl complains with:
Error reading key
30734:error:0D0A0007:asn1 encoding routines:d2i_X509_ALGOR:expecting an
asn1 sequence:x_algor.c:85:address=135523396 offset=0
Regardsless of wether I specify the v1 algorithm or not.
I tried to run the dumpasn1 program on the keyfile:
0 30 704: SEQUENCE {
4 06 11: OBJECT IDENTIFIER
: pkcs-12-pkcs-8ShroudedKeyBag (1 2 840 113549 1 12 10 1
2)
17 A0 685: [0] {
21 30 681: SEQUENCE {
25 30 35: SEQUENCE {
27 06 9: OBJECT IDENTIFIER
: pbeWithSHAAndDES-CBC (1 2 840 113549 1 5 10)
38 30 22: SEQUENCE {
40 04 16: OCTET STRING
: 77 F9 A7 FF C4 61 77 05 BE E3 F2 60 88 D1 5A
27
58 02 2: INTEGER 1024
: }
: }
62 04 640: OCTET STRING
<snip>
which confirms that the file contains a pkcs-8 shrouded key bag, with
one entry, encoded
with SHA-DES
What am I doing wrong? The openssl.txt in the documentation area
specifies a number of NID_pbeXXX modes
for encrypting data, but SHA-DES is not one of them.
I checked Webstars (starnine.com) website, and they seem to use
openssl/modssl for their SSL part (or so it seems,
since [open|mod]ssl is mentioned in the credits part of the manual.
Regards,
Asger Henriksen
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]