Re: Extracting cert from pfx file

2011-01-24 Thread Muhammed Shafeek 
Hi All,
I'm resending the mail with more details with sample pfx file

key and cert extracted using PKCS12_parse() fn is as follows. Plz note the
localKeyID field in cert and key.

**
MAC verified OK
Bag Attributes
localKeyID: 01 00 00 00
friendlyName: mysrt
localKeyID: E3 E8 08 75 10 C2 89 A6 8A 5C 81 B5 4B 0C 43 49 10 FC 00 BD
subject=/C=IN/ST=Karnataka/L=bangalore/O=mycompany/OU=mybu/CN=
10.10.1.68/emailAddress=shaf...@gmail.com
issuer=/DC=com/DC=autocert/CN=rootca
-BEGIN CERTIFICATE-
MIIGDjCCBPagAwIBAgIKQAum1gAAQDANBgkqhkiG9w0BAQUFADBAMRMwEQYK
<<>>>
wEEyMlzv32iuW2QTeQ8980fk
-END CERTIFICATE-

Bag Attributes
friendlyName: mysrt
localKeyID: E3 E8 08 75 10 C2 89 A6 8A 5C 81 B5 4B 0C 43 49 10 FC 00 BD
Key Attributes: 
-BEGIN RSA PRIVATE KEY-
MIIEpAIBAAKCAQEAtsU6UvSXKcbCqLJFapFNNSPBiu1pYtsxqm/tPMJW5caqaGtD
<<
uJuUCTtysSTd0XMs20Xkk857mCR6mMct5fFo6sd1HY57kFtzNX7cIA==




Key and cert extracted from the same pfx file using openssl command line
utility has only one localKeyID in key and cert each with value 01 00 00 00
(openssl pkcs12 -in input.pfx -clcerts -nokeys -out outcert.pem)
(openssl pkcs12 -in input.pfx -nocerts -out outkey.pem)

Please let me know whether PKCS12_parse function has any such know issues.

-Shafeek

On Sun, Jan 23, 2011 at 10:26 PM, Muhammed Shafeek wrote:

> Hi All,
> The following code is to extract cert from a pfx file.
>
> p12Cert = d2i_PKCS12_fp(fp, NULL);  //fp points to a .pfx file.
> PKCS12_parse(p12Cert, pass, NULL, oCert, NULL);
>
> Here the resultant oCert has multiple localKeyID as shown below.
>
> MAC verified OK
> Bag Attributes
> localKeyID: 01 00 00 00
> localKeyID: E3 E8 08 75 10 C2 89 A6 8A 5C 81 B5 4B 0C 43 49 10 FC 00 BD
>
>
> The second localKeyID seen in the Bag attributes is actually the
> thumbprint.
>
> But extracting cert from the same pfx file using openssl command line
> utility (openssl pkcs12 -in input.pfx -clcerts -nokeys -out outcert.pem)
> results in single localKeyID attribute.
>
> Bag Attributes
> localKeyID: 01 00 00 00
>
> Can anyone please tell me why there is an additional localKeyID with the
> first method?
>
> Thanks in Advance
> Shafeek
>

Extracting cert from pfx file

2011-01-23 Thread Muhammed Shafeek 
Hi All,
The following code is to extract cert from a pfx file.

p12Cert = d2i_PKCS12_fp(fp, NULL);  //fp points to a .pfx file.
PKCS12_parse(p12Cert, pass, NULL, oCert, NULL);

Here the resultant oCert has multiple localKeyID as shown below.

MAC verified OK
Bag Attributes
localKeyID: 01 00 00 00
localKeyID: E3 E8 08 75 10 C2 89 A6 8A 5C 81 B5 4B 0C 43 49 10 FC 00 BD

The second localKeyID seen in the Bag attributes is actually the thumbprint.

But extracting cert from the same pfx file using openssl command line
utility (openssl pkcs12 -in input.pfx -clcerts -nokeys -out outcert.pem)
results in single localKeyID attribute.

Bag Attributes
localKeyID: 01 00 00 00

Can anyone please tell me why there is an additional localKeyID with the
first method?

Thanks in Advance
Shafeek