Re: openssl 1.0.1c cannot parse newest GOST/PFX
14.11.2012 00:33, Dr. Stephen Henson пишет: >>> You can only convert the certificates to PKCS#7 not the private key. There >>> is >>> an option in Windows to export to PKCS#7. >> >> Yes, openssl converts the certificates with -nokeys option just fine. >> >>> If you want to decrypt the PKCS#12 file you need to find out what that OID >>> means. I can't find a reference to it online. >> >> Nor can I. Here I'm stuck. >> > > Could you post a sample PKCS#12 file including the password or alternatively > send me one privately? I'd love to, but I'm afraid I'm not allowed to share our JSC's official electronic digital signature :-( But I'm ready to run any code/debug and provide you with output. Eugene Grosbein __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: openssl 1.0.1c cannot parse newest GOST/PFX
On Tue, Nov 13, 2012, Eugene Grosbein wrote: > 13.11.2012 20:10, Dr. Stephen Henson ?: > > On Tue, Nov 13, 2012, Eugene Grosbein wrote: > > > >> Hi! > >> > >> Recently we purchased Aladdin eToken USB with digital signature inside > >> that uses GOST 34.11/34.10-2001 for official electronic contacts with > >> Russian Government. > >> It works just fine with Windows XP and CryptoPro CSP. > >> > >> I've exported it with its private key to pfx file (PKCS#12 format) using > >> standard WinXP interface. Now I try to convert it to PKCS#7 format > >> using openssl 1.0.1c built with GOST support but it fails: > >> > >> $ /usr/local/bin/openssl pkcs12 -in file.pfx -out file.pem > >> Enter Import Password: > >> MAC verified OK > >> Error outputting keys and certificates > >> 675239592:error:06074079:digital envelope > >> routines:EVP_PBE_CipherInit:unknown pbe > >> algorithm:evp_pbe.c:167:TYPE=1.2.840.113549.1.12.1.80 > >> 675239592:error:23077073:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 algor > >> cipherinit error:p12_decr.c:83: > >> 675239592:error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 > >> pbe crypt error:p12_decr.c:130: > >> > >> It seems this PFX uses PBE 1.2.840.113549.1.12.1.80 unknown to openssl, > >> isn't it? > >> I use FreeBSD 8.3-STABLE and openssl 1.0.1c built using Ports Collection. > >> > >> What should I do to be able to convert this PFX to PKCS#7? > >> I'm ready to apply patches etc. > > > > You can only convert the certificates to PKCS#7 not the private key. There > > is > > an option in Windows to export to PKCS#7. > > Yes, openssl converts the certificates with -nokeys option just fine. > > > If you want to decrypt the PKCS#12 file you need to find out what that OID > > means. I can't find a reference to it online. > > Nor can I. Here I'm stuck. > Could you post a sample PKCS#12 file including the password or alternatively send me one privately? Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: openssl 1.0.1c cannot parse newest GOST/PFX
13.11.2012 20:10, Dr. Stephen Henson пишет: > On Tue, Nov 13, 2012, Eugene Grosbein wrote: > >> Hi! >> >> Recently we purchased Aladdin eToken USB with digital signature inside >> that uses GOST 34.11/34.10-2001 for official electronic contacts with >> Russian Government. >> It works just fine with Windows XP and CryptoPro CSP. >> >> I've exported it with its private key to pfx file (PKCS#12 format) using >> standard WinXP interface. Now I try to convert it to PKCS#7 format >> using openssl 1.0.1c built with GOST support but it fails: >> >> $ /usr/local/bin/openssl pkcs12 -in file.pfx -out file.pem >> Enter Import Password: >> MAC verified OK >> Error outputting keys and certificates >> 675239592:error:06074079:digital envelope >> routines:EVP_PBE_CipherInit:unknown pbe >> algorithm:evp_pbe.c:167:TYPE=1.2.840.113549.1.12.1.80 >> 675239592:error:23077073:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 algor >> cipherinit error:p12_decr.c:83: >> 675239592:error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe >> crypt error:p12_decr.c:130: >> >> It seems this PFX uses PBE 1.2.840.113549.1.12.1.80 unknown to openssl, >> isn't it? >> I use FreeBSD 8.3-STABLE and openssl 1.0.1c built using Ports Collection. >> >> What should I do to be able to convert this PFX to PKCS#7? >> I'm ready to apply patches etc. > > You can only convert the certificates to PKCS#7 not the private key. There is > an option in Windows to export to PKCS#7. Yes, openssl converts the certificates with -nokeys option just fine. > If you want to decrypt the PKCS#12 file you need to find out what that OID > means. I can't find a reference to it online. Nor can I. Here I'm stuck. Eugene Grosbein __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: openssl 1.0.1c cannot parse newest GOST/PFX
On Tue, Nov 13, 2012, Eugene Grosbein wrote: > Hi! > > Recently we purchased Aladdin eToken USB with digital signature inside > that uses GOST 34.11/34.10-2001 for official electronic contacts with Russian > Government. > It works just fine with Windows XP and CryptoPro CSP. > > I've exported it with its private key to pfx file (PKCS#12 format) using > standard WinXP interface. Now I try to convert it to PKCS#7 format > using openssl 1.0.1c built with GOST support but it fails: > > $ /usr/local/bin/openssl pkcs12 -in file.pfx -out file.pem > Enter Import Password: > MAC verified OK > Error outputting keys and certificates > 675239592:error:06074079:digital envelope routines:EVP_PBE_CipherInit:unknown > pbe algorithm:evp_pbe.c:167:TYPE=1.2.840.113549.1.12.1.80 > 675239592:error:23077073:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 algor > cipherinit error:p12_decr.c:83: > 675239592:error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe > crypt error:p12_decr.c:130: > > It seems this PFX uses PBE 1.2.840.113549.1.12.1.80 unknown to openssl, isn't > it? > I use FreeBSD 8.3-STABLE and openssl 1.0.1c built using Ports Collection. > > What should I do to be able to convert this PFX to PKCS#7? > I'm ready to apply patches etc. You can only convert the certificates to PKCS#7 not the private key. There is an option in Windows to export to PKCS#7. If you want to decrypt the PKCS#12 file you need to find out what that OID means. I can't find a reference to it online. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
openssl 1.0.1c cannot parse newest GOST/PFX
Hi! Recently we purchased Aladdin eToken USB with digital signature inside that uses GOST 34.11/34.10-2001 for official electronic contacts with Russian Government. It works just fine with Windows XP and CryptoPro CSP. I've exported it with its private key to pfx file (PKCS#12 format) using standard WinXP interface. Now I try to convert it to PKCS#7 format using openssl 1.0.1c built with GOST support but it fails: $ /usr/local/bin/openssl pkcs12 -in file.pfx -out file.pem Enter Import Password: MAC verified OK Error outputting keys and certificates 675239592:error:06074079:digital envelope routines:EVP_PBE_CipherInit:unknown pbe algorithm:evp_pbe.c:167:TYPE=1.2.840.113549.1.12.1.80 675239592:error:23077073:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 algor cipherinit error:p12_decr.c:83: 675239592:error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe crypt error:p12_decr.c:130: It seems this PFX uses PBE 1.2.840.113549.1.12.1.80 unknown to openssl, isn't it? I use FreeBSD 8.3-STABLE and openssl 1.0.1c built using Ports Collection. What should I do to be able to convert this PFX to PKCS#7? I'm ready to apply patches etc. Please help. Eugene Grosbein __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org