retrive the private key from RSA KEON CA certificate

2003-06-23 Thread Wu Junwei 

(B
(B
(BHi, all,
(B 
(BMaybe my question in last time was not clear, so I ask again by another 
(Bdescription.
(B 
(BI have a CA certificate exported from RSA KEON, which is PEM encoded 
(Bpkcs#12 certificate (listed below.)
(BIt seems encoded by base64 , I have tried different methods to try to get 
(Bthe private key inside the certificate by the functions in the openssl.  ( 
(Bsuch as using FORMAT_PKCS12 and FORMAT_PEM in apps.c/load_key().)
(BBut it always failed. 
(BIt is exported by me so I know password used for the private key 
(Bprotection.
(B 
(BQuestion:
(B1,So, is it possible to retrive the private key inside the 
(Bpkcs#12 certificate as follows exported from KEON?
(B2,If it is possible , how can I retrieve the private key in it by the 
(Bfunctions in OpenSSL? 
(B 
(BThanks in advance.
(B 
(B/ the certificate exported from KEON 
(B*/
(B
(BThe following passphrase protected PKCS #12 object, displayed in PEM encoded 
(Bformat, contains the certificate and private key for CATest1_1. It also 
(Bcontains the friendly name "CATest1_1".-BEGIN CERTIFICATE AND KEY-
(BMIIF0wIBAzCCBY0GCSqGSIb3DQEHAaCCBX4EggV6MIIFdjCCBXIGCSqGSIb3DQEH
(BAaCCBWMEggVfMIIFWzCCAvAGCyqGSIb3DQEMCgECoIICpTCCAqEwGwYKKoZIhvcN
(BAQwBAzANBAhGyCbImOLSZwIBAQSCAoDPZJurj3+1kM7e4/cPp1kYM1qcsLPAQsIQ
(B5eycmvECjgi7ZILdv28dvm3RNjTlmrH/Zr29i2gHANSgxRW8VQ5KFq/BZIEOG+KN
(BEsyVC/Xwpp1joEvxODb2UIymruFxqTAJYJIbXtnH4SHUzp2WXupmt8Cme8axoTwW
(B1Dms4u/G/VyP9qlCVQOFfBpEdBzy+U9DC2QTnaN4XA6Sx8BxMS8TGTP+3LTPDK4b
(Bk3ROX80znDIqd3povWsPk1MGCi1s6l6c817Nm2k8eu9S7agGsKmtYw/VzdbRIGYM
(BoP6l8H6IL9dvWBeMW8WgZj9rWFDg89CZW9qX3LuJ6IDqSJ8MU9xvs1ZdJHbjtABh
(BnzoZoSoPuMEYHf6L2JctLIEHNUJNYefh+Ck+INsNlofWW7OnavgT9Omrb4TiW1IA
(BmGe4F6gK6benv1bDTltTDPabraLE3jJY4VE4CtlsZeFLwZ6Y5q2JnSbSJCxZtMBP
(Bzp6OOIkS8ZJK1BCZBQCIIw+1NLTRzrrfnJQuEcJ41LZhfCw2xdwVM4qtc7I3SXQA
(BXs/UYFlvif4dMWyG5PtuQ/PrzM4OJ5KVXzjYRqa8ixLvDtqYsqwzlzGezz1HnKvE
(BvNTbT9qajK8AIxwnhhQ4ErMDVTbtjYrvWNfseu8WwRTIZfy3YLJS1vbwHNmdukql
(BAbsXmYGDEjgEgOuzS0I0qH3m/CoH1g6QEOxAFqXBU9HuZ91I+s7gprJwi5/dziMv
(Brl9WRkcDnTltijijvpXnTIGylWpS9To4pQhEuxa5GsNyvUgmQtU5v11hZWF+V3a4
(BG3ZMDksr34VzflfHsIjfx6to3NUWVP1xo6Q+LjNKfie2ceM1fESUMTgwEwYJKoZI
(BhvcNAQkVMQYEBAEwIQYJKoZIhvcNAQkUMRQeEgBDAEEAVABlAHMAdAAxAF8A
(BMTCCAmMGCyqGSIb3DQEMCgEDoIICGDCCAhQGCiqGSIb3DQEJFgGgggIEBIICADCC
(BAfwwggFlAhB5U/4UwzOflq9K1i22Xqv3MA0GCSqGSIb3DQEBBQUAMD0xCzAJBgNV
(BBAYTAkpQMRIwEAYDVQQKEwlGdWppeGVyb3gxDDAKBgNVBAsTA0NTVzEMMAoGA1UE
(BAxMDV3UxMB4XDTAzMDYxOTA2MDAxMVoXDTA2MDQyNjExMDAxMVowQTELMAkGA1UE
(BBhMCSlAxCzAJBgNVBAoTAmZ4MQwwCgYDVQQLEwNjc3cxFzAVBgNVBAMTDnNvbiBv
(BZiBDQVRlc3QxMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDegClxP28gBnrJ
(Bs5RVqY5TMM5AIoHHDmQeIvj55DtMmIuRHnk6kBPmZJtqNetPwRfRwMIBtu9/T1Vy
(BpsOO4QuAZz1C5wvRbC4Ylh4/nAnR1xY4fIN5lTflam1ohVUFZmx9jRNxp89VznSp
(B56wcsiJMzNrB6Nev3j4bfKlz7iULCQIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAF2l
(BQSp+wQ7n98p7VeBh9wVnv/TTzb9ebgDEZSb9I6FZpeQ3242/cTsoe2y2NtmhjmmY
(BOURbW66jhV/pKZliEFM53Fc7xoPstN0SKFQyOHUsO0lQbZu+o8wk6oWptg/KPEZR
(B1Xx6zu3E2Qwx+6vqOFGrfDdiQe7pDp4a4j6oYP1GMTgwEwYJKoZIhvcNAQkVMQYE
(BBAEwIQYJKoZIhvcNAQkUMRQeEgBDAEEAVABlAHMAdAAxAF8AMTA9MCEwCQYF
(BKw4DAhoFAAQUy0Edy1Bxr38oc0jumiqofA19OeYEFIjlSSn4K2WLg6m2D9YYQgx6
(B+bjkAgIEAA==
(B  -END CERTIFICATE AND KEY-
(B   
(B 
(Bwjw

Re: retrive the private key from RSA KEON CA certificate

2003-06-23 Thread Kiyoshi Watanabe 

Hello,

>-BEGIN CERTIFICATE AND KEY-

Is this the standard PEM encorded pkcs12 format? 

As long as I see the header checking definitions for PEM formats in
pem.h, no such a header is defined.

Why don't you convert or issue the PKCS#11 in DER format. I believe
the openssl will read the starndard PKCS12 binary file without having
any problem and you can use FORMAT_PKCS12.

-Kiyoshi
Kiyoshi Watanabe
 
 


> I have a CA certificate exported from RSA KEON, which is PEM encoded pkcs#12
> certificate (listed below.)
> It seems encoded by base64 , I have tried different methods to try to get
> the private key inside the certificate by the functions in the openssl.  (
> such as using FORMAT_PKCS12 and FORMAT_PEM in apps.c/load_key().)
> But it always failed.
> It is exported by me so I know password used for the private key protection.
> 
> Question:
> 1,So, is it possible to retrive the private key inside the pkcs#12
> certificate as follows exported from KEON?
> 2,If it is possible , how can I retrieve the private key in it by the
> functions in OpenSSL?
> 
> Thanks in advance.
> 
> / the certificate exported from KEON
> */
> The following passphrase protected PKCS #12 object, displayed in PEM encoded
> format, contains the certificate and private key for CATest1_1. It also
> contains the friendly name "CATest1_1".
> 
>-BEGIN CERTIFICATE AND KEY-
> MIIF0wIBAzCCBY0GCSqGSIb3DQEHAaCCBX4EggV6MIIFdjCCBXIGCSqGSIb3DQEH
> AaCCBWMEggVfMIIFWzCCAvAGCyqGSIb3DQEMCgECoIICpTCCAqEwGwYKKoZIhvcN
> AQwBAzANBAhGyCbImOLSZwIBAQSCAoDPZJurj3+1kM7e4/cPp1kYM1qcsLPAQsIQ
> 5eycmvECjgi7ZILdv28dvm3RNjTlmrH/Zr29i2gHANSgxRW8VQ5KFq/BZIEOG+KN
> EsyVC/Xwpp1joEvxODb2UIymruFxqTAJYJIbXtnH4SHUzp2WXupmt8Cme8axoTwW
> 1Dms4u/G/VyP9qlCVQOFfBpEdBzy+U9DC2QTnaN4XA6Sx8BxMS8TGTP+3LTPDK4b
> k3ROX80znDIqd3povWsPk1MGCi1s6l6c817Nm2k8eu9S7agGsKmtYw/VzdbRIGYM
> oP6l8H6IL9dvWBeMW8WgZj9rWFDg89CZW9qX3LuJ6IDqSJ8MU9xvs1ZdJHbjtABh
> nzoZoSoPuMEYHf6L2JctLIEHNUJNYefh+Ck+INsNlofWW7OnavgT9Omrb4TiW1IA
> mGe4F6gK6benv1bDTltTDPabraLE3jJY4VE4CtlsZeFLwZ6Y5q2JnSbSJCxZtMBP
> zp6OOIkS8ZJK1BCZBQCIIw+1NLTRzrrfnJQuEcJ41LZhfCw2xdwVM4qtc7I3SXQA
> Xs/UYFlvif4dMWyG5PtuQ/PrzM4OJ5KVXzjYRqa8ixLvDtqYsqwzlzGezz1HnKvE
> vNTbT9qajK8AIxwnhhQ4ErMDVTbtjYrvWNfseu8WwRTIZfy3YLJS1vbwHNmdukql
> AbsXmYGDEjgEgOuzS0I0qH3m/CoH1g6QEOxAFqXBU9HuZ91I+s7gprJwi5/dziMv
> rl9WRkcDnTltijijvpXnTIGylWpS9To4pQhEuxa5GsNyvUgmQtU5v11hZWF+V3a4
> G3ZMDksr34VzflfHsIjfx6to3NUWVP1xo6Q+LjNKfie2ceM1fESUMTgwEwYJKoZI
> hvcNAQkVMQYEBAEwIQYJKoZIhvcNAQkUMRQeEgBDAEEAVABlAHMAdAAxAF8A
> MTCCAmMGCyqGSIb3DQEMCgEDoIICGDCCAhQGCiqGSIb3DQEJFgGgggIEBIICADCC
> AfwwggFlAhB5U/4UwzOflq9K1i22Xqv3MA0GCSqGSIb3DQEBBQUAMD0xCzAJBgNV
> BAYTAkpQMRIwEAYDVQQKEwlGdWppeGVyb3gxDDAKBgNVBAsTA0NTVzEMMAoGA1UE
> AxMDV3UxMB4XDTAzMDYxOTA2MDAxMVoXDTA2MDQyNjExMDAxMVowQTELMAkGA1UE
> BhMCSlAxCzAJBgNVBAoTAmZ4MQwwCgYDVQQLEwNjc3cxFzAVBgNVBAMTDnNvbiBv
> ZiBDQVRlc3QxMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDegClxP28gBnrJ
> s5RVqY5TMM5AIoHHDmQeIvj55DtMmIuRHnk6kBPmZJtqNetPwRfRwMIBtu9/T1Vy
> psOO4QuAZz1C5wvRbC4Ylh4/nAnR1xY4fIN5lTflam1ohVUFZmx9jRNxp89VznSp
> 56wcsiJMzNrB6Nev3j4bfKlz7iULCQIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAF2l
> QSp+wQ7n98p7VeBh9wVnv/TTzb9ebgDEZSb9I6FZpeQ3242/cTsoe2y2NtmhjmmY
> OURbW66jhV/pKZliEFM53Fc7xoPstN0SKFQyOHUsO0lQbZu+o8wk6oWptg/KPEZR
> 1Xx6zu3E2Qwx+6vqOFGrfDdiQe7pDp4a4j6oYP1GMTgwEwYJKoZIhvcNAQkVMQYE
> BAEwIQYJKoZIhvcNAQkUMRQeEgBDAEEAVABlAHMAdAAxAF8AMTA9MCEwCQYF
> Kw4DAhoFAAQUy0Edy1Bxr38oc0jumiqofA19OeYEFIjlSSn4K2WLg6m2D9YYQgx6
> +bjkAgIEAA==
>   -END CERTIFICATE AND KEY-
> 
> 
> wjw
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: retrive the private key from RSA KEON CA certificate

2003-06-23 Thread Kiyoshi Watanabe 

> Why don't you convert or issue the PKCS#11 in DER format. I believe
PKCS#12, not PKCS#11 sorry for my typo. 

-Kiyoshi
Kiyoshi Watanabe
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: retrive the private key from RSA KEON CA certificate

2003-06-23 Thread Wu Junwei 



Hi,
 
I do not know whether the head is the standard PEM 
.It is issued by KEON, so maybe there will be some problems.
 
As to the FORMAT_PKCS12,  yes,  you are right.
I have tried some pfx files exported form IE, I could 
retrive the private key by using load_key() in app.c with the format 
FORMAT_PKCS12.
 
 
But the problem is I can not choose the format such 
as PEM or DER in RSA Keon when exporting the CA certificate in PKCS#12 
format.
 
 
 
I will do more test .
 
Thanks a lot,
 
wjw
 
 
 
 

  - Original Message - 
  From: 
  Kiyoshi Watanabe 
  To: [EMAIL PROTECTED] ; [EMAIL PROTECTED] 
  Cc: [EMAIL PROTECTED] 
  Sent: Monday, June 23, 2003 6:56 
  PM
  Subject: Re: retrive the private key 
  from RSA KEON CA certificate
  Hello,>    
  -BEGIN CERTIFICATE AND KEY-Is this the standard PEM encorded 
  pkcs12 format? As long as I see the header checking definitions for 
  PEM formats inpem.h, no such a header is defined.Why don't you 
  convert or issue the PKCS#11 in DER format. I believethe openssl will read 
  the starndard PKCS12 binary file without havingany problem and you can use 
  FORMAT_PKCS12.-KiyoshiKiyoshi 
  Watanabe  > I have a CA certificate exported 
  from RSA KEON, which is PEM encoded pkcs#12> certificate (listed 
  below.)> It seems encoded by base64 , I have tried different methods to 
  try to get> the private key inside the certificate by the functions in 
  the openssl.  (> such as using FORMAT_PKCS12 and FORMAT_PEM in 
  apps.c/load_key().)> But it always failed.> It is exported by me 
  so I know password used for the private key protection.> > 
  Question:> 1,So, is it possible to retrive the private key inside the 
  pkcs#12> certificate as follows exported from KEON?> 2,If it is 
  possible , how can I retrieve the private key in it by the> functions 
  in OpenSSL?> > Thanks in advance.> > 
  / the certificate exported from KEON> 
  */> The following passphrase protected PKCS 
  #12 object, displayed in PEM encoded> format, contains the certificate 
  and private key for CATest1_1. It also> contains the friendly name 
  "CATest1_1".> 
  >    
  -BEGIN CERTIFICATE AND KEY-> 
  MIIF0wIBAzCCBY0GCSqGSIb3DQEHAaCCBX4EggV6MIIFdjCCBXIGCSqGSIb3DQEH> 
  AaCCBWMEggVfMIIFWzCCAvAGCyqGSIb3DQEMCgECoIICpTCCAqEwGwYKKoZIhvcN> 
  AQwBAzANBAhGyCbImOLSZwIBAQSCAoDPZJurj3+1kM7e4/cPp1kYM1qcsLPAQsIQ> 
  5eycmvECjgi7ZILdv28dvm3RNjTlmrH/Zr29i2gHANSgxRW8VQ5KFq/BZIEOG+KN> 
  EsyVC/Xwpp1joEvxODb2UIymruFxqTAJYJIbXtnH4SHUzp2WXupmt8Cme8axoTwW> 
  1Dms4u/G/VyP9qlCVQOFfBpEdBzy+U9DC2QTnaN4XA6Sx8BxMS8TGTP+3LTPDK4b> 
  k3ROX80znDIqd3povWsPk1MGCi1s6l6c817Nm2k8eu9S7agGsKmtYw/VzdbRIGYM> 
  oP6l8H6IL9dvWBeMW8WgZj9rWFDg89CZW9qX3LuJ6IDqSJ8MU9xvs1ZdJHbjtABh> 
  nzoZoSoPuMEYHf6L2JctLIEHNUJNYefh+Ck+INsNlofWW7OnavgT9Omrb4TiW1IA> 
  mGe4F6gK6benv1bDTltTDPabraLE3jJY4VE4CtlsZeFLwZ6Y5q2JnSbSJCxZtMBP> 
  zp6OOIkS8ZJK1BCZBQCIIw+1NLTRzrrfnJQuEcJ41LZhfCw2xdwVM4qtc7I3SXQA> 
  Xs/UYFlvif4dMWyG5PtuQ/PrzM4OJ5KVXzjYRqa8ixLvDtqYsqwzlzGezz1HnKvE> 
  vNTbT9qajK8AIxwnhhQ4ErMDVTbtjYrvWNfseu8WwRTIZfy3YLJS1vbwHNmdukql> 
  AbsXmYGDEjgEgOuzS0I0qH3m/CoH1g6QEOxAFqXBU9HuZ91I+s7gprJwi5/dziMv> 
  rl9WRkcDnTltijijvpXnTIGylWpS9To4pQhEuxa5GsNyvUgmQtU5v11hZWF+V3a4> 
  G3ZMDksr34VzflfHsIjfx6to3NUWVP1xo6Q+LjNKfie2ceM1fESUMTgwEwYJKoZI> 
  hvcNAQkVMQYEBAEwIQYJKoZIhvcNAQkUMRQeEgBDAEEAVABlAHMAdAAxAF8A> 
  MTCCAmMGCyqGSIb3DQEMCgEDoIICGDCCAhQGCiqGSIb3DQEJFgGgggIEBIICADCC> 
  AfwwggFlAhB5U/4UwzOflq9K1i22Xqv3MA0GCSqGSIb3DQEBBQUAMD0xCzAJBgNV> 
  BAYTAkpQMRIwEAYDVQQKEwlGdWppeGVyb3gxDDAKBgNVBAsTA0NTVzEMMAoGA1UE> 
  AxMDV3UxMB4XDTAzMDYxOTA2MDAxMVoXDTA2MDQyNjExMDAxMVowQTELMAkGA1UE> 
  BhMCSlAxCzAJBgNVBAoTAmZ4MQwwCgYDVQQLEwNjc3cxFzAVBgNVBAMTDnNvbiBv> 
  ZiBDQVRlc3QxMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDegClxP28gBnrJ> 
  s5RVqY5TMM5AIoHHDmQeIvj55DtMmIuRHnk6kBPmZJtqNetPwRfRwMIBtu9/T1Vy> 
  psOO4QuAZz1C5wvRbC4Ylh4/nAnR1xY4fIN5lTflam1ohVUFZmx9jRNxp89VznSp> 
  56wcsiJMzNrB6Nev3j4bfKlz7iULCQIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAF2l> 
  QSp+wQ7n98p7VeBh9wVnv/TTzb9ebgDEZSb9I6FZpeQ3242/cTsoe2y2NtmhjmmY> 
  OURbW66jhV/pKZliEFM53Fc7xoPstN0SKFQyOHUsO0lQbZu+o8wk6oWptg/KPEZR> 
  1Xx6zu3E2Qwx+6vqOFGrfDdiQe7pDp4a4j6oYP1GMTgwEwYJKoZIhvcNAQkVMQYE> 
  BAEwIQYJKoZIhvcNAQkUMRQeEgBDAEEAVABlAHMAdAAxAF8AMTA9MCEwCQYF> 
  Kw4DAhoFAAQUy0Edy1Bxr38oc0jumiqofA19OeYEFIjlSSn4K2WLg6m2D9YYQgx6> 
  +bjkAgIEAA==>   -END CERTIFICATE 
  AND KEY-> > > 
  wjw__OpenSSL 
  Project 
  http://www.openssl.orgUser Support 
  Mailing 
  List    
  [EMAIL PROTECTED]Automated 
  List 
  Manager   
  [EMAIL PROTECTED]