Generating a PKCS#12 file

Discussion:

Bob Barnes

2009-02-11 19:26:35 UTC

Hi, first post and I will confess right up front that I'm far from an expert
on SSL/cryptography.

I'm trying to use OpenSSL to create a PKCS12 Version 3 file for import into
IBM's Digital Certificate Manager. I used our own proprietary code (which
uses a third party library for encryption) to generate a CSR, submitted it
to a CA and received back the certificate, which I stored in a file called
sslinf.pem. I can verify the contents of the certificate by using the
openssl x509 command as follows:

openssl x509 -inform PEM -in sslinf.pem -text

This is where the mist begins to descend;-) The sslinf.pem file is I
believe, PEM Base64 encoded since the contents are wrapped in -----BEGIN
CERTIFICATE-----/-----END CERTIFICATE-----, although it isn't clear to me
whether the base64 encoded data is BER, DER or something else. The key file,
sslinf.key appears to be PKCS#8, since the syntax is -----BEGIN ENCRYPTED
PRIVATE KEY-----/-----END ENCRYPTED PRIVATE KEY----- and has been encrypted
with a password.

My understanding is that at this point I should be able to use the openssl
pkcs12 command to create a PKCS#12 file suitable for import into IBM's DCM
by doing the following:

openssl pkcs12 -export -out sslinf.p12 -in sslinf.pem -inkey sslinf.key
-name "My certificate"

What I get is:

Loading 'screen' into random state - done
Enter pass phrase for sslinf.key:

I enter the password and get:

unable to load private key

At that point I was thinking that perhaps the sslinf.key file was not really
PKCS#8 so I tried:

openssl pkcs8 -inform PEM -outform PEM -in sslinf.key -out pkcs8.key
Enter Password:

The result is the following:

Error decrypting key
3144:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad
decrypt:.\crypto\evp\evp_enc.c
:330:
3144:error:23077074:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 cipherfinal
error:.\crypto\pkcs12\p12_de
cr.c:97:
3144:error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe crypt
error:.\crypto\pkcs12\p
12_decr.c:123:

So now I'm thinking maybe it's not PKCS#8 so I tried:
openssl pkcs8 -in sslinf.key -topk8 -out pkcs8.key
Enter pass phrase for sslinf.key:

and get:

unable to load key

BTW, this is OpenSSL 0.9.8j 07 Jan 2009 running on Windows XP. Can someone
enlighten me? I can honestly say that in over 30 years of writing code I've
never come across anything that's closer to black magic than this stuff.

Bob

Kyle Hamilton

2009-02-11 23:09:22 UTC

Permalink

The problem appears to be how your private key is stored, more than
anything. What are the two lines following "BEGIN ENCRYPTED PRIVATE
KEY" in your sslinf.key file?

(This is one reason that standards exist, so that different things can
(ostensibly) use the file formats. However, not everything adheres to
the standards the way it's supposed to.)

Without knowing more details on how your proprietary code
generated/encrypted the key (or even what third-party library you
used), it's pretty much impossible to figure out what's going wrong.

-Kyle H

On Wed, Feb 11, 2009 at 11:26 AM, Bob Barnes

Post by Bob Barnes
Hi, first post and I will confess right up front that I'm far from an expert
on SSL/cryptography.
I'm trying to use OpenSSL to create a PKCS12 Version 3 file for import into
IBM's Digital Certificate Manager. I used our own proprietary code (which
uses a third party library for encryption) to generate a CSR, submitted it
to a CA and received back the certificate, which I stored in a file called
sslinf.pem. I can verify the contents of the certificate by using the
openssl x509 -inform PEM -in sslinf.pem -text
This is where the mist begins to descend;-) The sslinf.pem file is I
believe, PEM Base64 encoded since the contents are wrapped in -----BEGIN
CERTIFICATE-----/-----END CERTIFICATE-----, although it isn't clear to me
whether the base64 encoded data is BER, DER or something else. The key file,
sslinf.key appears to be PKCS#8, since the syntax is -----BEGIN ENCRYPTED
PRIVATE KEY-----/-----END ENCRYPTED PRIVATE KEY----- and has been encrypted
with a password.
My understanding is that at this point I should be able to use the openssl
pkcs12 command to create a PKCS#12 file suitable for import into IBM's DCM
openssl pkcs12 -export -out sslinf.p12 -in sslinf.pem -inkey sslinf.key
-name "My certificate"
Loading 'screen' into random state - done
unable to load private key
At that point I was thinking that perhaps the sslinf.key file was not really
openssl pkcs8 -inform PEM -outform PEM -in sslinf.key -out pkcs8.key
Error decrypting key
3144:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad
decrypt:.\crypto\evp\evp_enc.c
3144:error:23077074:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 cipherfinal
error:.\crypto\pkcs12\p12_de
3144:error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe crypt
error:.\crypto\pkcs12\p
openssl pkcs8 -in sslinf.key -topk8 -out pkcs8.key
unable to load key
BTW, this is OpenSSL 0.9.8j 07 Jan 2009 running on Windows XP. Can someone
enlighten me? I can honestly say that in over 30 years of writing code I've
never come across anything that's closer to black magic than this stuff.
Bob

Bob Barnes

2009-02-11 23:50:00 UTC

Permalink

Kyle,

Thanks for the response. Just to clarify a bit, our proprietary code is
simply a wrapper around the third party libraries, which are SSLPlus/BSAFE.
As far as I know they should be generating/storing the private key in a
standards compliant way.

The first 2 lines of the private key are:

MIICmDAaBgkqhkiG9w0BBQMwDQQIgeyJNiNcE90CAQUEggJ4arTMz0VmFuBiCw3P
5LHhLjmOKpdTdby6Dy9BP34zrwL/7yKR+lt3cor+SzhH4vGedhD4SQafw4iM7+1j

Can you confirm that my basic understanding as described in my first email
is essentially correct or am I out in left field someplace?

Bob

-----Original Message-----
From: owner-openssl-users-MCmKBN63+***@public.gmane.org
[mailto:owner-openssl-users-MCmKBN63+***@public.gmane.org] On Behalf Of Kyle Hamilton
Sent: Wednesday, February 11, 2009 3:09 PM
To: openssl-users-MCmKBN63+***@public.gmane.org
Subject: Re: Generating a PKCS#12 file

The problem appears to be how your private key is stored, more than
anything. What are the two lines following "BEGIN ENCRYPTED PRIVATE KEY" in
your sslinf.key file?

(This is one reason that standards exist, so that different things can
(ostensibly) use the file formats. However, not everything adheres to the
standards the way it's supposed to.)

Without knowing more details on how your proprietary code
generated/encrypted the key (or even what third-party library you used),
it's pretty much impossible to figure out what's going wrong.

-Kyle H

Post by Bob Barnes
Hi, first post and I will confess right up front that I'm far from an
expert on SSL/cryptography.
I'm trying to use OpenSSL to create a PKCS12 Version 3 file for import
into IBM's Digital Certificate Manager. I used our own proprietary
code (which uses a third party library for encryption) to generate a
CSR, submitted it to a CA and received back the certificate, which I
stored in a file called sslinf.pem. I can verify the contents of the
openssl x509 -inform PEM -in sslinf.pem -text
This is where the mist begins to descend;-) The sslinf.pem file is I
believe, PEM Base64 encoded since the contents are wrapped in
-----BEGIN CERTIFICATE-----/-----END CERTIFICATE-----, although it
isn't clear to me whether the base64 encoded data is BER, DER or
something else. The key file, sslinf.key appears to be PKCS#8, since
the syntax is -----BEGIN ENCRYPTED PRIVATE KEY-----/-----END ENCRYPTED
PRIVATE KEY----- and has been encrypted with a password.
My understanding is that at this point I should be able to use the openssl
pkcs12 command to create a PKCS#12 file suitable for import into IBM's
openssl pkcs12 -export -out sslinf.p12 -in sslinf.pem -inkey
sslinf.key -name "My certificate"
Loading 'screen' into random state - done Enter pass phrase for
unable to load private key
At that point I was thinking that perhaps the sslinf.key file was not really
openssl pkcs8 -inform PEM -outform PEM -in sslinf.key -out pkcs8.key
Error decrypting key
3144:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad
decrypt:.\crypto\evp\evp_enc.c
3144:error:23077074:PKCS12 routines:PKCS12_pbe_crypt:pkcs12
cipherfinal error:.\crypto\pkcs12\p12_de
3144:error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe
crypt error:.\crypto\pkcs12\p
openssl pkcs8 -in sslinf.key -topk8 -out pkcs8.key Enter pass phrase
unable to load key
BTW, this is OpenSSL 0.9.8j 07 Jan 2009 running on Windows XP. Can
someone enlighten me? I can honestly say that in over 30 years of
writing code I've never come across anything that's closer to black magic

than this stuff.

Post by Bob Barnes
Bob

______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users-MCmKBN63+***@public.gmane.org
Automated List Manager majordomo-MCmKBN63+***@public.gmane.org

______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users-MCmKBN63+***@public.gmane.org
Automated List Manager majordomo-MCmKBN63+***@public.gmane.org

Kyle Hamilton

2009-02-12 00:21:36 UTC

Permalink

Could you generate a new private key with that proprietary code, and
post it or email it to me offlist? (this new key would obviously need
to be treated as compromised-destroyed in the NIST framework.)

BEGIN ENCRYPTED PRIVATE KEY looks like PKCS8. There's a couple of
bugs in other implementations which have been identified and worked
around by the OpenSSL crew, including the ones worked around by
-nooct, -embed, and -nsdb. (Is it an RSA key? A DSA key?)

Basically, your idea is correct: you must convert the private key from
pkcs#8 to openssl's format, then use the openssl format to pkcs12
-export.

The problem is figuring out which algorithm has been used to encrypt
the pkcs8 structure, and which version of the structure it's using.

-Kyle H

Post by Bob Barnes
Kyle,
Thanks for the response. Just to clarify a bit, our proprietary code is
simply a wrapper around the third party libraries, which are SSLPlus/BSAFE.
As far as I know they should be generating/storing the private key in a
standards compliant way.
MIICmDAaBgkqhkiG9w0BBQMwDQQIgeyJNiNcE90CAQUEggJ4arTMz0VmFuBiCw3P
5LHhLjmOKpdTdby6Dy9BP34zrwL/7yKR+lt3cor+SzhH4vGedhD4SQafw4iM7+1j
Can you confirm that my basic understanding as described in my first email
is essentially correct or am I out in left field someplace?
Bob
-----Original Message-----
Sent: Wednesday, February 11, 2009 3:09 PM
Subject: Re: Generating a PKCS#12 file
The problem appears to be how your private key is stored, more than
anything. What are the two lines following "BEGIN ENCRYPTED PRIVATE KEY" in
your sslinf.key file?
(This is one reason that standards exist, so that different things can
(ostensibly) use the file formats. However, not everything adheres to the
standards the way it's supposed to.)
Without knowing more details on how your proprietary code
generated/encrypted the key (or even what third-party library you used),
it's pretty much impossible to figure out what's going wrong.
-Kyle H

Post by Bob Barnes
Hi, first post and I will confess right up front that I'm far from an
expert on SSL/cryptography.
I'm trying to use OpenSSL to create a PKCS12 Version 3 file for import
into IBM's Digital Certificate Manager. I used our own proprietary
code (which uses a third party library for encryption) to generate a
CSR, submitted it to a CA and received back the certificate, which I
stored in a file called sslinf.pem. I can verify the contents of the
openssl x509 -inform PEM -in sslinf.pem -text
This is where the mist begins to descend;-) The sslinf.pem file is I
believe, PEM Base64 encoded since the contents are wrapped in
-----BEGIN CERTIFICATE-----/-----END CERTIFICATE-----, although it
isn't clear to me whether the base64 encoded data is BER, DER or
something else. The key file, sslinf.key appears to be PKCS#8, since
the syntax is -----BEGIN ENCRYPTED PRIVATE KEY-----/-----END ENCRYPTED
PRIVATE KEY----- and has been encrypted with a password.
My understanding is that at this point I should be able to use the openssl
pkcs12 command to create a PKCS#12 file suitable for import into IBM's
openssl pkcs12 -export -out sslinf.p12 -in sslinf.pem -inkey
sslinf.key -name "My certificate"
Loading 'screen' into random state - done Enter pass phrase for
unable to load private key
At that point I was thinking that perhaps the sslinf.key file was not really
openssl pkcs8 -inform PEM -outform PEM -in sslinf.key -out pkcs8.key
Error decrypting key
3144:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad
decrypt:.\crypto\evp\evp_enc.c
3144:error:23077074:PKCS12 routines:PKCS12_pbe_crypt:pkcs12
cipherfinal error:.\crypto\pkcs12\p12_de
3144:error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe
crypt error:.\crypto\pkcs12\p
openssl pkcs8 -in sslinf.key -topk8 -out pkcs8.key Enter pass phrase
unable to load key
BTW, this is OpenSSL 0.9.8j 07 Jan 2009 running on Windows XP. Can
someone enlighten me? I can honestly say that in over 30 years of
writing code I've never come across anything that's closer to black magic

than this stuff.

Post by Bob Barnes
Bob

______________________________________________________________________
OpenSSL Project http://www.openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org

Dr. Stephen Henson

2009-02-11 23:54:38 UTC

Permalink

Analysis of that data suggests it *should* be a valid PKCS#8 format key. The
algorithm used is pbeWithMD5AndDES-CBC which is ancient and low security. That
error message is usually caused by passing the wrong password. It is possible
it might be due to a bad fromat key being produced by the other library.

Without seeing a sample key (including password) it isn't possible to tell.

If there is some way to use a different algorithm for encrypting the key (or
not encryptiing it at all) I'd suggest you try that.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users-MCmKBN63+***@public.gmane.org
Automated List Manager majordomo-MCmKBN63+***@public.gmane.org

Bob Barnes

2009-02-12 17:40:12 UTC

Permalink

Steve/Kyle,

Thanks again for your help. I've created a new private key:

-----BEGIN ENCRYPTED PRIVATE KEY-----
MIICoDAaBgkqhkiG9w0BBQMwDQQIOvzJDTjEproCAQUEggKA9QSxNpqmrPiz7Tyd
nXHRI7urfaCn0tEZp9v8fOpNTP18EaybbDM0zMvJ/g8uNP6wKgLlj159BdFmtmV6
rTDjqM+Xo7G3uwlOn2HWK6kkfwS9ZzVo+f3vYJ6VOCfSpOC8N82CWRLbXRhz3SfY
v/eoPnEWlRt3GDUB3+qUaLUHwO+Vb+/eXaUa4oE7YNDz3ntAGqR4guvBPq3/IZ13
UZM4OC8elZlhSOzSyCo59DC2qJkQu4qqBOTZKNk0MZLiilk3QzSZjnzCSh+Q5AyK
r2SDnaUyfuERPSLs109DSXDgC5v7gaKe1IWTaaCwCSjYxbzoxIE+ksXlJIgKg0tD
M6U4oDb0PwrkYF+v0L2Ymxef0varqhhzE0in++wmmUB2W6hh5sKzmtp3piDoQbRG
TMG9u9zfB+7Gu+JKwgCfoG4Fx1XphdzU6u2I1DbeFbTTrfQbx7YL9haOv2xMWHOs
TUj9ULdsKXiJeQiv4MKt742+pca127gVP7L2m0D5q8cpsNBij4gOgSnfBY8YIVAb
FT7hzxyLg2pbg/tXspqY0I1m3NZtCvqMPl6K4cb3rh57ICaZMbv+G35/9WYNcogU
4SmMhco+entpeXgoxiPuQQAaNn9urTGVuc+ySAiL4ni6JT7hqyyorJsH2mzuv1rz
LvpnUkNBT1wC5zybYclQfuJ4SnvV/jelFv+620kTsVRlcs5+bw+EpnLdOGorFyAX
XjftAPic4O1qUNaq5jVKCC9ycIC4tYzAGAkg1pRxruYp6iPw+SKDSdYqY0h8pFWn
AEnnrShwE+762P43gB0XbPzIhY3byYqKyRjxMHCFtil4sBcaEhMEoQShxO2beWyu
W/kcJQ==
-----END ENCRYPTED PRIVATE KEY-----

The password is "Strawberries". I also confirmed Steve's analysis that the
algorithm is MD5. I'll look into trying to create a key sans encryption.

Bob

-----Original Message-----
From: owner-openssl-users-MCmKBN63+***@public.gmane.org
[mailto:owner-openssl-users-MCmKBN63+***@public.gmane.org] On Behalf Of Dr. Stephen Henson
Sent: Wednesday, February 11, 2009 3:55 PM
To: openssl-users-MCmKBN63+***@public.gmane.org
Subject: Re: Generating a PKCS#12 file

Post by Bob Barnes
Kyle,
Thanks for the response. Just to clarify a bit, our proprietary code
is simply a wrapper around the third party libraries, which are

SSLPlus/BSAFE.

Post by Bob Barnes
As far as I know they should be generating/storing the private key in
a standards compliant way.
MIICmDAaBgkqhkiG9w0BBQMwDQQIgeyJNiNcE90CAQUEggJ4arTMz0VmFuBiCw3P
5LHhLjmOKpdTdby6Dy9BP34zrwL/7yKR+lt3cor+SzhH4vGedhD4SQafw4iM7+1j
Can you confirm that my basic understanding as described in my first
email is essentially correct or am I out in left field someplace?

Analysis of that data suggests it *should* be a valid PKCS#8 format key. The
algorithm used is pbeWithMD5AndDES-CBC which is ancient and low security.
That error message is usually caused by passing the wrong password. It is
possible it might be due to a bad fromat key being produced by the other
library.

Without seeing a sample key (including password) it isn't possible to tell.

If there is some way to use a different algorithm for encrypting the key (or
not encryptiing it at all) I'd suggest you try that.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL
project core developer and freelance consultant.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users-MCmKBN63+***@public.gmane.org
Automated List Manager majordomo-MCmKBN63+***@public.gmane.org

______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users-MCmKBN63+***@public.gmane.org
Automated List Manager majordomo-MCmKBN63+***@public.gmane.org