Hi.
I'm developing a component where i need to import/export Certificates
and RSA keys from Firefox's internal database, and I need them in a
format which could be treated with OpenSSL. I've currently managed to
extract the certificate in DER format and I'm also extracting the
ciphered key, using this code:
privkey = PK11_FindKeyByDERCert(slot, cert, (void *)
"TESTDBPassword");
//Password to encrypt the key (don't wory, only testing)
exportpw.type = siAsciiString;
exportpw.len = 20;
exportpw.data = (unsigned char *) malloc(exportpw.len*sizeof(char));
strcpy( (char *) exportpw.data, "testpassword");
//SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC4
encprivkey = PK11_ExportEncryptedPrivKeyInfo(slot,
SEC_OID_PKCS5_PBE_WITH_MD5_AND_DES_CBC,
&exportpw,
privkey,
1,
(void *) " TESTDBPassword"
);
I've also tried other algorithms , but only *PKCS5_PBE* and
*PKCS12_V2_PBE* group gives a non-null return to encprivkey (not even
*PKCS12_V1_PBE* work).
Anyway, I've tried dumping it to a file, this way:
testfile = fopen("/home/paco/Desktop/PRIVKEY.p5","w");
fwrite(encprivkey->encryptedData.data, sizeof(char),encprivkey-
>encryptedData.len , testfile);
fclose(testfile);
And after that, I tried managing it with openssl command line tools,
but it doesn't seem to have a proper structure.
¿What are the contents of the string encprivkey->encryptedData.data?
Is it a proper pkcs5 or pkcs8 or pkcs12 (when using the proper
algorithm, of course), or is it only the raw encrypted string?
If so, how can i obtain the salt used by the algorithm to derivate the
key used to generate that encrypted string?
How could I build with NSS a pkcs8 object which was treatable by
openssl?
Sorry for bothering you and thanks in advance for your help.
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
