Re: CRMF encoding issues with window.crypto.generatedCRMFRequest()

Wed, 22 Jul 2009 06:10:29 -0700 

> >> That does seem strange.  We have a [2] explicitly encoding a [0] which
> >> is an implicit bit string with no unused bits, apparently encapsulating
> >> another bit string of length zero.  :-/
> > I have now modified our decoder to correctly recognize POPOPrivKey
> > encoded as thisMessage, i.e. [0]. That BitString contains "03 00". Is
> > it expected to be that way ?
>
> I think it is not expected to be that way.  As I wrote before:
>
> >> I'd guess that the attempt to wrap the private key with the CA's public
> >> key failed, resulting in a zero length value being encoded.
>
> Is there any way I can reproduce what you're seeing?
> I would probably require me to be able to access your CA server,
> and perhaps also to trust your root cert for the test.

There is no CA server involved at this point. All I am doing is
supplying a Base-64 encoded certificate to encrypt the private key
with. Here is the value:

MIIDEDCCAfigAwIBAgIBATANBgkqhkiG9w0BAQUFADAoMQswCQYDVQQGEwJVUzEMMAoGA1UEChMD
NTMxMQswCQYDVQQDEwJjYTAeFw0wNzExMTMxNTAxMjJaFw0xMDExMTMxNTAxMjJaMCgxCzAJBgNV
BAYTAlVTMQwwCgYDVQQKEwM1MzExCzAJBgNVBAMTAmNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAsRCC0uVqV7PWAAlVg0aBKIKExrn
+hSyq531H144D6TkIN5EHJ5sfgeF3o6VMqUsX
usfQNofIPpz6bUhSFCEIdbd5zeOdn5AqEVstY18uzE6vxWidmxe6qkMrPi51HW7oTPOreC5auTGC
Jfnjk8hBnXtIx8Dt2vRgHH1laKYyeRLczN7tkcVc29D7FSxPW
+vrU6IhDnKbfKoh5uzTJ7TrDY0Q
y6+5qfohd5k1gy4CQ7W/MRq6tsOks/x4+4iEJEhN/
RtsziW4qfhv81GOMyed8njgIXBGHmLGVTDI
umWCfpMerHA
+UIz5a6SSeRV79lID7mYQMhrXDDNzJQ6zk1BtmQIDAQABo0UwQzASBgNVHRMBAf8E
CDAGAQH/AgEDMA4GA1UdDwEB/wQEAwIBxjAdBgNVHQ4EFgQUUsoh2TFbcOWauSNO6GFBSE/
9MEcw
DQYJKoZIhvcNAQEFBQADggEBAKH4M6J+EueLrQYUdtdXn29XSi
+tEB0e7eT5zeKuWEuuxKnD8Itb
cLpRD8x7+2Z3FTVbk76wdkqp9IjcJUGDicNWdRLBG49hd0wtZoU6t1+UKUhIFcOEyh9C1p4WkW81
qZUD5QtceYlC2vxhJDWKBgRNbfKOfBGI69ZMgKtDVEYpY0/VDZClQUPlk8mCTssdFxI/
IJPxj4xr
QotX8g6Q7h/WhzEOGaVPU6s16KYH+L4Ko6CQXVo6G0QSi2q8DU7F6uwsO
+WpvwEuqxUNAzgGioMA
ChZX2ZWQDHHmRNOn74mMu9OB2d/qUPT7VBVtvns5gh9tQB2Ecw2/TharyCMIs5k=

Then I pass it to generateCRMFRequest() like so:

        var crmfObject = window.crypto.generateCRMFRequest ('CN=Test
CRMF', null, null,
                
'MIIDEDCCAfigAwIBAgIBATANBgkqhkiG9w0BAQUFADAoMQswCQYDVQQGEwJVUzEMMAoGA1UEChMD'+
'NTMxMQswCQYDVQQDEwJjYTAeFw0wNzExMTMxNTAxMjJaFw0xMDExMTMxNTAxMjJaMCgxCzAJBgNV'+
'BAYTAlVTMQwwCgYDVQQKEwM1MzExCzAJBgNVBAMTAmNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A'+
'MIIBCgKCAQEAsRCC0uVqV7PWAAlVg0aBKIKExrn
+hSyq531H144D6TkIN5EHJ5sfgeF3o6VMqUsX'+
'usfQNofIPpz6bUhSFCEIdbd5zeOdn5AqEVstY18uzE6vxWidmxe6qkMrPi51HW7oTPOreC5auTGC'+
'Jfnjk8hBnXtIx8Dt2vRgHH1laKYyeRLczN7tkcVc29D7FSxPW
+vrU6IhDnKbfKoh5uzTJ7TrDY0Q'+
'y6+5qfohd5k1gy4CQ7W/MRq6tsOks/x4+4iEJEhN/
RtsziW4qfhv81GOMyed8njgIXBGHmLGVTDI'+
'umWCfpMerHA
+UIz5a6SSeRV79lID7mYQMhrXDDNzJQ6zk1BtmQIDAQABo0UwQzASBgNVHRMBAf8E'+
'CDAGAQH/AgEDMA4GA1UdDwEB/
wQEAwIBxjAdBgNVHQ4EFgQUUsoh2TFbcOWauSNO6GFBSE/9MEcw'+
'DQYJKoZIhvcNAQEFBQADggEBAKH4M6J+EueLrQYUdtdXn29XSi
+tEB0e7eT5zeKuWEuuxKnD8Itb'+
'cLpRD8x7+2Z3FTVbk76wdkqp9IjcJUGDicNWdRLBG49hd0wtZoU6t1+UKUhIFcOEyh9C1p4WkW81'+
'qZUD5QtceYlC2vxhJDWKBgRNbfKOfBGI69ZMgKtDVEYpY0/VDZClQUPlk8mCTssdFxI/
IJPxj4xr'+
'QotX8g6Q7h/WhzEOGaVPU6s16KYH+L4Ko6CQXVo6G0QSi2q8DU7F6uwsO
+WpvwEuqxUNAzgGioMA'+
'ChZX2ZWQDHHmRNOn74mMu9OB2d/qUPT7VBVtvns5gh9tQB2Ecw2/TharyCMIs5k=',
                '',
                1024, null, 'rsa-ex');

the request is then placed on a form and sent to a servlet where I
retrieve the CRMF from the HTTP request and decode it.

Can you generate a CRMF request yourself with my cert and analyze the
POP section of the generated CRMF request ?
Or perhaps you could decode the CRMF request I get and see if you
observe the same ?

MIIEwTCCBL0wggSyAgUA/
wsb3DCBz4ABAqUWMBQxEjAQBgNVBAMTCVRlc3QgQ1JNRqaBnzANBgkq
hkiG9w0BAQEFAAOBjQAwgYkCgYEApQ1KFor5oiRRahGQX6394NiO5BPv6jashk4dnMGq9KjDPbfu
YgRZ5QqKT3lR7azuNxbXxhMPWEjswbsBfNoOfZjdnxBqH16monF18PVJzg1Fy8dpW4j/
MbEn+gSz
7SLcd4VS5TxPRrfnCB2GhVNkhbN7CE49XuKszJ7YOEIU/scCAwEAAakQMA4GA1UdDwEB/
wQEAwIF
IDCCA9UwggOzBgkrBgEFBQcFAQSgggOkMIIDoKEUBggqhkiG9w0DBwQIoMhxKyreKFyCggEBAJWE
p0AeSv3wovVziTmUlh9zMWxu9XKFqiGn9dmxSAHpLNQRmAI5wBadEOiV
+i5hjomPJ78lXspv4MsH
zBzvZTY8VZDvftC6/2ikwJvpdYflhT/R6uKTK9Zh
+MQNeZCfFHtxpyXDq9BbS7mzxmRtXpgdAK6k
9mWxG64V5I6dlfpcLDeZ4ZjeOQT3kR7oe4n4oCP3IuHQPsEvtL8EhhsQB04vbgCFBNC4Uz1+lwJO
AJeI4D9YdErtyqUo1MqBtwpQKL6DKJNrM9XsAYHmZfDNGCOb
+7Cpeo2rBr8BbQ0B5LEzuu56SibX
rvAaKerXUAj9MPE66xqurzfaAoE8ovrxk4QDggKBAHQFGYEH6sveKTqzR/v2WOfOM3tBzv/
yDCEs
CXYiE6VQIVHQFcyTNEleRT5zM6PIrUszFpG5f3xjcdLGq6DWUdlqbFbcLE0OluqVG/
6AWks3clqH
mg0V1SVIOkXqJxsbMGkzag2/Du0/yxdDL1vPb9NeDysw7qP4cL1d5Rnd
+5zmb39HXVFqZHdlRuXd
uNcb8Gf5J/qmfceKCeIbPh9quuQdUYKiagT7s1WPI38TuJXQQWNBAQMuV/
jmZ0dFKX7JZYmbrf5/
8ROdd+M05+kCfx4GyS2jEtCGvq/EbdTirx2y5BdbeN7Mmt2SY/WhO023Y0/z5micpg
+OrakJNLQc
U7N3SfiDmm1FAJ0LshkdgNEs6GVD/GCVC6/DvmFGgQgsVbjnfhUqwMz
+5y5FaRbaW76oqO0w6qeN
47Ef+YoZ7gfY/Jd3MVQaM6f9QVyUH5a5DddCgpN9f6qLhVqb86OBO8CIak+oKL
+wfRam52ZNDnB/
gGzYFamrjryh
+ejW6dR1eo5XRnKx5PstWeeR0VNbj3NzoeTiWZHQSnEPzCFOOYBoV94mEZ3rj3O7
/9NFb48L33y410Q69EfPUpKzbFwJpYu/Fq3YjMzOQnzzvR+8v54jVdy/
zNcGonYu2STLCR9SXxsf
M9XZ6iryr6G/
7GdgRxpQWc0DVceqKRTzo0KqRIeru9Q3+3f3nyt3z0yTYHRmUyg2cIN2MDjEP/tg
20Lt1NDNwJOYApQfFjlCIZzMIp6bsqDTRvsl6hb4cSutLxItvXF2wrb4oslS
+hCBZy2nWyZAKuyr
WuhOCKrop5FH0jikuEGf
+1sx14a7tIXxRAFkaog5A9BsXNDfJZoR1SQiY2UwDQYJKwYBBQUHBQEB
DAAwDQYJKwYBBQUHBQECDACiBYADAAMA

Please note that the ArchiveControl structure is generated ok and
seems to contain the generated private key (I have not tried to
actually decrypt it) so I would rule out that the generation or
encryption part fails.

Thanks,
Nikolai.
-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Reply via email to