Hi support,
Some other program has stored a certificate and private key in a PKCS#15 format. I want to import the certificate into my own program, but I don't seem to be able to read this PKCS#15 file (I get an error complaining the ASN.1 block is too long).
As I have the certificate, I'm only interested in the private key in a format I can use with Rebex. I know the password (although there is a chance the other communication program does add a salt or something like that, I could ask the writer, but it is probably not the case).
UPDATE 15 April 2014
I have some updated info:
The library is using cryptlib to create the PKCS#15 (keyset) file. Using a Delphi wrapper I could read a private key object into a CRYPT_CONTEXT (as I know the identifier and password). Now I try to save the private key in some other format (like in a PGP keyring), but as on multiple places this seems to be possible, i cannot find code to do so :(
I will keep searching...
UPDATE 23 April 2014
Pff, took quite some time to test things. In Cryptlib an export to pkcs#12 is embedded, but I cannot get it to work. Then I started thinking if I could extract en reform the ASN1 structures to some other format, like pkcs#8 (as I only need to extract the private key). The PKCS#15 structure-as-a-file is not that hard to read.
But, before I do all the hard work: the key is in this structure, with PBKDF2 key protection, the private key data is at the end (664 length).
Is this anything that could be read if I transform/rearrange this to a useful format? Or is the key protection a problem? I know the decryption key (in ascii/utf format).
0:d=0 hl=4 l= 823 cons: SEQUENCE
4:d=1 hl=4 l= 815 cons: cont [ 2 ]
8:d=2 hl=2 l= 1 prim: INTEGER :02
11:d=2 hl=2 l= 105 cons: SET
13:d=3 hl=2 l= 103 cons: cont [ 3 ]
15:d=4 hl=2 l= 1 prim: INTEGER :00
18:d=4 hl=2 l= 27 cons: cont [ 0 ]
20:d=5 hl=2 l= 9 prim: OBJECT :PBKDF2
31:d=5 hl=2 l= 14 cons: SEQUENCE
33:d=6 hl=2 l= 8 prim: OCTET STRING [HEX DUMP]:91923125EC5C328F
43:d=6 hl=2 l= 2 prim: INTEGER :07D0
47:d=4 hl=2 l= 35 cons: SEQUENCE
49:d=5 hl=2 l= 11 prim: OBJECT :1.2.840.113549.1.9.16.3.9
62:d=5 hl=2 l= 20 cons: SEQUENCE
64:d=6 hl=2 l= 8 prim: OBJECT :des-ede3-cbc
74:d=6 hl=2 l= 8 prim: OCTET STRING [HEX DUMP]:9F040621A5AF002B
84:d=4 hl=2 l= 32 prim: OCTET STRING [HEX DUMP]:52237B22E48C5D579DBA6FD457DFC47C7C9F244306F3856CE98826C5657E9B60
118:d=2 hl=4 l= 701 cons: SEQUENCE
122:d=3 hl=2 l= 9 prim: OBJECT :pkcs7-data
133:d=3 hl=2 l= 20 cons: SEQUENCE
135:d=4 hl=2 l= 8 prim: OBJECT :des-ede3-cbc
145:d=4 hl=2 l= 8 prim: OCTET STRING [HEX DUMP]:4620AEA54621405F
155:d=3 hl=4 l= 664 prim: cont [ 0 ]
823:d=1 hl=2 l= 2 prim: INTEGER :0100
Hope somebody can give some pointers...
UPDATE ...
Hmm, this is just a cms-enveloped data structure with PasswordRecipientInfo recipient. Got the structs... Got the keys... Now how to decode...
commented
by
Lukas Pokorny
(147k points)