Reading a PKCS#15 file

0 votes
asked Apr 11, 2014 by hlogmans (220 points)
edited Apr 24, 2014

Hi support,

Some other program has stored a certificate and private key in a PKCS#15 format. I want to import the certificate into my own program, but I don't seem to be able to read this PKCS#15 file (I get an error complaining the ASN.1 block is too long).

As I have the certificate, I'm only interested in the private key in a format I can use with Rebex. I know the password (although there is a chance the other communication program does add a salt or something like that, I could ask the writer, but it is probably not the case).

UPDATE 15 April 2014 I have some updated info:

The library is using cryptlib to create the PKCS#15 (keyset) file. Using a Delphi wrapper I could read a private key object into a CRYPT_CONTEXT (as I know the identifier and password). Now I try to save the private key in some other format (like in a PGP keyring), but as on multiple places this seems to be possible, i cannot find code to do so :(

I will keep searching...

UPDATE 23 April 2014 Pff, took quite some time to test things. In Cryptlib an export to pkcs#12 is embedded, but I cannot get it to work. Then I started thinking if I could extract en reform the ASN1 structures to some other format, like pkcs#8 (as I only need to extract the private key). The PKCS#15 structure-as-a-file is not that hard to read.

But, before I do all the hard work: the key is in this structure, with PBKDF2 key protection, the private key data is at the end (664 length).

Is this anything that could be read if I transform/rearrange this to a useful format? Or is the key protection a problem? I know the decryption key (in ascii/utf format).

    0:d=0  hl=4 l= 823 cons: SEQUENCE          
    4:d=1  hl=4 l= 815 cons: cont [ 2 ]        
    8:d=2  hl=2 l=   1 prim: INTEGER           :02
   11:d=2  hl=2 l= 105 cons: SET               
   13:d=3  hl=2 l= 103 cons: cont [ 3 ]        
   15:d=4  hl=2 l=   1 prim: INTEGER           :00
   18:d=4  hl=2 l=  27 cons: cont [ 0 ]        
   20:d=5  hl=2 l=   9 prim: OBJECT            :PBKDF2
   31:d=5  hl=2 l=  14 cons: SEQUENCE          
   33:d=6  hl=2 l=   8 prim: OCTET STRING      [HEX DUMP]:91923125EC5C328F
   43:d=6  hl=2 l=   2 prim: INTEGER           :07D0
   47:d=4  hl=2 l=  35 cons: SEQUENCE          
   49:d=5  hl=2 l=  11 prim: OBJECT            :1.2.840.113549.1.9.16.3.9
   62:d=5  hl=2 l=  20 cons: SEQUENCE          
   64:d=6  hl=2 l=   8 prim: OBJECT            :des-ede3-cbc
   74:d=6  hl=2 l=   8 prim: OCTET STRING      [HEX DUMP]:9F040621A5AF002B
   84:d=4  hl=2 l=  32 prim: OCTET STRING      [HEX DUMP]:52237B22E48C5D579DBA6FD457DFC47C7C9F244306F3856CE98826C5657E9B60
  118:d=2  hl=4 l= 701 cons: SEQUENCE          
  122:d=3  hl=2 l=   9 prim: OBJECT            :pkcs7-data
  133:d=3  hl=2 l=  20 cons: SEQUENCE          
  135:d=4  hl=2 l=   8 prim: OBJECT            :des-ede3-cbc
  145:d=4  hl=2 l=   8 prim: OCTET STRING      [HEX DUMP]:4620AEA54621405F
  155:d=3  hl=4 l= 664 prim: cont [ 0 ]        
  823:d=1  hl=2 l=   2 prim: INTEGER           :0100

Hope somebody can give some pointers...

UPDATE ...

Hmm, this is just a cms-enveloped data structure with PasswordRecipientInfo recipient. Got the structs... Got the keys... Now how to decode...

commented Apr 11, 2014 by Lukas Pokorny (123,810 points)
edited Apr 11, 2014

We only support PFX and PKCS #12 formats for storage of certificate and private key, and PKCS #8, SSLeay and PuTTY .ppk for stand-alone private keys. We don't support PKCS #15, unfortunately. Does the other program support any other formats?

Sadly, I was unable to find any third-party tool to perform a conversion to one of the supported formats, but stumbled upon an interesting discussion.

1 Answer

0 votes
answered Apr 24, 2014 by hlogmans (220 points)
edited Apr 24, 2014

So that was quite an enterprise, but I seem to have what I need (the important private key factors).

  • Traverse the asn-tree to the private keys section. Read the third part of the sequence (first is commonattributes, second is commonkeyattributes and third is privatekeyattributes). Extract this part, as it is an cms-enveloped data-structure.

  • Using Bouncy Castle I was able to transform above code to a cms-enveloped data structure (I needed to add wrapper ASN to let it identify it as a cms envelope. Rebex does not read the same code, probably because the PasswordRecipientInfo is not recognised.

  • Then I could decrypt the data, and got back a ASN sequence of parameters 3 thru 7 (D, Exponent and Modulus missing).

commented Apr 24, 2014 by Lukas Pokorny (123,810 points)
edited Apr 24, 2014

Thanks for sharing your findings with us! I can confirm that Rebex EvelopedData class really does not support PasswordRecipientInfo (only KeyTransRecipientInfo and KeyAgreeRecipientInfo). Back in 2006, we were unable to find any sample files for that and decided to leave it out. It seems it's seldom used in S/MIME, so it did not matter much. You are the first one who noticed.

PBKDF2 is supported in PrivateKeyInfo class, however.

In any case, it looks like you were able to achieve what you needed. If there is still anything we can do for you, please let me know!

...