Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

import PKCS#12 with SHA256 + ECDSA fail !! #237

Closed
nizooo opened this issue Apr 15, 2015 · 11 comments
Closed

import PKCS#12 with SHA256 + ECDSA fail !! #237

nizooo opened this issue Apr 15, 2015 · 11 comments

Comments

@nizooo
Copy link

nizooo commented Apr 15, 2015

I'm trying to import a PKCS12 to sign with ECDSA + SHA256 , I got an error after trying to convert the Asn1 object to p12 object.

the error is : Result file generation failed!
Actual error message: Error: Cannot read public key. OID is not RSA.

below the code used :

pwd=prompt("Insert the password for the PKCS12 keystore","");
if (pwd!=null && pwd!="") {
try {
var test = new Uint8Array(event.target.result);
var b64 = forge.util.binary.base64.encode(test);

                    // decode p12 from base64                            
                    var p12Der = forge.util.decode64(b64);
                    alert("p12Der"+p12Der);

                    // get p12 as ASN.1 object
                    var p12Asn1 = forge.asn1.fromDer(p12Der);
                    console.log(forge.asn1.prettyPrint(p12Asn1))

                    // decrypt p12 using the password 'password'
                    var p12 = forge.pkcs12.pkcs12FromAsn1(p12Asn1,false, pwd);
                alert("input p12 ----- : "+p12);

...
@dlongley
Copy link
Member

@nizooo,

Forge doesn't support ECC (ECDSA) just yet. It's on our road map (#203) to do: [#116].

@nizooo
Copy link
Author

nizooo commented Apr 15, 2015

Thanks for the rapid answer.
I'm only need to import the pkcs12 to p12 object then extract the private key and the certificat . is stil not possible with the current version of forge ?

dlongley referenced this issue Apr 15, 2015
@dlongley
Add feature to allow limited access to unrecognized keys.
f7a5536 
- If a private key is in a format unrecognized by forge, an
  object representing it in ASN.1 format will be returned. This
  allows private keys to be extracted from PKCS#12 containers
  (and potentially converted to DER/PEM) even if forge doesn't
  recognize them.
@dlongley
Copy link
Member

@nizooo,

I added a quick feature that I think will help you, but I'm short on time and haven't written some good tests for it. Essentially, if forge doesn't recognize the key format, it will return null for the key property in the key bag, and set an asn1 property with the raw ASN.1 representation of the key.

Do you mind trying it out? If you use the latest version, you should be able to decrypt your p12 without error. Then you should be able to do something like this (off the top of my head):

// get key bags
var bags = p12.getBags({bagType: forge.pki.oids.keyBag});

var keyAsn1 = bags[0].asn1;

// convert to ASN.1, then DER, then PEM-encode
var msg = {
  type: 'FIXME', // put the right header in here
  body: forge.asn1.toDer(keyAsn1).getBytes()
};
var pem = forge.pem.encode(msg);

To get the key in PEM format (if that's something you want).

@nizooo
Copy link
Author

nizooo commented Apr 16, 2015

In fact, I haven't reached that level. I don't have the p12 yet .

var p12Der = forge.util.decode64(b64); // OK
var p12Asn1 = forge.asn1.fromDer(p12Der); // OK
var p12 = forge.pkcs12.pkcs12FromAsn1(p12Asn1,false, pwd); // NOK

so I can't use your code here ?
I'm trying to debug the Asn1 object and below the result of prettyPrint(p12Asn1) :

Tag: Universal:16 (Sequence)
Constructed: true
Sub values: 3
Tag: Universal:2 (Integer)
Constructed: false
Value: 3,
Tag: Universal:16 (Sequence)
Constructed: true
Sub values: 2
Tag: Universal:6 (Object Identifier)
Constructed: false
Value: 1.2.840.113549.1.7.1 (data) 0x2a864886f70d010701,
Tag: Context-Specific:0
Constructed: true
Sub values: 1
Tag: Universal:4 (Octet string)
Constructed: false
Value: 0x30820cee30820ba706092a864886f70d010706a0820b9830820b9402010030820b8d06092a864886f70d010701301c060a2a864886f70d010c0106300e04088f1db6ce9b0718820202080080820b609d0f77f9c211c8455ff5465bfcf3072e75ef8ec9895e35ab1941434eeca475b45316e88df1123b9c6566699e1a0c8384f9133d437a17d6e6efaaf0a5d812e6c90f23e93a747786cdc65b9d12a97eb41afedd38c9720f6d0401ff9eb90325afa0542504953bcded048bac29e5fb459a4fa82467fd5c894b3b37a0e3fa132c275b38c6f19279785b18abeed8551bb36ea9d7cd6a4d80170fd672bef9fb0615ec12235d8a7d47027b957c0c437a3588f150d4d209f77380828ad28962d3da36dd4153fcb9f88ea4334f41b0b851c30c2d16622fb84b3a088322d13d74e8800f353ed2b65b5ba01061f60a9317267e68a61a101704a6f362979752e4623a484b98b202483f135cd01465271eb073fae21ca38bc02de5ffc429ceb62f7fbdbbd601a5ea348a1326ea8d650bf76fcb9ec23219933566e57cce5e1e6008770a549e700226a7c445620de1471c1c5593aa785fd303644dda0ef81e221e23c08b304c7b4439208b4f835b251afa1c9316e2a7f9f786e50883492eaee5feda4efd33d107b1e8a3fefe488e8982a2e92e97e11314f687171d4b1c9e7dabc481f843fb69d9729507fc0fdc74a2541dfbf93ec76a22cff1381dcb9649bfe24ff17a87e51243dcd119bde74a1b0accc67229141749bbca04b2109603dde7bb80c7421b32375df1d18b6e82c52dd7aa92031d106c03a16b3111a50add393648937a5e4d57fce715bfe22400f38bc7f4b7374aac0573e1b7f4e3c5d310f2d2f2b61b51fe0281882594b7d52795ba48dd33699ac293b3fb676247445682ce33b4365c53100fff4aff5ea8b0c5769c91de1ede6865b3748ff639ef25d32232550829cdb5e127d55bc5e17278fb4ec6ba273851c4cb4c75633c051b725836ba08cd87e6c99b3b739f2152beba77246b9937e18e6db21a2d51c621234ac272e3b0301ff6a7f3c1406bbb13cf36941574236f9fe3dce3cff5d02f6f91c94be170ad947fd3e398211b88c17bfc6462f825d43a16c3459d4dca2d25bdaf4ee5d6d013bd6f70404622b94ef600bbb5b13056b005ab142e1edd3c1c682e1e47a3ddda41a653fbc67af3e531f2ec93c4ac676e9e6c07f8f31e9e473cfb8bb6fe3a6a659ba76e6456bfbbd9808f9f4b08a99c9f7f4def14ce61495e3926a9d3c59393a84fdd24bbd7f63b143925e76f0d2cb5b7ad6333c9ff45ed8e68337a36606da9310c56bd5516b1191de8e5afef776cbf4d61f8945ddf06ae501a4b3a3320a4ae3552c537060b0d2485df496731d6e8b4c91403f016f05a31d8bb300afea8f7c3dc2a7526e5f941478ad73e84c85b7b7dec0c4fd6c836b454d60133b55ec4329e005a09100963a154acb88e3e2931ccda5cb846745b96ef8a10558d5265deea33ce166f7a1d90f8e5f34582633c01785b14b4311a8eec282a3774a193fee84e4a845abb815535b2d37925705b257f7d16f29fe8e4030c9167661e70ca66d37d12d0d10bd7be76a96f9bb3932898955ea26f81826da603989c687f8792cc4c0ed63c169438cf82c4360fc248bb0b89218400c005baf585d201c56a2dca96b057c03a19f0a6fc21c75b9121f1064caee9880e3f07c6cd8e0f03aeccaf017327b77b8d8a0bd72b4b2e59ae1cb5863e03e5ca52f2d17417b330fb6c66574f234a75c41ec0b87fb425868fefd702cd74ab493cae50a1edc3e3573ebd23cbb2cc43d94deb251020e354620419eaebec1b2ae2b6f31dec87393995e01ca13b6ad7dabdb996c4c8e44c2b04ee3d37ef82f1ee25b1def6e6682ca179bdd6ea55c3d78a36a827f30d80243a53357178ae7c8c0e8c39ec3400c61ba3e5292ec420fd620bc5dc4d87856dc7524dfd152aad662ab6dea00d0ab682d1c6d7067396b668a06d74a8db816242dc8bb26a638d3b501ecbd79bf3b5120297e99d89ce2f2c29f95d080586e3cd862d7ed7428aa9c15fa9ae7b13309d0e17c0c0957ae2ae38c6b10fa15b1aad9a177601e98957002b51230400e53cacd7f3f1d64d80c7b8e316491be6941d45a3205f791d5c36e0a9b5aba1da2e7ea49c493bea34ab2ae6218b02d21cf8f3fdb83c3805426189d1c82a48391023ded81fdc8e119dfc2442e870ae7c77f6bc8f50ad9872f9f30a76a681b3b430d5b269f292396c5a664370a49525dac2eb09295119eeafee287d08c227b3d59d657b0aba4ca452b3274a51a19c6ed80b0c7947c5917c45674e18fa81f15ed3b98deeb078a23cd32fe5f1a7e783b4ae36debd2b366f6fc5e9870e4c51bdab024d4acb63f811489c5fc7adb3e383314e857edd29175293ecd20fba65f5dae8141a0ea4c5cfa05eb1f4de1bae1aad9ff4fb3cdd6898955a692d96a855f1cf80cc313ac4353b405baffb3d971b427731660fc454f11cf680f4bd0e3db45b5456b85a738f1d02b5cab76c79fe8d4526af41b5d435c39eb4fda3408883d77004676b74c7b146f5ddee02e6318ca6a349c9e9590cd7faa77f9ca872ef054b3fc0b79acf82c9dcfe55595840417a69ddb610954f5601bda5bf277751ebe0dbc5df42e959605733cacc08d80ecdeef28af416f74e3df01bf93f22d22ec59413d0b36d4c7269fc8281b686db9307b1e42a6c0ca8647c20869d670ef345f5802ba807894cd12dbc3c1667c7678ff467fa95d3c468225e5d67911263750ae0a71371623084ac7def6ad53bfd56c85bf85d46a9c2ae2ba4d54331ccca10402774aa294b1893cfd952017a7ba89ff0c82fab9cb016b1ee5459cf0faba7a237c79e4e0342717ab4ace466de7b791ec2139db56cc0b002e783b47714f5baeb67c8ef1f620607ea63265369183e605e625d1b5651c94183ebc444531a5a81a1b038c1f41ffde9c04d71b2b15730d268f89c033bfb2438a18e577bcc2569f985df3630c0b28f957f517bd8a31bbcfe6905204a4d64c5aca530a43e261346216be5ae33aa4732580817f112325141ac30f600aee0ef10e29cae414303b1bd1a50dfccf091a3b4d19fcc33bd5404f7eacbfae1d15f3be065276158a8fa0c8ec944a770a21c8333348dc3528d632549a8b7fa62cf4efc4c1b3dc20679408213f7ccf68d40ec0eb931e0d99636f5b32f800c54663afae5913fd87a7f1b7e06476da4f58f6472608735448de01e6599ae3347ba3ce8a16dc42f788d8a4780eb1f56829776d4c09a3927eb009343c9cbc17e41175334ae4964d4cf55f6a1b899c026c9de854fe63d436800b1dac40f259137054bcf8dbd3ecd99d98969f75500b27b00dfbdb0798f7d431c14449f522c500ef699ef3bd088be201c6ed62e39409f62d637afb02a22d83e6d29ab05864cb7ea7933465545c20a08d8e0b5918614ac2baa5b3cef6e85f48fa8fcc292be0ac055c61d36f74e12aacb9ee0e4763ea64d0497db62667762ae5b61c346b15e0a97d7cfcd4b38c21f6bbf9eb356e059bc01914dfa1ce8ecdcf036fa467990b0731a54e63de4a117eafa5e59499601da80a26289fe083aff7a63ad206968d35fb935df32e8c07e53df16874609e3411d7f26391dacda8aa368d7241404d9ceaec5d835c8d3790dea964657e83fbdb8509e15aad1c5cd42d7708ab2af97503e99ea797ddb73ae38a42dc1c323699ef01d7918b1ceb3c3407317afcea6658c9265f1ee7da06aa6ea37558b581563be551223e8203d6d24b6141baa662ccb02a341c7a530c328dee1bf3511b4e0fc45e4511d5dbdcbd87757e3d1c0c7592d93dc1444ef74215fabe9d07103e7977500e7f75618da9afa841af7888ea77b84ac49ef1e14e8db5963b9094d12f823d759dc2f5a63a8de05330091f9d77c4145a1ffaffb5745216f832a3ab611a3226fb6202933a7e922db95a303727caa9b861561124100e681e82ed73c30734529ceb41760498d9f9f896f93ba7e77f233465f9468c2d288be2eaec84e1c7f03c3d9e51e93654d9ef9f03d9a41a75344290f9ad01ed713913ef4956567bec9b53b9ab0f9a16db311c3f651885b77d1b366cb633176048d71b4a44d42852db84ae43bc89de188b3e64796afd3a32a8d1c4c3780ec84e52a268253efe5c6269427eba6058febf3c2ad2c4a1f86a0afb024f2427f27b447b83f209463b28b80091e4cbb00908006ccda52ce8250678c3082013f06092a864886f70d010701a08201300482012c3082012830820124060b2a864886f70d010c0a0102a081b43081b1301c060a2a864886f70d010c0103300e04083f6ab40e47077fe302020800048190872483875fcf2c55b148e62a6339df335b472c94688c55be02bc925584ae8da33f96737b82ca4f4bd7e09d80d682c3dd7c48a7aad2b73024ea76b54bbdc65be4299c18bf7ce49c140aa04e09e7bab2360646ba47b5fce80906c2ffff9c362d485f9d56f75898c42019f63f8461414bb803ead88663bb500abc512600842d0977a480dbecd0f90423ab31ac5dec06abf3315e302306092a864886f70d01091531160414896a5fe4bdfd506d648ad1403deafdc05488c3d2303706092a864886f70d010914312a1e280065007800700065007200740043006f006e0073006f0072007400690075006d0049004c004f0043,
Tag: Universal:16 (Sequence)
Constructed: true
Sub values: 3
Tag: Universal:16 (Sequence)
Constructed: true
Sub values: 2
Tag: Universal:16 (Sequence)
Constructed: true
Sub values: 2
Tag: Universal:6 (Object Identifier)
Constructed: false
Value: 1.3.14.3.2.26 (sha1) 0x2b0e03021a,
Tag: Universal:5 (Null)
Constructed: false
Value: [null],
Tag: Universal:4 (Octet string)
Constructed: false
Value: 0x8eddea286afd4439ae76f6b61eb0549312c99623,
Tag: Universal:4 (Octet string)
Constructed: false
Value: 0xe94387214ea2b42b,
Tag: Universal:2 (Integer)
Constructed: false
Value: 2048

@dlongley
Copy link
Member

@nizooo,

Do you have the password for that p12 so I can test with it? If it's not just test data, can you generate a similar p12 and supply the password? I can better address the issue in that case.

@nizooo
Copy link
Author

nizooo commented Apr 16, 2015

ok, below a new one for test , the password is : 123321

ASN1Tag: Universal:16 (Sequence)
Constructed: true
Sub values: 3
Tag: Universal:2 (Integer)
Constructed: false
Value: 3,
Tag: Universal:16 (Sequence)
Constructed: true
Sub values: 2
Tag: Universal:6 (Object Identifier)
Constructed: false
Value: 1.2.840.113549.1.7.1 (data) 0x2a864886f70d010701,
Tag: Context-Specific:0
Constructed: true
Sub values: 1
Tag: Universal:4 (Octet string)
Constructed: false
Value: 0x308204703082032f06092a864886f70d010706a08203203082031c0201003082031506092a864886f70d010701301c060a2a864886f70d010c0106300e0408c67dce92c892720802020800808202e8e0761925b6a7bcdaa03e054b9fbc915445f324cf16935f578f58090938f43ccf109a1adad29413c74c878f232848773519b891e99a37e08a65ccd33c1e71936d4fffe3ed2d6cdf158152f3fc2dfd427ee4d11b447955908d860e3e076303feec4d1a774aa2e7852cbb2c487a987bd38e896a0de47aa7e82988a70288847b79af6d694808a4d68f43e9b834368316fb6b1c0e9eab067cd0b72781e2be76dc0cf34bfbf251782e5280aff1110a7205ce05cf8f5803da88182ea0431362202f6642fabb33c84a0ee9988241561f6e475d6ce3ebfa414fee02f2443192e2e2f8a5a1f4a5a3f145dcd9869ea8c47a31e25427b60c3442d51b153e6b7658f0d16425fe232c03f2efabb824c11b5fa99e1ed7e6380cea6861baa677eea99516447ad3c58196216b9391215fa82b01d3c31c07a1d8a84626ee3b87a8eee5aa722f47087ef9357b17f0c9ba939c4bcb26e10d3ea48fd483d95ec76eddfd355f14bd880917c254ebceb6feb92bee9fa8d90f0eb72d41597f92a4bcb64599a07fb27d2fea0f320293dfdf9c09ceedb978ca2146629e8849b8c09e48b636745577218f4083b8079d55aaa31e573377ebcf69a4941909a8e0c3b69fcaad6b0edd5d0aa883d0e767297900459129d94788aa630232154f442798d4df99f3217cc9652fefb4a41a5c2d32dcaf846625accdd6abfaf0796e8fdb40df792a0bbbda54fd9c577b45fd6b8928fe55e32a9ffe92c25164973159c443c4544bb6b1c85aaaf32047568a537f95de7d1cfe89536f9f841920fb06965ddfa5c44988695c3a618ed6566413e2b882d7b1862a3cf2acd290a74ab80434592898899b52d20c19066148564e48876999e286ec2489d9d719a33a46c84fbbc73b9c0dbd128ca8663b3856d8fd771433c2ee91bc0f94bcedeff8f331c5ad0efd42a35355cf2dd85ac6773928851019e7218ec802a281d014e43c8711193d441a06779b4d18ead16ed0f8384abf513218559644d1b6709471d440d43be034da706f2dc9390ca39d21c265b0a887581d3f9ed091aad43b5f3082013906092a864886f70d010701a082012a04820126308201223082011e060b2a864886f70d010c0a0102a081b43081b1301c060a2a864886f70d010c0103300e0408dd0fb459b3a37ffd02020800048190856f046997c986bf8c4dde318e451cb9b48f8f3b29a0b78bb462f198ac530676f006b289049ddbcd7bd4ef07bbaafbc91a15907ec4521d7104f38d564bc235e2f78924b58125f379574018cf66989280290d0eb5fe8ee6be0680227e6b410876d23a741055d93354d1a804f5ee98c17014da67fb34c29522d9d6d8ab384880462c40541f1db5b9efa7a1b79365343ded3158302306092a864886f70d010915311604149e9da5197aab08f9399837eb2f2fe44568c0410d303106092a864886f70d01091431241e2200450043004400530041002000630065007200740069006600690063006100740065,
Tag: Universal:16 (Sequence)
Constructed: true
Sub values: 3
Tag: Universal:16 (Sequence)
Constructed: true
Sub values: 2
Tag: Universal:16 (Sequence)
Constructed: true
Sub values: 2
Tag: Universal:6 (Object Identifier)
Constructed: false
Value: 1.3.14.3.2.26 (sha1) 0x2b0e03021a,
Tag: Universal:5 (Null)
Constructed: false
Value: [null],
Tag: Universal:4 (Octet string)
Constructed: false
Value: 0x8c72ea768d7e49a8c53996a1fc77f034fe43aefb,
Tag: Universal:4 (Octet string)
Constructed: false
Value: 0xe452656c6127c45e,
Tag: Universal:2 (Integer)
Constructed: false
Value: 2048

@dlongley
Copy link
Member

@nizooo, my apologies, I wasn't clear. Can you send the base64-encoded version? I can't process the above pretty printed version.

@nizooo
Copy link
Author

nizooo commented Apr 16, 2015

no problem , I'm using "reader.readAsArrayBuffer(file)" and below you find data before encoding and after encoding :

before :

MIIEwQIBAzCCBIcGCSqGSIb3DQEHAaCCBHgEggR0MIIEcDCCAy8GCSqGSIb3DQEHBqCCAyAwggMcAgEAMIIDFQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQIxn3OksiScggCAggAgIIC6OB2GSW2p7zaoD4FS5+8kVRF8yTPFpNfV49YCQk49DzPEJoa2tKUE8dMh48jKEh3NRm4kemaN+CKZczTPB5xk21P/+PtLWzfFYFS8/wt/UJ+5NEbRHlVkI2GDj4HYwP+7E0ad0qi54UsuyxIeph7046Jag3keqfoKYinAoiEe3mvbWlICKTWj0PpuDQ2gxb7axwOnqsGfNC3J4HivnbcDPNL+/JReC5SgK/xEQpyBc4Fz49YA9qIGC6gQxNiIC9mQvq7M8hKDumYgkFWH25HXWzj6/pBT+4C8kQxkuLi+KWh9KWj8UXc2YaeqMR6MeJUJ7YMNELVGxU+a3ZY8NFkJf4jLAPy76u4JMEbX6meHtfmOAzqaGG6pnfuqZUWRHrTxYGWIWuTkSFfqCsB08McB6HYqEYm7juHqO7lqnIvRwh++TV7F/DJupOcS8sm4Q0+pI/Ug9lex27d/TVfFL2ICRfCVOvOtv65K+6fqNkPDrctQVl/kqS8tkWZoH+yfS/qDzICk9/fnAnO7bl4yiFGYp6ISbjAnki2NnRVdyGPQIO4B51VqqMeVzN3689ppJQZCajgw7afyq1rDt1dCqiD0OdnKXkARZEp2UeIqmMCMhVPRCeY1N+Z8yF8yWUv77SkGlwtMtyvhGYlrM3Wq/rweW6P20DfeSoLu9pU/ZxXe0X9a4ko/lXjKp/+ksJRZJcxWcRDxFRLtrHIWqrzIEdWilN/ld59HP6JU2+fhBkg+waWXd+lxEmIaVw6YY7WVmQT4riC17GGKjzyrNKQp0q4BDRZKJiJm1LSDBkGYUhWTkiHaZnihuwkidnXGaM6RshPu8c7nA29EoyoZjs4Vtj9dxQzwu6RvA+UvO3v+PMxxa0O/UKjU1XPLdhaxnc5KIUQGechjsgCooHQFOQ8hxEZPUQaBnebTRjq0W7Q+DhKv1EyGFWWRNG2cJRx1EDUO+A02nBvLck5DKOdIcJlsKiHWB0/ntCRqtQ7XzCCATkGCSqGSIb3DQEHAaCCASoEggEmMIIBIjCCAR4GCyqGSIb3DQEMCgECoIG0MIGxMBwGCiqGSIb3DQEMAQMwDgQI3Q+0WbOjf/0CAggABIGQhW8EaZfJhr+MTd4xjkUcubSPjzspoLeLtGLxmKxTBnbwBrKJBJ3bzXvU7we7qvvJGhWQfsRSHXEE841WS8I14veJJLWBJfN5V0AYz2aYkoApDQ61/o7mvgaAIn5rQQh20jp0EFXZM1TRqAT17pjBcBTaZ/s0wpUi2dbYqzhIgEYsQFQfHbW576eht5NlND3tMVgwIwYJKoZIhvcNAQkVMRYEFJ6dpRl6qwj5OZg36y8v5EVowEENMDEGCSqGSIb3DQEJFDEkHiIARQBDAEQAUwBBACAAYwBlAHIAdABpAGYAaQBjAGEAdABlMDEwITAJBgUrDgMCGgUABBSMcup2jX5JqMU5lqH8d/A0/kOu+wQI5FJlbGEnxF4CAggA

after encode :

0��Á���0���� *�H�÷
��� ��x���t0��p0��/� *�H�÷
��� �� 0������0���� *�H�÷
���0��
*�H�÷
� ��0���Æ}Î�È�r��������èàv�%¶§¼Ú >�K�¼�TEó$Ï��_W�X 8ô<Ï���ÚÒ��ÇL��#(Hw5�¸�é�7à�eÌÓ<�q�mOÿãí-lß��Róü-ýBäÑ�DyU����>�c�þìM�wJ¢ç�,»,Hz�{Ó��j
äz§è)�§���{y¯miH�¤Ö�Cé¸46��ûk���«�|з'�â¾vÜ óKûòQx.R�¯ñ�
r�Î�Ï�X�Ú��. C�b /fBú»3ÈJ�é��AV�nG]lãëúAOî�òD1�ââø¥¡ô¥£ñEÜÙ��¨Äz1âT'¶ 4BÕ��>kvXðÑd%þ#,�ò﫸$Á�_©��×æ8 êhaº¦wî©��DzÓÅ��!k��!_¨+�ÓÃ��¡Ø¨F&î;�¨îåªr/G�ù5{�ðɺ��KË&á

¤�Ô�Ù^ÇnÝý5_�½� �ÂTëζþ¹+î�¨Ù��·-AY��¤¼¶E� �²}/ê�2��ßß� Îí¹xÊ!Fb��I¸À�H¶6tUw!�@�¸��Uª£�W3wëÏi¤�� ¨àö�Ê­k�Ý]
¨�Ðçg)y�E�)ÙG�ªc�2�OD'�Ôß�ó!|Ée/ï´¤�-2ܯ�f%¬ÍÖ«úðyn�Û@ßy_�»ÚTý�W{Eýk�(þUã_�þ�ÂQd�1YÄCÄTK¶±ÈZªó GV�S��Þ}�þ�So��� û��]ߥÄI�i:a�ÖVd�â¸�×±�_<ò¬Ò�§J¸�4Y(���RÒ ��aHVNH�i�â�ì$�Ù×�£:FÈO»Ç;�
½��¨f;8VØýw�3Âî�¼��¼íïøó1Å­�ýB£SUÏ-ØZÆw9(���ç!�È�¢�Ð�ä<���=D��w�M�êÑnÐø8J¿Q2�U�DѶp�qÔ@Ô;à4Úpo-É9 £�!Âe°¨�X�?�Ð�ªÔ;_0��9� �H�÷
��� ��_���&0��"0������H�÷

�� �´0�±0��
*�H�÷
� ��0���Ý�´Y³£�ý��������o�i�É�¿�MÞ1�E�¹´��;) ·�´bñ�¬S�vð�²���ÛÍ{Ôï�»ªûÉ���~ÄR�q�ó�VKÂ5â÷�$µ�%óyW@�Ïf���)
�µþ�æ¾��"kA�vÒ:t�UÙ3TѨ�õî�Áp�Úgû4Â�"ÙÖØ«8H�F,@t��µ¹ï§¡·�e4=í1X0#� *�H�÷
� �1�����¥�z«�ù9�7ë//äEhÀA
01� *�H�÷
� �1$�"�E�C�D�S�A� �c�e�r�t�i�f�i�c�a�t�e010!0 ��+���������rêv�I¨Å9�¡üwð4þC®û��äRela'Ä^����

dlongley referenced this issue Apr 16, 2015
@dlongley
Support reading p12 containers w/unrecognized certificate data.
5d1226c 
- If certificates are not recognized or if they contain key
  formats that are unrecognized, a pkcs#12 container can still
  be decrypted. The resulting certificate bag will have its
  `cert` property set to `null` and an `asn1` property will
  contain its ASN.1 representation.
@dlongley
Copy link
Member

@nizooo,

The sample PKCS#12 you provided now parses properly (forge version 0.6.25), despite the key format not being recognized. There is also a test that successfully extracts the certificate in PEM format. To do this, run the following code:

// assumes b64 var holds the above base64-encoded p12
var p12Der = forge.util.decode64(b64);
var p12Asn1 = forge.asn1.fromDer(p12Der);
var p12 = forge.pkcs12.pkcs12FromAsn1(p12Asn1, '123321');

var bags = p12.getBags({bagType: PKI.oids.certBag});
var bag = bags[PKI.oids.certBag][0];

// convert to ASN.1, then DER, then PEM-encode
var msg = {
  type: 'CERTIFICATE',
  body: forge.asn1.toDer(bag.asn1).getBytes()
};
var pem = forge.pem.encode(msg);
console.log(pem);

This yields:

-----BEGIN CERTIFICATE-----
MIICVzCCAf6gAwIBAgIJAO8k1Go1w/58MAkGByqGSM49BAEwgYgxCzAJBgNVBAYT
AkZSMQ4wDAYDVQQIDAVwYXJpczEMMAoGA1UEBwwDSWxlMQ0wCwYDVQQKDARlcmRm
MSIwIAYDVQQDDBluaXphci5hYmRlbm5lYmlAZ21haWwuY29tMSgwJgYJKoZIhvcN
AQkBFhluaXphci5hYmRlbm5lYmlAZ21haWwuY29tMB4XDTE0MDczMDE2MTYyMloX
DTE1MDczMDE2MTYyMlowgYgxCzAJBgNVBAYTAkZSMQ4wDAYDVQQIDAVwYXJpczEM
MAoGA1UEBwwDSWxlMQ0wCwYDVQQKDARlcmRmMSIwIAYDVQQDDBluaXphci5hYmRl
bm5lYmlAZ21haWwuY29tMSgwJgYJKoZIhvcNAQkBFhluaXphci5hYmRlbm5lYmlA
Z21haWwuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAELqy3xekJMWlXzq5g
5ao7Z8PH3iL0I2Tj28SGrDIdZ07f5x/rAbwjbcfp2YsJecEJOoaE3/jgbI8/mc1p
wWJtm6NQME4wHQYDVR0OBBYEFINzYXPWdpiaoDaLBiObKSezqjYSMB8GA1UdIwQY
MBaAFINzYXPWdpiaoDaLBiObKSezqjYSMAwGA1UdEwQFMAMBAf8wCQYHKoZIzj0E
AQNIADBFAiEA9Q+TJyUHEn7lhjEkF1OUb0hEwejAWny+mvqQ0XNHup4CIAeOLjEs
mthwYiI/c1op4Y+H0xLUp2v8iLWHIDqAZA89
-----END CERTIFICATE-----

@nizooo
Copy link
Author

nizooo commented Apr 17, 2015

Thanks a lot , it's very helpful. I'll continue to decrypt the key value and I'll keep you in touch .

@dlongley
Copy link
Member

dlongley commented Oct 5, 2016

Closing as potentially resolved, can be reopened if necessary.

@dlongley dlongley closed this as completed Oct 5, 2016
@Centaurioun Centaurioun mentioned this issue Dec 14, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dlongley @nizooo