Possible bug in pkcs8 import

David Marín Carreño davefx at gmail.com
Wed Oct 22 18:02:38 CEST 2008


For the unencrypted files, an extra -nocrypt option must be supplied to openssl.
For the crypted files, the password is "lalalala", without the quotes.


$ openssl pkcs8 -inform pem -nocrypt -in test-pem-unencrypt.pkcs8
-----BEGIN DSA PRIVATE KEY-----
MIIBugIBAAKBgQCl3TEqvbZ3vQaLkO9A3UOWNriaVFvXHxhyDmWP3uB65VAgmRLx
0uxDo31qDaj76OwS5x4BoPhpSen8wejRNsFLSCY07Nzg/1kcgsfn8i7QxRliHtmn
+AC+nMIqgGi+x22CmeO5D/SU2Vjs5wj48Dn/Y4gwpw3YZVKI9ZTHlGpLEwIVAPEd
toV2SRI5Ph782+01w9WhvgY3AoGAOK1cl5OlYxpY9yM1AHzFLMS8xfwquNzK0C0I
Yg+nyjzZibAOJ4PCmKnGC25nRrYLt8IpSYjv8qFrK3Brj1ymaPkgunSIj3FQRqrf
c046sqabnrgeJ53E8//g8DLOo+e6M7VIZKiynTwqR4evkajAk7axfzlQBJe+cCwL
xQMMhsICgYBSCZ4pr/PfyBPcqrfrRZt+pz2HDJqXfyoD9dB2QUFacdssVesZMQWq
Q00IZ0lOmb+ZiN45/27nULGl85llrLjSmDyby7jG0OfHEEoF9I+m7YXOc6dCLaq8
bRUzsj2SRTKJTx0iPA4Zk65DgxBHTtPEzOb4W7pNgYjIF+kbqMjTWwIUbZ1dbKU0
I1BI2l3BbSmtEzxRZ04=
-----END DSA PRIVATE KEY-----


2008/10/22 Simon Josefsson <simon at josefsson.org>:
> "David Marín Carreño" <davefx at gmail.com> writes:
>
>> Hi all.
>>
>> I am developing PKCS#8 import in gnoMint (http://gnomint.sf.net).
>>
>> For testing what are the error codes obtained while probing the type
>> of a given file, I have developed a little program that tries to
>> import a given file as a PEM-codified crypted and unencrypted PKCS8
>> file, and the same with DER format.
>>
>> The problem is that I am not able to import any PKCS#8 file, crypted
>> or unencrypted, DER or PEM. I have generated these PKCS#8 (attached)
>> files using gnutls (test-pem-crypt.pkcs8), openssl
>> (test-pem-uncrypt.pkcs8, and both test-der-*.pkcs8), and certtool
>> (test-pem-crypt2048.pkcs8).
>>
>> I am obtaining -207 (GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR) while
>> trying to import a DER file as a PEM file, which is correct. But all
>> other combinations always result with an error -67
>> (GNUTLS_E_ASN1_ELEMENT_NOT_FOUND).
>>
>> Could anyone help me? Is the problem in the PKCS8 files, in my test
>> program, or in gnutls?
>
> What is the password for your test files?
>
> I can't seem to read your unencrypted files using openssl either:
>
> jas at mocca:~$ openssl pkcs8 -inform pem -in test-pem-unencrypt.pkcs8
> Error reading key
> 19169:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:647:Expecting: ENCRYPTED PRIVATE KEY
> jas at mocca:~$ openssl pkcs8 -inform der -in test-der-unencrypt.pkcs8
> Error reading key
> 19178:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1294:
> 19178:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:380:Type=X509_ALGOR
> 19178:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:749:Field=algor, Type=X509_SIG
> jas at mocca:~$
>
> How did you generate the files?
>
> /Simon
>



-- 
David Marín Carreño


More information about the Gnutls-devel mailing list