Topic: How to parse PFX certificate into der and pem ?

Hi,

I have investigated on the topic on page: https://www.wolfssl.com/forums/topic892 … rmat.html. But I still have some questions.
Can you give me detailed sample code for parsing PFX certificate file? I have created WOLFSSL_BIO and called wolfSSL_d2i_PKCS12_bio to get WC_PKCS12. But wolfSSL_PKCS12_parse function returns 0. pkey, cert and certs are null.
What kind of WOLFSSL_BIO shall I create?

Thanks,
Alfred

Share

Re: How to parse PFX certificate into der and pem ?

Alfred,

I would recommend checking out our PKCS12 test in wolfssl-root/tests/api.c for a reference example (Includes the BIO setup):

https://github.com/wolfSSL/wolfssl/blob … pi.c#L4145


Warm Regards,

KH

3 (edited by Alfred Zhou 2019-07-09 00:40:41)

Re: How to parse PFX certificate into der and pem ?

Hi Kaleb,

When I debug my code, I find that in function wc_PKCS12_parse, a call for DecryptContent returns error. The error message is "Decryption failed, algorithm not compiled in?".
In function DecryptContent in asn.c, a call for CheckAlgo returns error. Is there someting wrong with my pfx file? My password of the pfx file is just a word like "password". The file is generated by cmd like below:

openssl req -newkey rsa:2048 -nodes -keyout test.key -x509 -days 365 -out test.cer
openssl pkcs12 -export -in test.cer -inkey test.key -out test.pfx

It will be required to set password for the pfx file and input a word like "password".


My code is from function test_wolfSSL_PKCS12 in wolfssl/tests/api.c. It is for .p12 file. But my test file is .pfx. I have test the file with some openssl cmd, it could be simply transfered into .pem file with certificate and private key.
So shall I firstly transfer the .pfx file into .p12 file? Is there something wrong with the code or shall I change to use another piece of sample code?

Thanks,
Alfred

Share

Re: How to parse PFX certificate into der and pem ?

Alfred,

As Jacob noted on the other post:

configure wolfSSL with: "./configure --enable-opensslextra --enable-des3 --enable-arc4". We do not currently support RC2, so encryption done with RC2 can not be decrypted by the API.

By default OpenSSL uses RC2, so you have to explicitly ask it to use des3 for encryption:

Again from Jacobs reply:

Command line to create a pkcs12 certificate to use.
$ openssl pkcs12 -des3 -descert -inkey certs/server-key.pem -in certs/server-cert.pem -CAfile certs/server-cert.pem -out pkcs12.p12 -export

That should get you a start anyway but if not let me know!

Cheers,

KH

Re: How to parse PFX certificate into der and pem ?

Hi Kaleb,

I have regenerated the PFX file and it can be parsed successfully!

Thank you very much and Best Regards,
Alfred

Share