Join Log in
Score:0
tzippy avatar Crypto

Create PKCS12 file from EC Private and Public key pair

hu flag
tzippy

I have a file with an EC Public Private Key Pair and curve parameters:

openssl ec -in keyfile.pem -noout -text
read EC key
Private-Key: (256 bit)
priv:
    aa:bb:cc:aa:bb:ccaa:bb:ccaa:bb:ccaa:bb:cc:aa:
    aa:bb:cc:aa:bb:ccaa:bb:ccaa:bb:ccaa:bb:cc:aa:
pub:
    aa:bb:cc:aa:bb:ccaa:bb:ccaa:bb:ccaa:bb:cc:aa:
    aa:bb:cc:aa:bb:ccaa:bb:ccaa:bb:ccaa:bb:cc:aa:
    aa:bb:cc:aa:bb:ccaa:bb:ccaa:bb:ccaa:bb:cc:aa:
    aa:bb:cc:aa:bb:ccaa:bb:ccaa:bb:ccaa:bb:cc:aa:
    aa:bb:cc:aa:bb:
Field Type: prime-field
Prime:
    00:ff:ff:ff:ff:00:00:00:01:00:00:00:00:00:00:
    00:00:00:00:00:00:ff:ff:ff:ff:ff:ff:ff:ff:ff:
    ff:ff:ff
A:
    00:ff:ff:ff:ff:00:00:00:01:00:00:00:00:00:00:
    00:00:00:00:00:00:ff:ff:ff:ff:ff:ff:ff:ff:ff:
    ff:ff:fc
B:
    5a:c6:35:d8:aa:3a:93:e7:b3:eb:bd:55:76:98:86:
    bc:65:1d:06:b0:cc:53:b0:f6:3b:ce:3c:3e:27:d2:
    60:4b
Generator (uncompressed):
    04:6b:17:d1:f2:e1:2c:42:47:f8:bc:e6:e5:63:a4:
    40:f2:77:03:7d:81:2d:eb:33:a0:f4:a1:39:45:d8:
    98:c2:96:4f:e3:42:e2:fe:1a:7f:9b:8e:e7:eb:4a:
    7c:0f:9e:16:2b:ce:33:57:6b:31:5e:ce:cb:b6:40:
    68:37:bf:51:f5
Order:
    00:ff:ff:ff:ff:00:00:00:00:ff:ff:ff:ff:ff:ff:
    ff:ff:bc:e6:fa:ad:a7:17:9e:84:f3:b9:ca:c2:fc:
    63:25:51
Cofactor:  1 (0x1)

How would I create a PKCS12 file from this?

28
1 + 0
Score:3
dave_thompson_085 avatar Crypto
cn flag
dave_thompson_085

How would I create a PKCS12 file from this?

openssl pkcs12 -export -inkey keyfile.pem -nocerts -out p12file [-passout ...] will create A PKCS12 file -- i.e. a file complying with the PKCS12 document.

However, you will probably be unable to use this PKCS12 file for anything expect maybe printing it out and admiring it, for at least 2 and possibly 3 reasons:

  • PFX/PKCS12 was created and is usually implemented to carry a privatekey and matching X.509 (in practice usually PKIX) certificate, and optionally chain cert(s). The PKCS12 document does not require this, and allows the creation of a file with only (a keybag containing) a privatekey, which that OpenSSL command does, but most other software won't read such a file

  • your EC key defines the curve with explicit parameters rather than the 'named' form (which actually uses an ASN.1 OID). Originally X9 defined both explicit and named forms, but in practice almost nobody implemented explicit; OpenSSL is a rare exception, perhaps because it dates back to well before 2000. RFC5480 prohibits explicit form for PKIX certificates since 2009, and although a privatekey is not a cert most implementations will be consistent.

  • there are numerous options for encrypting the privatekey in PKCS12, and protecting (MAC-ing) the file, and different programs and systems can support different ones. In particular older versions of OpenSSL default to the 'traditional' PBEwithSHA1and3KeyTripleDES for keybag, PBEwithSHA1andRC2-40 for certbag if present which it isn't in the case above, and Appendix A's PBHMAC with SHA1, while 3.0.0 up defaults to PBES2/PBKDF2-HMAC-SHA256/AES-256-CBC for both bags and PBHMAC with SHA256. Some software may handle the former but not the latter; some (especially if intended to satisfy FIPS140) may accept the latter but not the former. This part of the problem is usually solvable because OpenSSL has options (see the man page) to select other algorithms (including some I don't think anybody else implements and thus pretty useless), assuming you can accurately determine the constraints or requirements of (all) the system(s) or program(s) where you want to use the file.

+ 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.