Combining certificate and key in PEM format into a P12 file without knowing the key password?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

Combining certificate and key in PEM format into a P12 file without knowing the key password?

Tobias Dussa (SCC)
Hi,

I was wondering whether it was possible somehow to take a certificate and an
enciphered private key, both in .pem format, and combine them into a PKCS12
structure without knowing the key passphrase?

Googling does not reveal much useful information, unfortunately, and so far we
have been unsuccessfully diving into PKCS12/8/5 specs.  I don't really see a
reason why it should not be possible, but of course that doesn't mean it is. :)

THX & Cheers,
Toby.
--
I am Gates of Borg.  Resistance is futile.  You will be assimilated.
From now on, you will finance... us.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Combining certificate and key in PEM format into a P12 file without knowing the key password?

Jakob Bohm-7
On 20/02/2018 11:04, Tobias Dussa (SCC) wrote:

> Hi,
>
> I was wondering whether it was possible somehow to take a certificate and an
> enciphered private key, both in .pem format, and combine them into a PKCS12
> structure without knowing the key passphrase?
>
> Googling does not reveal much useful information, unfortunately, and so far we
> have been unsuccessfully diving into PKCS12/8/5 specs.  I don't really see a
> reason why it should not be possible, but of course that doesn't mean it is. :)
>
> THX & Cheers,
> Toby.
In the commonly accepted variants of PKCS#12, private key and all the
certificates are encrypted with the same password.  PKCS#12 with
different password for private key and certificates is not widely
supported.

In the concatenated PEM format, only the private key is encrypted, but
not the certificates.

So to convert from concatenated PEM format to PKCS#12, even if the
encrypted private key could be kept without decrypting the private
key, the password for the private key is still needed to encrypt
the certificates with the same password.


Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Combining certificate and key in PEM format into a P12 file without knowing the key password?

Tobias Dussa (SCC)
Hi,

On Tue, Feb 20, 2018 at 12:23:14PM +0100, Jakob Bohm wrote:
> >Googling does not reveal much useful information, unfortunately, and so far we
> >have been unsuccessfully diving into PKCS12/8/5 specs.  I don't really see a
> >reason why it should not be possible, but of course that doesn't mean it is. :)
> In the commonly accepted variants of PKCS#12, private key and all the
> certificates are encrypted with the same password.  PKCS#12 with
> different password for private key and certificates is not widely
> supported.

I see.

> In the concatenated PEM format, only the private key is encrypted, but
> not the certificates.

Yep.

> So to convert from concatenated PEM format to PKCS#12, even if the
> encrypted private key could be kept without decrypting the private
> key, the password for the private key is still needed to encrypt
> the certificates with the same password.

... iff you need to retain wide-spread compatibility.  So if that is not
necessary, the question remains: Is there a way to reuse an already-encrypted
privkey?

THX & Cheers,
Toby.
--
I know that you believe that you understood what you think I said,
but I am not sure you realize that what you heard is not what I meant.

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

smime.p7s (8K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Combining certificate and key in PEM format into a P12 file without knowing the key password?

Viktor Dukhovni
In reply to this post by Jakob Bohm-7
On Tue, Feb 20, 2018 at 12:23:14PM +0100, Jakob Bohm wrote:


> > I was wondering whether it was possible somehow to take a certificate and an
> > enciphered private key, both in .pem format, and combine them into a PKCS12
> > structure without knowing the key passphrase?
>
> In the commonly accepted variants of PKCS#12, private key and all the
> certificates are encrypted with the same password.  PKCS#12 with
> different password for private key and certificates is not widely
> supported.

Do any of the PKCS#12 key derivation functions implement the same
password -> key algorithm as is used in OpenSSL's PEM password to
key mapping for private keys?  I suspect that might be another
problem area.

What combination of the "-keypbe", "-macalg", and "-maciter" options
yields a key derivation function that matches PEM?

--
        Viktor.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Combining certificate and key in PEM format into a P12 file without knowing the key password?

Frank Migge-2
In reply to this post by Tobias Dussa (SCC)
Hi Toby,

>> the question remains: Is there a way to reuse an already-encrypted privkey?
I'd say yes it *could* work, but not with OpenSSL API functions. You'd have to roll your own code for the PKCS12 creation.

OpenSSL's PKCS12_create() function expects an unencrypted EVP_PKEY object.  But, internally, that key is turned into a encrypted PKCS8 structure, as expected by the PKCS8ShroudedKeyBag type defined in RFC-7292.

Thats why I think it may be possible to experiment and modify code such as in crypto/pkcs12/p12_crt.c, trying to pass-through that already encrypted PKCS8 key "as-is" straight into the pkcs8ShroudedKeyBag object. If your key is a file in PEM format, you'd need to get that into an internal structure first (more coding), I don't think there is a simple API import (without decryption).

If you manage to successfully built that PKCS12, you'd run into trouble for decoding, which probably fails for all known software. They all expect to be able to read the private key, when in your case it needs saving to a file somewhere for further handling, or for entering that second key-specific password.  You'd again have to code your own PKCS12 unpack program, just for this specific use case.

I may be wrong but to me it looks doable, just a *lot* of work.

Frank
Tuesday, February 20, 2018 9:15 PM
Hi,

On Tue, Feb 20, 2018 at 12:23:14PM +0100, Jakob Bohm wrote:
Googling does not reveal much useful information, unfortunately, and so far we
have been unsuccessfully diving into PKCS12/8/5 specs.  I don't really see a
reason why it should not be possible, but of course that doesn't mean it is. :)
In the commonly accepted variants of PKCS#12, private key and all the
certificates are encrypted with the same password.  PKCS#12 with
different password for private key and certificates is not widely
supported.

I see.

In the concatenated PEM format, only the private key is encrypted, but
not the certificates.

Yep.

So to convert from concatenated PEM format to PKCS#12, even if the
encrypted private key could be kept without decrypting the private
key, the password for the private key is still needed to encrypt
the certificates with the same password.

... iff you need to retain wide-spread compatibility.  So if that is not
necessary, the question remains: Is there a way to reuse an already-encrypted
privkey?

THX & Cheers,
Toby.
Tuesday, February 20, 2018 8:23 PM

In the commonly accepted variants of PKCS#12, private key and all the
certificates are encrypted with the same password.  PKCS#12 with
different password for private key and certificates is not widely
supported.

In the concatenated PEM format, only the private key is encrypted, but
not the certificates.

So to convert from concatenated PEM format to PKCS#12, even if the
encrypted private key could be kept without decrypting the private
key, the password for the private key is still needed to encrypt
the certificates with the same password.


Enjoy

Jakob
Tuesday, February 20, 2018 7:04 PM
Hi,

I was wondering whether it was possible somehow to take a certificate and an
enciphered private key, both in .pem format, and combine them into a PKCS12
structure without knowing the key passphrase?

Googling does not reveal much useful information, unfortunately, and so far we
have been unsuccessfully diving into PKCS12/8/5 specs. I don't really see a
reason why it should not be possible, but of course that doesn't mean it is. :)

THX & Cheers,
Toby.


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Combining certificate and key in PEM format into a P12 file without knowing the key password?

Tobias Dussa (SCC)
Hi,

On Wed, Feb 21, 2018 at 01:04:17AM +0900, Frank Migge wrote:
> >> the question remains: Is there a way to reuse an already-encrypted privkey?
> I'd say yes it *could* work, but not with OpenSSL API functions. You'd
> have to roll your own code for the PKCS12 creation.
> OpenSSL's PKCS12_create() function expects an unencrypted EVP_PKEY
> object.  But, internally, that key is turned into a encrypted PKCS8
> structure, as expected by the PKCS8ShroudedKeyBag type defined in RFC-7292.

That's about what I thought I figured out, yeah. :)

> Thats why I think it may be possible to experiment and modify code such
> as in crypto/pkcs12/p12_crt.c, trying to pass-through that already
> encrypted PKCS8 key "as-is" straight into the pkcs8ShroudedKeyBag
> object. If your key is a file in PEM format, you'd need to get that into
> an internal structure first (more coding), I don't think there is a
> simple API import (without decryption).
> If you manage to successfully built that PKCS12, you'd run into trouble
> for decoding, which probably fails for all known software. They all
> expect to be able to read the private key, when in your case it needs
> saving to a file somewhere for further handling, or for entering that
> second key-specific password.  You'd again have to code your own PKCS12
> unpack program, just for this specific use case.
> I may be wrong but to me it looks doable, just a *lot* of work.
... and that, unfortunately, is about what I concluded as well. Bummer. ;-)

But thanks a lot for your thoughts (also to Jakob and Viktor)! :)

Cheers,
Toby.
--
To the systems programmer, users and applications serve only to provide
a test load.  

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

smime.p7s (8K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Combining certificate and key in PEM format into a P12 file without knowing the key password?

Tobias Dussa (SCC)
In reply to this post by Viktor Dukhovni
Hi,

On Tue, Feb 20, 2018 at 01:27:51PM +0000, Viktor Dukhovni wrote:
> > In the commonly accepted variants of PKCS#12, private key and all the
> > certificates are encrypted with the same password.  PKCS#12 with
> > different password for private key and certificates is not widely
> > supported.
> Do any of the PKCS#12 key derivation functions implement the same
> password -> key algorithm as is used in OpenSSL's PEM password to
> key mapping for private keys?  I suspect that might be another
> problem area.

Uh...  Good point.  Didn't have that on the radar actually.

Thanks!

Cheers,
Toby.
--
We're Germans and we use Unix.  That's a combination of two demographic
groups known to have no sense of humour whatsoever.
                      ---Hanno Mueller in de.comp.os.unix.programming

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

smime.p7s (8K) Download Attachment