Which algorithms are need for PKCS12_parse?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Which algorithms are need for PKCS12_parse?

Chris-35
I'm trying to use PKCS12_parse and it's failing with:

error:06074079:digital envelope routines:EVP_PBE_CipherInit:unknown pbe algorithm
error:23077073:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 algor cipherinit error
error:2306A075:PKCS12 routines:PKCS12_decrypt_d2i:pkcs12 pbe crypt error
error:23076072:PKCS12 routines:PKCS12_parse:parse error

This is a PKCS#12 container I created with OpenSSL 0.9.7 using whatever default algorithms it uses (the manual says RC2-40 and 3DES but I have added those without luck).

Now, I am manually adding the algorithms and I absolutely do not want to use any sort of "all_all_algorithms" function because that makes my final application way too large (I'm statically linking to OpenSSL).   It does actually work if I add all algorithms but as I said I do not want to do that.

I have tried adding all this:

   EVP_add_cipher(EVP_des_ede());
   EVP_add_cipher(EVP_des_ede3());
   EVP_add_cipher(EVP_des_ede_ecb());
   EVP_add_cipher(EVP_des_ede3_ecb());
   EVP_add_cipher(EVP_des_cfb64());
   EVP_add_cipher(EVP_des_cfb1());
   EVP_add_cipher(EVP_des_cfb8());
   EVP_add_cipher(EVP_des_ede_cfb64());
   EVP_add_cipher(EVP_des_ede3_cfb64());
   EVP_add_cipher(EVP_des_ede3_cfb1());
   EVP_add_cipher(EVP_des_ede3_cfb8());
   EVP_add_cipher(EVP_des_ofb());
   EVP_add_cipher(EVP_des_ede_ofb());
   EVP_add_cipher(EVP_des_ede3_ofb());
   EVP_add_cipher(EVP_des_ede_cbc());
   EVP_add_cipher(EVP_des_ede3_cbc());
   EVP_add_cipher(EVP_desx_cbc());

   EVP_add_cipher(EVP_rc2_ecb());
   EVP_add_cipher(EVP_rc2_cbc());
   EVP_add_cipher(EVP_rc2_40_cbc());
   EVP_add_cipher(EVP_rc2_64_cbc());
   EVP_add_cipher(EVP_rc2_cfb64());
   EVP_add_cipher(EVP_rc2_ofb());

   EVP_add_cipher(EVP_rc4());
   EVP_add_cipher(EVP_rc4_40());

   EVP_add_cipher(EVP_des_ecb());
   EVP_add_cipher(EVP_des_cbc());
   EVP_add_cipher(EVP_aes_256_ecb());
   EVP_add_cipher(EVP_aes_256_cbc());
   EVP_add_digest(EVP_md5());
   EVP_add_digest(EVP_sha1());

No luck... I wish the error messages would tell me _which_ algorithm is missing.  ?  When searching for other people having this problem the answer is always "add all algorithms".

Thanks for any help.

--
// Chris
Reply | Threaded
Open this post in threaded view
|

Re: Which algorithms are need for PKCS12_parse?

Dr. Stephen Henson
On Thu, Feb 16, 2006, Chris wrote:

> error:06074079:digital envelope routines:EVP_PBE_CipherInit:unknown pbe
> algorithm
> error:23077073:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 algor cipherinit
> error
> error:2306A075:PKCS12 routines:PKCS12_decrypt_d2i:pkcs12 pbe crypt error
> error:23076072:PKCS12 routines:PKCS12_parse:parse error
>
[snip]
>
> No luck... I wish the error messages would tell me _which_ algorithm is
> missing.  ?  When searching for other people having this problem the answer
> is always "add all algorithms".
>

Its a password based encryption (PBE) algorithm. Probably 40 bit RC2 and/or
3DES using the PKCS#12 key derivation algorihtm.

Try calling PKCS12_PBE_add().

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Which algorithms are need for PKCS12_parse?

Chris-35
On 2/16/06, Dr. Stephen Henson <[hidden email]> wrote:
Its a password based encryption (PBE) algorithm. Probably 40 bit RC2 and/or
3DES using the PKCS#12 key derivation algorihtm.

Try calling PKCS12_PBE_add().

Steve.

Thanks!   That did the trick.  I wish all these "_add()" functions were listed somewhere or at least listed in the relevant sections of the documentation.  I spent much time looking through evp.h and other headers trying to find something that made sense and the whole time all I needed was PKCS12_PBE_add().

Thanks again!

--
// Chris
Reply | Threaded
Open this post in threaded view
|

Re: Which algorithms are need for PKCS12_parse?

Dr. Stephen Henson
On Thu, Feb 16, 2006, Chris wrote:

> On 2/16/06, Dr. Stephen Henson <[hidden email]> wrote:
>
> > Its a password based encryption (PBE) algorithm. Probably 40 bit RC2
> > and/or
> > 3DES using the PKCS#12 key derivation algorihtm.
> >
> > Try calling PKCS12_PBE_add().
> >
> > Steve.
>
>
> Thanks!   That did the trick.  I wish all these "_add()" functions were
> listed somewhere or at least listed in the relevant sections of the
> documentation.  I spent much time looking through evp.h and other headers
> trying to find something that made sense and the whole time all I needed was
> PKCS12_PBE_add().
>

It is documented in doc/openssl.txt and that file is referred to in the FAQ...

http://www.openssl.org/support/faq.html#MISC2

At some point I'll tidy that up and place it in an appropriate manual page or
better still tidy up the PBE API and document the tidied version...

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Which algorithms are need for PKCS12_parse?

Chris-35
On 2/16/06, Dr. Stephen Henson <[hidden email]> wrote:
On Thu, Feb 16, 2006, Chris wrote:
It is documented in doc/openssl.txt and that file is referred to in the FAQ...

http://www.openssl.org/support/faq.html#MISC2

At some point I'll tidy that up and place it in an appropriate manual page or
better still tidy up the PBE API and document the tidied version...

Steve.


Ah, OK I'll have to widen my documentation search next time.   There are so many documents it's hard to know where to look.  I was reading the manual pages at openssl.org/docs/...  Heh, sometimes I think I spend more time trying to find OpenSSL documentation than actually developing.  ;)

Thanks!

--
// Chris