Open PKCS12 file and extract public and private keys

[Nicholas Van Wyen]

.

I'm new to  Crypto++, this group and cryptography in particular. I am trying to open a password protected pkcs12 file, which has the private and public keys. I'd like to extract the public and private keys for signing data with RSA or ECDSA.

For example, I'm trying to figure out the equivalent of the following ...

# export the private key

openssl pkcs12 -in mycerts.pfx -password pass:"${pw}" -nocerts -nodes | openssl rsa > private.key

and ...

# export the public key

openssl pkcs12 -in mycerts.pfx -password pass:"${pw}" -clcerts -nokeys | openssl x509 -pubkey -noout > public.key

finally ...

# sign some data

openssl dgst message.txt > hash.txt

openssl dgst -hex -sign private.key hash.txt

openssl smime -sign -inkey private.key -signer public.key -in message.txt

Any help and/or advice on this would be greatly appreciated, so thank you in advance for taking the time to help me out.

.

[nvanwyen]

I know this isn't Crypto++, but I was able to solve my issue using OpenSSL directly. So for anyone interested you can find working examples of both sign and verify using pkcs12 files at:

p12sign.c   - http://pastebin.com/BjJzeg80

p12verify.c - http://pastebin.com/0fAHq94s

If anyone knows how to do the same thing using Crypto++, I would be very interested (as I would like to use it instead; it's cleaner, easy to understand, fairly well documented, etc...)

[nvanwyen]

Attached

[Jeffrey Walton]

Currently you can't do it with Crypto++. The library lacks the container support (like X.509 and PKCS11).

Maybe Geoff Beier has some ideas. I think he has a working X.509 implementation. He may have something for PKCS11.

I'm also interested in adding support for X.509 and PKCS11, but I don't have a clear design or the spare cycles to implement it.

Jeff