how the hell do I use a certificate?!
86 views
Skip to first unread message
adfm
Dec 2, 2009, 12:01:27 PM12/2/09
to Crypto++ Users
OK,
I've been going through cryptopp trying to decrypt a a file and I am
having some trouble right from the start. How fun is this? ;)
I was given a certificate in a pfx file and I extracted the
certificate from it I then proceeded to decrypt the text.
I loaded the certificate's private key like this:
string decoded;
CryptoPP::RSA::PrivateKey private_key;
FileSource file_pk("key.cert", true, new Base64Decoder);
private_key.Load( file_pk );
this fails miserably with a "BER decode error".
Well, I got to openssl and did a openssl asn1parse of the certificate
and it is encoded in PEM (at least it ouputs a ton a things that make
sense).
The certificate is in this form
-----BEGIN CERTIFICATE-----
MIICuzCCAiSg(...)BBQUAMGkxCzAJBgNV
(...)
/9kfj2B6h78n(...)3xJQMApR5yXW0IkEg==
-----END CERTIFICATE-----
So my question is how do I use this certificate in PEM?
Just some dumb doubts:
- Is the certificate the private key?
- In this format do I need to decode in from base64 or will the
decoder do it implicitly?
- Why is this list so quiet? I read someone complaining that posting
here is like discovering an abandoned civilization....
As you might have guesses I've posted a bit in the couple of days to
no avail. Some of this question concerns my previous post, so...
Cheers
I've been going through cryptopp trying to decrypt a a file and I am
having some trouble right from the start. How fun is this? ;)
I was given a certificate in a pfx file and I extracted the
certificate from it I then proceeded to decrypt the text.
I loaded the certificate's private key like this:
string decoded;
CryptoPP::RSA::PrivateKey private_key;
FileSource file_pk("key.cert", true, new Base64Decoder);
private_key.Load( file_pk );
this fails miserably with a "BER decode error".
Well, I got to openssl and did a openssl asn1parse of the certificate
and it is encoded in PEM (at least it ouputs a ton a things that make
sense).
The certificate is in this form
-----BEGIN CERTIFICATE-----
MIICuzCCAiSg(...)BBQUAMGkxCzAJBgNV
(...)
/9kfj2B6h78n(...)3xJQMApR5yXW0IkEg==
-----END CERTIFICATE-----
So my question is how do I use this certificate in PEM?
Just some dumb doubts:
- Is the certificate the private key?
- In this format do I need to decode in from base64 or will the
decoder do it implicitly?
- Why is this list so quiet? I read someone complaining that posting
here is like discovering an abandoned civilization....
As you might have guesses I've posted a bit in the couple of days to
no avail. Some of this question concerns my previous post, so...
Cheers
Mark Jones
Dec 2, 2009, 1:54:10 PM12/2/09
to adfm, Crypto++ Users
I would suggest you get a copy of gpg and use the command line utils to examine the contents of the files. They can dump the packets and other things so you can tell what is in them.
openssl also has a set of tools that deal with this kind of stuff, so you might want to snag a copy of that too.
Once you have some basic knowledge, the rest should be easier. I think most people have avoided answering because you don't seem to have any inkling of what is going on and they fear being sucked into a tar baby.
YMMV
Mark Jones
________________________________________
From: adfm [adfmo...@gmail.com]
Sent: Wednesday, December 02, 2009 11:01 AM
To: Crypto++ Users
Subject: how the hell do I use a certificate?!
--
You received this message because you are subscribed to the "Crypto++ Users" Google Group.
To unsubscribe, send an email to cryptopp-user...@googlegroups.com.
More information about Crypto++ and this group is available at http://www.cryptopp.com.
openssl also has a set of tools that deal with this kind of stuff, so you might want to snag a copy of that too.
Once you have some basic knowledge, the rest should be easier. I think most people have avoided answering because you don't seem to have any inkling of what is going on and they fear being sucked into a tar baby.
YMMV
Mark Jones
________________________________________
From: adfm [adfmo...@gmail.com]
Sent: Wednesday, December 02, 2009 11:01 AM
To: Crypto++ Users
Subject: how the hell do I use a certificate?!
You received this message because you are subscribed to the "Crypto++ Users" Google Group.
To unsubscribe, send an email to cryptopp-user...@googlegroups.com.
More information about Crypto++ and this group is available at http://www.cryptopp.com.
Tin Htun Aung
Dec 2, 2009, 12:38:42 PM12/2/09
to Crypto++ Users
Hi,
I'm also a newbie to crypto++ and c++. I saw ur previous post and
actually I'm also having some problems with RSA encryption with
Base64. My post is sent to moderator and hasn't shown up yet. :P
I don't know it will help you or not but at least you can try.
Instead of loading into RSA::PirvateKey, pls try
RSAES_OAEP_SHA_Decryptor since you're trying to decrypt.
----
----
And then decrypt it
----
AutoSeededRandomPool rng;
String decryptedText;
StringSource( your_cipher_text, true,
new PK_DecryptorFilter( rng, de,
new StringSink( decryptedText )
)
);
----
Hope it helps.
Regards,
Aung
I'm also a newbie to crypto++ and c++. I saw ur previous post and
actually I'm also having some problems with RSA encryption with
Base64. My post is sent to moderator and hasn't shown up yet. :P
I don't know it will help you or not but at least you can try.
Instead of loading into RSA::PirvateKey, pls try
RSAES_OAEP_SHA_Decryptor since you're trying to decrypt.
----
FileSource file_pk("key.cert", true, new Base64Decoder);
RSAES_OAEP_SHA_Decryptor de(file_pk);
----
And then decrypt it
----
AutoSeededRandomPool rng;
String decryptedText;
StringSource( your_cipher_text, true,
new PK_DecryptorFilter( rng, de,
new StringSink( decryptedText )
)
);
----
Hope it helps.
Regards,
Aung
Vadym Fedyukovych
Dec 2, 2009, 5:15:02 PM12/2/09
to adfm, Crypto++ Users
On Wed, Dec 02, 2009 at 09:01:27AM -0800, adfm wrote:
> OK,
>
> I've been going through cryptopp trying to decrypt a a file and I am
> having some trouble right from the start. How fun is this? ;)
>
> I was given a certificate in a pfx file and I extracted the
> certificate from it I then proceeded to decrypt the text.
>
> I loaded the certificate's private key like this:
>
> string decoded;
> CryptoPP::RSA::PrivateKey private_key;
> FileSource file_pk("key.cert", true, new Base64Decoder);
> private_key.Load( file_pk );
>
> this fails miserably with a "BER decode error".
>
> Well, I got to openssl and did a openssl asn1parse of the certificate
> and it is encoded in PEM (at least it ouputs a ton a things that make
> sense).
PEM is not ASN.1 or DER, it's just base64
> OK,
>
> I've been going through cryptopp trying to decrypt a a file and I am
> having some trouble right from the start. How fun is this? ;)
>
> I was given a certificate in a pfx file and I extracted the
> certificate from it I then proceeded to decrypt the text.
>
> I loaded the certificate's private key like this:
>
> string decoded;
> CryptoPP::RSA::PrivateKey private_key;
> FileSource file_pk("key.cert", true, new Base64Decoder);
> private_key.Load( file_pk );
>
> this fails miserably with a "BER decode error".
>
> Well, I got to openssl and did a openssl asn1parse of the certificate
> and it is encoded in PEM (at least it ouputs a ton a things that make
> sense).
> The certificate is in this form
> -----BEGIN CERTIFICATE-----
> MIICuzCCAiSg(...)BBQUAMGkxCzAJBgNV
> (...)
> /9kfj2B6h78n(...)3xJQMApR5yXW0IkEg==
> -----END CERTIFICATE-----
>
> So my question is how do I use this certificate in PEM?
>
> Just some dumb doubts:
> - Is the certificate the private key?
Public key is a part of an X.509 certificate
In case you can see that part,
you might be able to copy it to another file
and load it as a public key
> - In this format do I need to decode in from base64 or will the
> decoder do it implicitly?
> - Why is this list so quiet? I read someone complaining that posting
> here is like discovering an abandoned civilization....
>
> As you might have guesses I've posted a bit in the couple of days to
> no avail. Some of this question concerns my previous post, so...
>
> Cheers
>
adfm
Dec 3, 2009, 5:44:09 AM12/3/09
to Crypto++ Users
First of all,
Thanks for the replies, I know that answering some lame question can
seem like a waste of time but I really appreciate it. As you all
might have guessed I'm completely new to cryptography
Now answering Vadim,
What I did was grab the pfx certificate I was given, opened it, copied
the PEM encodig to a file and saved it.
when I do a "openssl x509 -text -in myfile" it outputs everything it
should output, so there I know it's a "valid" (valid as in I can see
what is inside and it makes sense).
Well, all seems to be in order then, so... do I need to do some
intermediate step after loading the file and before trying to load the
private key?
To Mark and Tin, thanks for your input I really appreciate it!
Cheers to all
André
Thanks for the replies, I know that answering some lame question can
seem like a waste of time but I really appreciate it. As you all
might have guessed I'm completely new to cryptography
Now answering Vadim,
What I did was grab the pfx certificate I was given, opened it, copied
the PEM encodig to a file and saved it.
when I do a "openssl x509 -text -in myfile" it outputs everything it
should output, so there I know it's a "valid" (valid as in I can see
what is inside and it makes sense).
Well, all seems to be in order then, so... do I need to do some
intermediate step after loading the file and before trying to load the
private key?
To Mark and Tin, thanks for your input I really appreciate it!
Cheers to all
André
Vadym Fedyukovych
Dec 3, 2009, 7:32:17 AM12/3/09
to adfm, Crypto++ Users
On Thu, Dec 03, 2009 at 02:44:09AM -0800, adfm wrote:
> First of all,
>
> Thanks for the replies, I know that answering some lame question can
> seem like a waste of time but I really appreciate it. As you all
> might have guessed I'm completely new to cryptography
>
> Now answering Vadim,
>
> What I did was grab the pfx certificate I was given, opened it, copied
> the PEM encodig to a file and saved it.
private key required to decrypt or sign; public key is used to encrypt or verify a signature.
> First of all,
>
> Thanks for the replies, I know that answering some lame question can
> seem like a waste of time but I really appreciate it. As you all
> might have guessed I'm completely new to cryptography
>
> Now answering Vadim,
>
> What I did was grab the pfx certificate I was given, opened it, copied
> the PEM encodig to a file and saved it.
no private key there in X.509 certificate, just a public one.
PKCS-12 structure is a "container" that can hold the private key, as well a X.509 certificate
> when I do a "openssl x509 -text -in myfile" it outputs everything it
> should output, so there I know it's a "valid" (valid as in I can see
> what is inside and it makes sense).
> Well, all seems to be in order then, so... do I need to do some
> intermediate step after loading the file and before trying to load the
> private key?
>
> To Mark and Tin, thanks for your input I really appreciate it!
>
> Cheers to all
adfm
Dec 3, 2009, 8:04:28 AM12/3/09
to Crypto++ Users
It seems that I stepped into a nomenclature land mine ;)
When I open the pkcs12 container with openssl, it asks me for the
import password (that I have) and then for the PEM passphrase.
I talked to the guy that generated the container and certificate and
his question was PEM passphrase? I didn't used that?! I just created
it with the password.
So what I can see from the certificate are some of it's details and
the PEM encoded certficate.
...
Vadim, thanks for taking the time. I really appreciate it!
Cheers
When I open the pkcs12 container with openssl, it asks me for the
import password (that I have) and then for the PEM passphrase.
I talked to the guy that generated the container and certificate and
his question was PEM passphrase? I didn't used that?! I just created
it with the password.
So what I can see from the certificate are some of it's details and
the PEM encoded certficate.
...
Vadim, thanks for taking the time. I really appreciate it!
Cheers
Reply all
Reply to author
Forward
0 new messages