search

PeculiarVentures / PKI.js

PKI.js is a pure JavaScript library implementing the formats that are used in PKI applications (signing, encryption, certificate requests, OCSP and TSP requests/responses). It is built on WebCrypto (Web Cryptography API) and requires no plug-ins.
http://pkijs.org
Other
1.3k stars 204 forks source link

PKCS12 generation - PrivateKey is missing for EC Key Types #267

Closed sureshreddygovindu closed 4 years ago

sureshreddygovindu commented 4 years ago

@YuryStrozhevsky When I use RSAPrivateKey/ECPrivateKey while generation of PKCS12, I see exceptions. my previous ticket linked here https://github.com/PeculiarVentures/PKI.js/issues/262

  1. When I use default PrivateKey/Certificate given in the example, it's working fine, here, they are using PrivateKeyInfo class. https://pkijs.org/examples/PKCS12SimpleExample.html

below is my code snippet.

function passwordPrivacyInternal(password) {
    console.log("**************************")
    //region Initial variables
    var sequence = Promise.resolve();

    var passwordConverted = stringToArrayBuffer(password);
    //endregion

    certificateBASE64 = "MIICljCCAjygAwIBAgIUeSwhSH6YSv4LMGWCh1DLd8n7oIAwCgYIKoZIzj0EAwIwNzE1MDMGA1UEAwwsUUEgT05MWSAtIFhmaW5pdHkgU3Vic2NyaWJlciBJc3N1aW5nIEVDQyBJQ0EwHhcNMjAwNDIwMjAyNTU5WhcNMjAwNDIyMjIyNTU5WjCBpzEVMBMGA1UEBwwMUGhpbGFkZWxwaGlhMQswCQYDVQQIDAJQQTELMAkGA1UEBgwCVVMxHDAaBgNVBAMME0VDQ2RlbW8uY29tY2FzdC5jb20xEDAOBgNVBAsMB1hmaW5pdHkxEDAOBgNVBAoMB0NvbWNhc3QxMjAwBgoJkiaJk/IsZAEBDCIxR1pLUjllc1Z1aVNjc2RURGZpdkNZeHVROWY3SlZyRjVzMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE6dDBAXOEbl0bq+kR3JAex4SKz8gVcMCopLdxaeYFdAPOMTdifQuB1+lSQ6Lyl3Vq8zFrKwW6hU9RQ5gS1tjb66OBtDCBsTAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFMlnXX1YRTAkKnq/IyKK/IBMdkYjMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cDovL29jc3AtcWEueHBraS5pbzAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwHQYDVR0OBBYEFDzZMoW2HJbey4nySp+vDGyreDRGMA4GA1UdDwEB/wQEAwIFoDAKBggqhkjOPQQDAgNIADBFAiEA/hUDUgBJXv6AqmfP2AznmjRq9yyig6ok+CejyvinEqICIGD16qHDv131YVRjPcCe5w/P2hgGkbdeUMhj2Gf4f5A8";

    privateKeyBASE64 = "MHcCAQEEIHlY0FBpEKL+EVEdkDk9x0OxTEO8HJrPxH2ALoB5+xDIoAoGCCqGSM49AwEHoUQDQgAE6dDBAXOEbl0bq+kR3JAex4SKz8gVcMCopLdxaeYFdAPOMTdifQuB1+lSQ6Lyl3Vq8zFrKwW6hU9RQ5gS1tjb6w==";

    //region Create simplified structires for certificate and private key
    var asn1 = fromBER(stringToArrayBuffer(fromBase64(certificateBASE64)));
    var certSimpl = new Certificate({ schema: asn1.result });

    asn1 = fromBER(stringToArrayBuffer(fromBase64(privateKeyBASE64)));
    var pkcs8Simpl = new ECPrivateKey({ schema: asn1.result });
    //endregion

    console.log(pkcs8Simpl)
    //region Put initial values for PKCS#12 structures
    //region Put initial values for PKCS#12 structures
    var pkcs12 = new PFX({
        parsedValue: {
            integrityMode: 0, // Password-Based Integrity Mode
            authenticatedSafe: new AuthenticatedSafe({
                parsedValue: {
                    safeContents: [{
                        privacyMode: 1, // Password-Based Privacy Protection Mode
                        value: new SafeContents({
                            safeBags: [new SafeBag({
                                bagId: "1.2.840.113549.1.12.10.1.1",
                                bagValue: pkcs8Simpl
                            }), new SafeBag({
                                bagId: "1.2.840.113549.1.12.10.1.3",
                                bagValue: new CertBag({
                                    parsedValue: certSimpl
                                })
                            })]
                        })
                    }]
                }
            })
        }
    });
    //endregion

    //region Encode internal values for all "SafeContents" firts (create all "Privacy Protection" envelopes)
    sequence = sequence.then(() => pkcs12.parsedValue.authenticatedSafe.makeInternalValues({
        safeContents: [{
            password: passwordConverted,
            contentEncryptionAlgorithm: {
                name: "AES-CBC",
                length: 128
            },
            hmacHashAlgorithm: "SHA-256",
            iterationCount: 2048
        }]
    }));
    //endregion

    //region Encode internal values for "Integrity Protection" envelope
    sequence = sequence.then(() => pkcs12.makeInternalValues({
        password: passwordConverted,
        iterations: 100000,
        pbkdf2HashAlgorithm: "SHA-256", // Least two parameters are equal because at the moment it is not clear how to use PBMAC1 schema with PKCS#12 integrity protection
        hmacHashAlgorithm: "SHA-256"
    }));
    //endregion

    //region Save encoded data
    sequence = sequence.then(() => pkcs12.toSchema().toBER(false));
    //endregion

    return sequence;
}```
sureshreddygovindu commented 4 years ago

Can you please help me why I unable generate PKCS12 when I use ECPrivateKey type. If I use PrivateKeyInfo class, mentioned exception Object's schema was not verified against input data for PrivateKeyInfo

YuryStrozhevsky commented 4 years ago

@sureshreddygovindu Stop spamming issues and debug your code yourself.