PKI.js is a pure JavaScript library implementing the formats that are used in PKI applications (signing, encryption, certificate requests, OCSP and TSP requests/responses). It is built on WebCrypto (Web Cryptography API) and requires no plug-ins.
I need to check the pfx/p12 certificate integrity by testing if the password is correct or not, to do this I wrote the function checkDecryptCertificateStatusPkijs (see the code below), the problem is that with the certificate in attachment and his correct password (foo123) this function fails (also your official example https://pkijs.org/examples/PKCS12SimpleExample/PKCS12SimpleExample.html fails) but I can ensure that the password is correct, in fact if I use node-forge for example the test pass (see checkDecryptCertificateStatusForge in the code below).
I need to check the pfx/p12 certificate integrity by testing if the password is correct or not, to do this I wrote the function checkDecryptCertificateStatusPkijs (see the code below), the problem is that with the certificate in attachment and his correct password (foo123) this function fails (also your official example https://pkijs.org/examples/PKCS12SimpleExample/PKCS12SimpleExample.html fails) but I can ensure that the password is correct, in fact if I use node-forge for example the test pass (see checkDecryptCertificateStatusForge in the code below).
certificate_pwd_foo123.p12.zip
export type DecryptCertificateStatus = | 'ok' | 'invalidPassword' | 'invalidFormat'
export const checkDecryptCertificateStatusPkijs = async ( file: File, password?: string ): Promise => {
try {
debugger
const p12 = pkijs.PFX.fromBER(await readFileContentArrayBuffer(file))
if (password) {
try {
await p12.parseInternalValues({
checkIntegrity: true,
password: Buffer.from(password, 'binary'),
})
return 'ok'
} catch (error) {
return 'invalidPassword'
}
}
return 'ok'
} catch (error) {
return 'invalidFormat'
}
}
export const checkDecryptCertificateStatusForge = async ( file: File, password?: string ): Promise => {
try {
const p12Asn1 = forge.asn1.fromDer(
new forge.util.ByteStringBuffer(await file.arrayBuffer())
)
try {
forge.pkcs12.pkcs12FromAsn1(p12Asn1, false, password)
return 'ok'
} catch (error) {
return /Invalid password/i.test(error as string)
? 'invalidPassword'
: 'invalidFormat'
}
} catch (error) {
return 'invalidFormat'
}
}