Open KaffeeJunky opened 4 years ago
des isn't supported here, you can convert it to aes with the openssl command openssl rsa -aes256 -in old.pem -out new.pem
or omit the -aes256
to just strip the password since the actual protections offered by the basic key encryption isn't great
oh boy.. unfortunately my ASN1 export is the following:
0:d=0 hl=4 l=1308 cons: SEQUENCE
4:d=1 hl=2 l= 78 cons: SEQUENCE
6:d=2 hl=2 l= 9 prim: OBJECT :PBES2
17:d=2 hl=2 l= 65 cons: SEQUENCE
19:d=3 hl=2 l= 41 cons: SEQUENCE
21:d=4 hl=2 l= 9 prim: OBJECT :PBKDF2
32:d=4 hl=2 l= 28 cons: SEQUENCE
34:d=5 hl=2 l= 8 prim: OCTET STRING
44:d=5 hl=2 l= 2 prim: INTEGER :0800
48:d=5 hl=2 l= 12 cons: SEQUENCE
50:d=6 hl=2 l= 8 prim: OBJECT :hmacWithSHA256
60:d=6 hl=2 l= 0 prim: NULL
62:d=3 hl=2 l= 20 cons: SEQUENCE
64:d=4 hl=2 l= 8 prim: OBJECT :des-ede3-cbc
74:d=4 hl=2 l= 8 prim: OCTET STRING
84:d=1 hl=4 l=1224 prim: OCTET STRING
openssl rsa-aes256 -in old.pem -out new.pem
did not work because it is not an RSA-Key. It's RSA with PSS padding. Got the following error:
140077085471872:error:0607907F:digital envelope routines:EVP_PKEY_get0_RSA:expecting an rsa key:../crypto/evp/p_lib.c:469:
i used openssl pkey -in oldkey.pem -out newkey.pem
to decrypt it using the passphrase.
But i get the following error at signature creating:
unknown key id 1.2.840.113549.1.1.10
Do you have another tip for me? Unfortunately im not that deep into encryption/certificates/signatures ... which i kind of regret right now :D
oh man, this library isn't going to the like that key type either, you might be better off with just using direct browser crypto https://github.com/diafygi/webcrypto-examples/#rsa-pss
On Tue, Jun 16, 2020 at 12:15 PM KaffeeJunky notifications@github.com wrote:
oh boy.. unfortunately my ASN1 export is the following:
0:d=0 hl=4 l=1308 cons: SEQUENCE 4:d=1 hl=2 l= 78 cons: SEQUENCE 6:d=2 hl=2 l= 9 prim: OBJECT :PBES2 17:d=2 hl=2 l= 65 cons: SEQUENCE 19:d=3 hl=2 l= 41 cons: SEQUENCE 21:d=4 hl=2 l= 9 prim: OBJECT :PBKDF2 32:d=4 hl=2 l= 28 cons: SEQUENCE 34:d=5 hl=2 l= 8 prim: OCTET STRING 44:d=5 hl=2 l= 2 prim: INTEGER :0800 48:d=5 hl=2 l= 12 cons: SEQUENCE 50:d=6 hl=2 l= 8 prim: OBJECT :hmacWithSHA256 60:d=6 hl=2 l= 0 prim: NULL 62:d=3 hl=2 l= 20 cons: SEQUENCE 64:d=4 hl=2 l= 8 prim: OBJECT :des-ede3-cbc 74:d=4 hl=2 l= 8 prim: OCTET STRING 84:d=1 hl=4 l=1224 prim: OCTET STRING
openssl rsa-aes256 -in old.pem -out new.pem did not work because it is not an RSA-Key. It's RSA with PSS padding. Got the following error: 140077085471872:error:0607907F:digital envelope routines:EVP_PKEY_get0_RSA:expecting an rsa key:../crypto/evp/p_lib.c:469:
i used openssl pkey -in oldkey.pem -out newkey.pem to decrypt it using the passphrase. But i get the following error at signature creating:
unknown key id 1.2.840.113549.1.1.10
Do you have another tip for me? Unfortunately im not that deep into encryption/certificates/signatures ... which i kind of regret right now :D
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/crypto-browserify/crypto-browserify/issues/191#issuecomment-644864839, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAITRH75L2PFVGQWSVYNZ6LRW6LD5ANCNFSM4N7PHYBQ .
-- -Calvin W. Metcalf
Hi there!
i'm currently having an issue with my ede3-cbc encrypted private key and signature creation. i use the crypto modules to sign a string - this is being used in a node environment and working perfectly fine. Unfortunately i cannot use the nodeJS environment for a specific call in a seperate system. So i need to use the browserified-version of it.
Unfortunately this is always ending in the following error: algo is undefined
This is the part where the error occurs:
the array aesid holds the following values
aes{"2.16.840.1.101.3.4.1.1":"aes-128-ecb","2.16.840.1.101.3.4.1.2":"aes-128-cbc","2.16.840.1.101.3.4.1.3":"aes-128-ofb","2.16.840.1.101.3.4.1.4":"aes-128-cfb","2.16.840.1.101.3.4.1.21":"aes-192-ecb","2.16.840.1.101.3.4.1.22":"aes-192-cbc","2.16.840.1.101.3.4.1.23":"aes-192-ofb","2.16.840.1.101.3.4.1.24":"aes-192-cfb","2.16.840.1.101.3.4.1.41":"aes-256-ecb","2.16.840.1.101.3.4.1.42":"aes-256-cbc","2.16.840.1.101.3.4.1.43":"aes-256-ofb","2.16.840.1.101.3.4.1.44":"aes-256-cfb"}
which means my algorithm 1.2.840.113549.3.7 is not available.
Is this even supported? Or am i doing something horribly wrong? :D
The code i use for creation is:
thanks in advance!
Best regards Pascal