MatthewMarkgraaff
commented
5 years ago Hi @corymickelson
Firstly, thank you for this library it's been a great help.
Do you have any working examples using a .p12 file?
Closed corymickelson closed 5 years ago
MatthewMarkgraaff
commented
5 years ago Hi @corymickelson
Firstly, thank you for this library it's been a great help.
Do you have any working examples using a .p12 file?
corymickelson
commented
5 years ago Matthew unfortunately I dont have any examples with a .p12 file. You can
however extract the certificates and private key from the p12 file and
build a pkcs7 file from the certificates extracted.
Here's an example of how to add certificates to a pkcs7 file.
openssl crl2pkcs7 -nocrl -certfile certificate.cer -certfile intermediate.cer -out certificate.p7
I have not run any tests with certificates constructed in this manner. Sorry I can't be of more help. I will provide an example in the repo as soon as I can.
On Wed, Jul 17, 2019 at 5:11 AM Matthew Markgraaff notifications@github.com wrote:
Hi @corymickelson https://github.com/corymickelson
Firstly, thank you for this library it's been a great help.
Do you have any working example using a .p12 file?
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/corymickelson/NoPoDoFo/issues/95?email_source=notifications&email_token=AB7QWDTWRDKIS337G47S363P74D6NA5CNFSM4HMHD72KYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD2D7Q7A#issuecomment-512227452, or mute the thread https://github.com/notifications/unsubscribe-auth/AB7QWDUB6XDZVKJ36BZJHP3P74D6NANCNFSM4HMHD72A .
MatthewMarkgraaff
commented
5 years ago Awesome. Thank you for the thorough explanation :) I'll get to this real soon and provide some feedback
MatthewMarkgraaff
commented
5 years ago EDIT
My bad, I didn't open the document with {forUpdate: true}, leaving here for anyone that may have the same issue
END EDIT
Hi @corymickelson I managed to extract the cert and private key as described but am experiencing a issue when actually signing the file. I've spent good amount of time trying to debug but perhaps you could point me in the right direction.
I've followed the example shown in: https://github.com/corymickelson/NoPoDoFo/blob/f0697a4d8aee6f2ea7b8df641f7ba7a013885832/spec/unit/Signer.ts#L25
but am getting the following error:
[1] 13420 segmentation fault node domain/signer.js
The spec runs fine and signs the document correctly in my env but when running in my script I get the above.
Script is setup as follows:
const certAsBuffer = Buffer.from(fs.readFileSync('/Users/matt/development/sign/api/keys/certificate.pem'))
const keyAsBuffer = Buffer.from(fs.readFileSync('/Users/matt/development/sign/api/keys/key.pem'))
signer.loadCertificateAndKey(certAsBuffer, {pKey: keyAsBuffer}, (error, signatureLength) => {
console.log(signatureLength)
if (error) { console.log(error)}
signer.write(signatureLength, (e, d) => {
if (e) {
console.log(e)
}else{
const doc = new nopodofo.Document()
doc.load(signedFilePath, (e)=>{
console.log(e)
console.log(signed.getPage(1).getFields());
})
}
})
})Would you be able to assist? I'd really appreciate it.
corymickelson
commented
5 years ago Thank you Matthew, is there any chance you can share the cert and key, or a cert and key that has been created from the same process? Also which operating system are you working with, linux/mac/windows?
On Thu, Jul 25, 2019 at 1:49 AM Matthew Markgraaff notifications@github.com wrote:
Hi @corymickelson https://github.com/corymickelson I managed to extract the cert and private key as described but am experiencing a issue when actually signing the file. I've spent good amount of time trying to debug but perhaps you could point me in the right direction.
I've followed the example shown in: https://github.com/corymickelson/NoPoDoFo/blob/f0697a4d8aee6f2ea7b8df641f7ba7a013885832/spec/unit/Signer.ts#L25
but am getting the following error: [1] 13420 segmentation fault node domain/signer.js
The spec runs fine and signs the document correctly in my env but when running in my script I get the above.
Script is setup as follows:
const certAsBuffer = Buffer.from(fs.readFileSync('/Users/matt/development/sign/api/keys/certificate.pem')) const keyAsBuffer = Buffer.from(fs.readFileSync('/Users/matt/development/sign/api/keys/key.pem')) signer.loadCertificateAndKey(certAsBuffer, {pKey: keyAsBuffer}, (error, signatureLength) => { console.log(signatureLength) if (error) { console.log(error)} signer.write(signatureLength, (e, d) => { if (e) { console.log(e) }else{ const doc = new nopodofo.Document() doc.load(signedFilePath, (e)=>{ console.log(e) console.log(signed.getPage(1).getFields()); }) } }) })
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/corymickelson/NoPoDoFo/issues/95?email_source=notifications&email_token=AB7QWDTVDMPDAB2NP5UXAILQBFSIHA5CNFSM4HMHD72KYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD2YZ6ZA#issuecomment-514957156, or mute the thread https://github.com/notifications/unsubscribe-auth/AB7QWDUB6HTXL656R6FGHE3QBFSIHANCNFSM4HMHD72A .
MatthewMarkgraaff
commented
5 years ago Hey @corymickelson Sorry for the slow response
I just realised that I didn't use my extracted cert/key - I used your example that's in the repo. I remember trying to use the extracted files but ran into some issues. I'll need to try again with my own cert quite soon so will keep you posted here if I make progress.
The Signer class must be able to handle pkcs7 & private key signing as well as pkcs12 certificates, and finally pkcs7 & private key & certificate chain signing options. A pkcs12 file can be deconstructed to the pkcs7, private key, and certificate chain... Maybe an initial implementation will just add the additional parameter of a certificate chain file and later add the parsing of a pkcs12 file to it's component pieces.