kjur
commented
2 years ago I've took a look both keys and found a difference.
- notworking
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER pkcs5PBES2 (1 2 840 113549 1 5 13)
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER pkcs5PBKDF2 (1 2 840 113549 1 5 12)
SEQUENCE {
OCTET STRING 7A 3D 16 BA 8D 94 ED E5
INTEGER 2048
SEQUENCE { <<<<<<<< DIFFERENCE
OBJECT IDENTIFIER hmacWithSHA256 (1 2 840 113549 2 9) <<<<<<<< DIFFERENCE
NULL <<<<<<<< DIFFERENCE
} <<<<<<<<<< DIFFERENCE
}
}
SEQUENCE {
OBJECT IDENTIFIER des-EDE3-CBC (1 2 840 113549 3 7)
OCTET STRING 9E ED E7 23 DA DD 65 E7
}
}
}- working
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER pkcs5PBES2 (1 2 840 113549 1 5 13)
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER pkcs5PBKDF2 (1 2 840 113549 1 5 12)
SEQUENCE {
OCTET STRING 4D AC 80 BC A0 FC 48 0A
INTEGER 2048
}
}
SEQUENCE {
OBJECT IDENTIFIER des-EDE3-CBC (1 2 840 113549 3 7)
OCTET STRING EF FD DA E8 37 E3 15 EA
}
}
}"notworking.pem" uses hmacWithSHA256. jsrsasign doesn't support such key yet and there is no plan to support it. Thank you for understanding.
rtrap95
Hello, I encountered this assertion but I cannot find why it is throw:
Description
Get the key from a specific .pem file with format PKCS8 throw me this error. I have older file (always PKCS8 format) that are working without problem, and to me they seems both correct. Infact I could get the key from the one that is not working with the library, with the cli tool "openssl" installed on Mac. What I am missing?
To Reproduce
I added a small repo with a working pem and one that give me some problem: https://github.com/rtrap95/jsrsasign-pem-example
As far as I know certificates are generated with a PHP library (the only thing changed from the one working and the one not working is the php version from 7.3 to 7.4)
Thanks for any help!