Code signing regression on Fedora 36

[rubenv]

Since upgrading to Fedora 36 I get the following:

Failed to decode private key file: agent/codesigning/authenticode.pvk
40D87CA6D87F0000:error:0480006C:PEM routines:get_name:no start line:crypto/pem/pem_lib.c:763:Expecting: CERTIFICATE
40D87CA6D87F0000:error:0480006C:PEM routines:get_name:no start line:crypto/pem/pem_lib.c:763:Expecting: CERTIFICATE
40D87CA6D87F0000:error:068000A8:asn1 encoding routines:asn1_check_tlen:wrong tag:crypto/asn1/tasn_dec.c:1188:
40D87CA6D87F0000:error:0688010A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:349:Type=X509_CINF
40D87CA6D87F0000:error:0688010A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:685:Field=cert_info, Type=X509
40D87CA6D87F0000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:349:Global default library context, Algorithm (RC4 : 37), Properties (<null>)

osslsigncode 2.3.0, using:
        OpenSSL 3.0.0 7 sep 2021 (Library: OpenSSL 3.0.2 15 Mar 2022)
        libcurl/7.82.0 OpenSSL/3.0.2 zlib/1.2.11 brotli/1.0.9 libidn2/2.3.2 libpsl/0.21.1 (+libidn2/2.3.2) libssh/0.9.6/openssl/zlib nghttp2/1.46.0 OpenLDAP/2.6.1

Worked fine with (Fedora 35):

osslsigncode 2.3.0, using:
        OpenSSL 1.1.1l  FIPS 24 Aug 2021 (Library: OpenSSL 1.1.1n  FIPS 15 Mar 2022)
        libcurl/7.79.1 OpenSSL/1.1.1n-fips zlib/1.2.11 brotli/1.0.9 libidn2/2.3.2 libpsl/0.21.1 (+libidn2/2.3.2) libssh/0.9.6/openssl/zlib nghttp2/1.45.1 OpenLDAP/2.4.59

This is probably not a bug, but I'm afraid I'm not smart enough to understand the error given. Would this be related to the OpenSSL upgrade?

[mtrojnar]

Would this be related to the OpenSSL upgrade?

That would be my guess. Fairly modern versions of OpenSSL no longer support the RC4 encryption/decryption that seems to be used by your authenticode.pvk.

[rubenv]

Figured out I could decode it to a .pem and use that. Good enough!