Bag Attributes Ignored - Openssl

This is a discussion on Bag Attributes Ignored - Openssl ; Hello to all, I've been trying to add bag attributes to a PKCS12 certificate using openssl pkcs12 command (eg, openssl pkcs12 -export -in cert1.pem -CSP "..." -LMK -out cert1.p12). All my attempts were unsuccessful. I've got openssl 0.9.8e patched and ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Bag Attributes Ignored

  1. Bag Attributes Ignored


    Hello to all,

    I've been trying to add bag attributes to a PKCS12 certificate using openssl pkcs12 command (eg, openssl pkcs12 -export -in cert1.pem -CSP "..." -LMK -out cert1.p12).
    All my attempts were unsuccessful. I've got openssl 0.9.8e patched and no errors during compiling/building (using mingw).

    This is the patch I've applied:

    http://www.cs.bham.ac.uk/~smp/resour...9.8e-patch.txt

    I've updated obj_dat.h and related files.

    Everything is fine here.

    Then, I generate a PKCS12 file. No problems here.

    However, when I type in the following command:
    openssl pkcs12 -in cert1.p12 -info

    only CSP name bag attribute is shown. No LocalKeySet bag attribute. It's like it's being ignored by OpenSSL. I try to generate an PEAP certificate.

    If anyone can help me out here I'd be very much grateful.

    I look forward to hearing from you soon.

    Sergio.
    __________________________________________________ _______________
    Be part of history. Take part in Australia's first e-mail archive with Email Australia.
    http://emailaustralia.ninemsn.com.au

  2. Re: Bag Attributes Ignored

    On Thu, Jun 26, 2008, Hacker SF wrote:

    >
    > Hello to all,
    >
    > I've been trying to add bag attributes to a PKCS12 certificate using openssl pkcs12 command (eg, openssl pkcs12 -export -in cert1.pem -CSP "..." -LMK -out cert1.p12).
    > All my attempts were unsuccessful. I've got openssl 0.9.8e patched and no errors during compiling/building (using mingw).
    >
    > This is the patch I've applied:
    >
    > http://www.cs.bham.ac.uk/~smp/resour...9.8e-patch.txt
    >
    > I've updated obj_dat.h and related files.
    >
    > Everything is fine here.
    >
    > Then, I generate a PKCS12 file. No problems here.
    >
    > However, when I type in the following command:
    > openssl pkcs12 -in cert1.p12 -info
    >
    > only CSP name bag attribute is shown. No LocalKeySet bag attribute. It's like it's being ignored by OpenSSL. I try to generate an PEAP certificate.
    >
    > If anyone can help me out here I'd be very much grateful.
    >
    > I look forward to hearing from you soon.
    >


    The patch is incomplete. Some additional code is needed in PKCS12_create() to
    handle this attribute correctly.

    Does anyone have any documentation or samples PKCS#12 files (not important
    private keys!) that include this attribute? If so I'll look into adding
    support in future OpenSSL releases. What I've seen suggests the patch doesn't
    quite match the MS version.

    Steve.
    --
    Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
    OpenSSL project core developer and freelance consultant.
    Homepage: http://www.drh-consultancy.demon.co.uk
    __________________________________________________ ____________________
    OpenSSL Project http://www.openssl.org
    User Support Mailing List openssl-users@openssl.org
    Automated List Manager majordomo@openssl.org


+ Reply to Thread