Post

Replies

Boosts

Views

Activity

Reply to SecPKCS12Import is failing
Still failing used the apple development certificate(from keychain access) my code. the certificate is protected with alogs: pbeWithSHA1And3-KeyTripleDES-CBC pbeWithSHA1And40BitRC2-CBC in openssl PKCS12_create used the above algos for creating PKCS12. which is further passed to SecPKCS12Import attaching my code below: BIO* createPKCS12fromPKCS12(const unsigned char* data, long dataLength, char* originalPassphrase, char* newPassphrase) { OSSL_PROVIDER legacy = OSSL_PROVIDER_try_load(NULL, "legacy", 1); OSSL_PROVIDER defaultProvider = OSSL_PROVIDER_try_load(NULL, "default", 1); int nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; int nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC; BIO bp = BIO_new_mem_buf(data, (int)dataLength); PKCS12 originalPKCS12 = NULL; d2i_PKCS12_bio(bp, &originalPKCS12); BIO_free(bp); EVP_PKEY* privateKey; X509* x509; STACK_OF(X509)* caChain = NULL; PKCS12_parse(originalPKCS12, originalPassphrase, &privateKey, &x509, &caChain); PKCS12_free(originalPKCS12); //  printf("%d", nid_key); //  printf("%d", nid_cert); PKCS12* newPKCS12 = PKCS12_create(newPassphrase, "SAP Identity", privateKey, x509, caChain, nid_key, nid_cert, 0,\ PKCS12_DEFAULT_ITER, 0); unsigned long a = ERR_get_error(); printf("%lu", a); EVP_PKEY_free(privateKey); X509_free(x509); sk_X509_free(caChain); BIO* mem = NULL; int verify = PKCS12_verify_mac(newPKCS12, newPassphrase, 0); printf("%d", verify); if (newPKCS12 != NULL) { mem = BIO_new(BIO_s_mem()); i2d_PKCS12_bio(mem, newPKCS12); PKCS12_free(newPKCS12); } return mem; }\ public func obtainUserIdentity(completionHandler: @escaping (Data?, Error?) -> Void) {     logger.debug("Called: obtainUserIdentity(completionHandler:)") let data = try Data(contentsOf: fileURL) // fileurl i spath of p12 file \     guard let pkcs12Data = OpenSSLHelperProxy.shared.createPKCS12fromPKCS12Data(data, passp\hraseOriginal: passphrase, passphraseNew: "") else { logger.error("Create PKCS #12 from PKCS #12 data failed") completionHandler(nil, IdentityError.failedToCreateIdentity) return } completionHandler(pkcs12Data, nil) } \ -(NSData* _Nullable)createPKCS12fromPKCS12Data:(NSData* _Nonnull)PKCS12Data passphraseOriginal:(NSString* _Nonnull)passphraseOriginal passphraseNew:(NSString* _Nonnull)passphraseNew {/   BIO* mem = createPKCS12fromPKCS12([PKCS12Data bytes], [PKCS12Data length], (char*)[passphraseOriginal UTF8String], (char*)[passphraseNew UTF8String]);/   NSData* data = [OpenSSLHelperProxy NSDataFromBIO:mem];/   return data;/ }/ / +(NSData*)NSDataFromBIO:(BIO*)mem {/   NSData* data = nil;/   if (mem != NULL) {/     char* ptr = NULL;/     /     size_t size = BIO_get_mem_data(mem, &ptr);/     data = [NSData dataWithBytes:ptr length:size];/     BIO_free(mem);/   }/   return data;/ }/ / this Data is sent to SecPKCS12Import(pkcs12Data as CFData, query as CFDictionary, &items) which isthrowingg error
Topic: Privacy & Security SubTopic: General Tags:
Jan ’23
Reply to SecPKCS12Import is failing
As per your suggestion, I did compare the certificate data. I used an apple developer certificate taken from keychain access. I passed this certificate to my code and then created a new one using PKCS12_create API of OpenSSL(check project https://github.com/NamrataKSAP/PKCS12TestApp) I printed the certificate data/info in the console using code. The SecPKCS12Import works for the same certificate if using OpenSSL version 1. but fails with OpenSSL version 3. Attaching two files certificate info with OpenSSL 1. certificate info with OpenSSL 3 certificate info fetch in terminal with OpenSSL 3 certificateOpensslV1.txt certificateOpensslV3.txt certificateInfoFromTerminal.txt I find both similar. Code to print certificate info: PKCS12* newPKCS12 = PKCS12_create(newPassphrase, "SAP Identity", privateKey, x509, caChain, 0, 0, 0, 0, 0); X509* x509crt; STACK_OF(X509)* caChainw = NULL; EVP_PKEY* privateKeyr; int parse = PKCS12_parse(newPKCS12, newPassphrase, &privateKeyr, &x509crt, &caChainw); BIO* mem = BIO_new(BIO_s_mem()); BIO_printf(mem2, "\n"); NSData* data = [OpenSSLHelperProxy NSDataFromBIO:mem];\ let certificateStr = String(data: data, encoding: .utf8) print("certificate info\n\n", certificateStr)
Topic: Privacy & Security SubTopic: General Tags:
Jan ’23
Reply to Failing SecPKCS12Import API after update in openssl 3.x
The solution provided by the above thread (https://developer.apple.com/forums/thread/697030?login=true#:~:text=Thanks%20to%20Quinn,be%20Apple%2Dcompatible) is not working for me. java version "1.8.0_341" Java(TM) SE Runtime Environment (build 1.8.0_341-b10) Java HotSpot(TM) 64-Bit Server VM (build 25.341-b10, mixed mode) macos 13.0.1
Topic: Privacy & Security SubTopic: General Tags:
Replies
Boosts
Views
Activity
Dec ’22
Reply to Failing SecPKCS12Import API after update in openssl 3.x
any suggestions here?
Topic: Privacy & Security SubTopic: General Tags:
Replies
Boosts
Views
Activity
Jan ’23
Reply to SecPKCS12Import is failing
Still failing used the apple development certificate(from keychain access) my code. the certificate is protected with alogs: pbeWithSHA1And3-KeyTripleDES-CBC pbeWithSHA1And40BitRC2-CBC in openssl PKCS12_create used the above algos for creating PKCS12. which is further passed to SecPKCS12Import attaching my code below: BIO* createPKCS12fromPKCS12(const unsigned char* data, long dataLength, char* originalPassphrase, char* newPassphrase) { OSSL_PROVIDER legacy = OSSL_PROVIDER_try_load(NULL, "legacy", 1); OSSL_PROVIDER defaultProvider = OSSL_PROVIDER_try_load(NULL, "default", 1); int nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; int nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC; BIO bp = BIO_new_mem_buf(data, (int)dataLength); PKCS12 originalPKCS12 = NULL; d2i_PKCS12_bio(bp, &originalPKCS12); BIO_free(bp); EVP_PKEY* privateKey; X509* x509; STACK_OF(X509)* caChain = NULL; PKCS12_parse(originalPKCS12, originalPassphrase, &privateKey, &x509, &caChain); PKCS12_free(originalPKCS12); //  printf("%d", nid_key); //  printf("%d", nid_cert); PKCS12* newPKCS12 = PKCS12_create(newPassphrase, "SAP Identity", privateKey, x509, caChain, nid_key, nid_cert, 0,\ PKCS12_DEFAULT_ITER, 0); unsigned long a = ERR_get_error(); printf("%lu", a); EVP_PKEY_free(privateKey); X509_free(x509); sk_X509_free(caChain); BIO* mem = NULL; int verify = PKCS12_verify_mac(newPKCS12, newPassphrase, 0); printf("%d", verify); if (newPKCS12 != NULL) { mem = BIO_new(BIO_s_mem()); i2d_PKCS12_bio(mem, newPKCS12); PKCS12_free(newPKCS12); } return mem; }\ public func obtainUserIdentity(completionHandler: @escaping (Data?, Error?) -> Void) {     logger.debug("Called: obtainUserIdentity(completionHandler:)") let data = try Data(contentsOf: fileURL) // fileurl i spath of p12 file \     guard let pkcs12Data = OpenSSLHelperProxy.shared.createPKCS12fromPKCS12Data(data, passp\hraseOriginal: passphrase, passphraseNew: "") else { logger.error("Create PKCS #12 from PKCS #12 data failed") completionHandler(nil, IdentityError.failedToCreateIdentity) return } completionHandler(pkcs12Data, nil) } \ -(NSData* _Nullable)createPKCS12fromPKCS12Data:(NSData* _Nonnull)PKCS12Data passphraseOriginal:(NSString* _Nonnull)passphraseOriginal passphraseNew:(NSString* _Nonnull)passphraseNew {/   BIO* mem = createPKCS12fromPKCS12([PKCS12Data bytes], [PKCS12Data length], (char*)[passphraseOriginal UTF8String], (char*)[passphraseNew UTF8String]);/   NSData* data = [OpenSSLHelperProxy NSDataFromBIO:mem];/   return data;/ }/ / +(NSData*)NSDataFromBIO:(BIO*)mem {/   NSData* data = nil;/   if (mem != NULL) {/     char* ptr = NULL;/     /     size_t size = BIO_get_mem_data(mem, &ptr);/     data = [NSData dataWithBytes:ptr length:size];/     BIO_free(mem);/   }/   return data;/ }/ / this Data is sent to SecPKCS12Import(pkcs12Data as CFData, query as CFDictionary, &items) which isthrowingg error
Topic: Privacy & Security SubTopic: General Tags:
Replies
Boosts
Views
Activity
Jan ’23
Reply to SecPKCS12Import is failing
hi, sharing a project to reproduce the issue: https://github.com/NamrataKSAP/PKCS12TestApp check the console log for error
Topic: Privacy & Security SubTopic: General Tags:
Replies
Boosts
Views
Activity
Jan ’23
Reply to SecPKCS12Import is failing
As per your suggestion, I did compare the certificate data. I used an apple developer certificate taken from keychain access. I passed this certificate to my code and then created a new one using PKCS12_create API of OpenSSL(check project https://github.com/NamrataKSAP/PKCS12TestApp) I printed the certificate data/info in the console using code. The SecPKCS12Import works for the same certificate if using OpenSSL version 1. but fails with OpenSSL version 3. Attaching two files certificate info with OpenSSL 1. certificate info with OpenSSL 3 certificate info fetch in terminal with OpenSSL 3 certificateOpensslV1.txt certificateOpensslV3.txt certificateInfoFromTerminal.txt I find both similar. Code to print certificate info: PKCS12* newPKCS12 = PKCS12_create(newPassphrase, "SAP Identity", privateKey, x509, caChain, 0, 0, 0, 0, 0); X509* x509crt; STACK_OF(X509)* caChainw = NULL; EVP_PKEY* privateKeyr; int parse = PKCS12_parse(newPKCS12, newPassphrase, &privateKeyr, &x509crt, &caChainw); BIO* mem = BIO_new(BIO_s_mem()); BIO_printf(mem2, "\n"); NSData* data = [OpenSSLHelperProxy NSDataFromBIO:mem];\ let certificateStr = String(data: data, encoding: .utf8) print("certificate info\n\n", certificateStr)
Topic: Privacy & Security SubTopic: General Tags:
Replies
Boosts
Views
Activity
Jan ’23
Reply to SecPKCS12Import is failing
Sharing the hex dump. I suppose this is what you want. Also, you can find the certificate and the password in git project itself. Password: 12345678 hexDump.txt
Topic: Privacy & Security SubTopic: General Tags:
Replies
Boosts
Views
Activity
Jan ’23
Reply to SecPKCS12Import is failing
Thanks, @tejas22192 I will check this on my side
Topic: Privacy & Security SubTopic: General Tags:
Replies
Boosts
Views
Activity
Mar ’23
Reply to SecPKCS12Import is failing
Big Thanks @tejas22192 your solution works for me
Topic: Privacy & Security SubTopic: General Tags:
Replies
Boosts
Views
Activity
May ’23