[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [iaik-jce] Problems reading .pfx file written by IE5



You are obviously using a IAIK JCE version prior to 2.5 and should
upgrade. PKCS#12 support in old versions is known to be limited.

Note that we cannot support Entrust software and I highly recommend
against using the original IAIK classes and Entrust Java Toolkit at the
same time as this might cause unexpected problems due to versioning
conflicts like the one you describe.

  Andreas Sterbenz              mailto:Andreas.Sterbenz@iaik.at

-----Ursprüngliche Nachricht-----
Von: <Richard.Barnett@dresdnerkb.com>
An: <iaik-jce@iaik.tu-graz.ac.at>
Gesendet: Montag, 06. Dezember 1999 19:46
Betreff: [iaik-jce] Problems reading .pfx file written by IE5


> I'm trying to implement a ClientTrustDecider, but I'm unable to read
the
> certificate I exported from IE5.
>
> When I use this code (wrapped in an appropriate try/catch):
>
>             MicrosoftP12 mp12 = new MicrosoftP12(new
> FileInputStream("RichardBarnett.pfx"));
>             System.out.println(mp12);
>             String pwd = new String("***");
>             file://System.out.println("verify: " +
> mp12.verify(pwd.toCharArray()));
>             mp12.decrypt(pwd);
>             System.out.println(mp12);
>             _privateKey = mp12.getPrivateKey();
>             _cert = mp12.getCertificateChain();
>
> I get the following output:
>
>     Microsoft PKCS#12 object:
>     Not decrypted yet!
>     PKCSException:Unable to decrypt the object!
>
> When I use this code:
>
>             PKCS12 p12 = new PKCS12(new
> FileInputStream("RichardBarnett2.pfx"));
>             System.out.println(p12);
>             String pwd = new String("***");
>             file://System.out.println("verify: " +
> p12.verify(pwd.toCharArray()));
>             p12.decrypt(pwd.toCharArray());
>             System.out.println(p12);
>
> I get this output:
>
>     PKCS#12 object:
>     Version: 3
>     AuthenticatedSafe: 0
>     mode: UNENCRYPTED
>
>     SafeBag: 0
>     Bag type: PKCS#12 pkcs8ShroudedKeyBag
>     Attributes:
>     localKeyID = OCTET STRING = 4 bytes: 01:00:00:00
>     friendlyName = UNIString = "9c00abd7-9b87-11d3-8669-0008c7dc970c"
>     1.3.6.1.4.1.311.17.1 = UNIString = "Microsoft Base Cryptographic
> Provider v1.0"
>
>     AuthenticatedSafe: 1
>     mode: PASSWORD_ENCRYPTED
>     Content encrypted with: PbeWithSHAAnd40BitRC2-CBC
>     No SafeBags or not decrypted yet.
>
>
>     PKCSException:java.security.NoSuchAlgorithmException:
> AlgorithmParameters not available
>
> In either case, executing the call to verify results in
>
>     PKCSException:java.security.NoSuchAlgorithmException: Algorithm
HMAC/SHA
> not implemenated.
>
> I am using iaik_jce_full.jar.
>
> Output varies depending on the relative order of entrust.jar &
> iaik_jce_full.jar in my classpath;  the above is the best I've got
(entrust
> first) & with entrust last I get a NoSuchMethodError
> ("iaik.pkcs.pkcs12.PKCS12: method decrypt(Ljava/lang/String;)V not
found")
> in MicrosoftP12.decrypt().
>
> Any help would be gratefully received.
>
> -- Richard
> -----------------------------------------------------------------------
-
> This email, its content and any files transmitted with it are intended
> solely for the addressee(s) and may be legally privileged and/or
> confidential. Access by any other party is unauthorised without the
> express written permission of the sender. If you have received this
> email in error you may not copy or use the contents, attachments or
> information in any way. Please destroy it and contact the sender on
> the number printed above, via the Dresdner Kleinwort Benson
> switchboard on +44 171 623 8000 or via e-mail return. Internet
> communications are not secure unless protected using strong
> cryptography. This email has been prepared using information believed
> by the author to be reliable and accurate, but Dresdner Kleinwort
> Benson makes no warranty as to accuracy or completeness. In particular
> Dresdner Kleinwort Benson does not accept responsibility for changes
> made to this email after it was sent. Any opinions expressed in this
> document are those of the author and do not necessarily reflect the
> opinions of the Bank or its affiliates. They may be subject to change
> without notice.
> -----------------------------------------------------------------------
-
> --
> Mailinglist-archive at
http://jcewww.iaik.tu-graz.ac.at/mailarchive/iaik-jce/maillist.html
>
> To unsubscribe send an email to listserv@iaik.tu-graz.ac.at with the
folowing content: UNSUBSCRIBE iaik-jce
>
>
>


smime.p7s