[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[iaik-jce] PKCS8ShroudedKeyBag: not decrypted yet!


I'm trying to fiddle out what I'm doing wrong in decrypting
a PKCS12 file. I observe the following strange behaviour with
a certificate I got from Swisskey CA:

- The private key of this cert is "null" when read with
  the code listed below.
- If the cert is imported in e.g. netscape and exported again
  the code listed below extracts the private key correctly.

PKCS12 np12= new PKCS12(new FileInputStream(sFile));
System.out.println("key bag: "+ np12.getKeyBag());
System.out.println("private key: "+ np12.getKeyBag().getPrivateKey());

Interestingly the output using the unmodified cert issued by
Swisskey is:

key bag: PKCS8ShroudedKeyBag: not decrypted yet!
private key: null

When importing and exporting the cert in netscape the output is
as expected, i.e. I get a listing of private key algorithm, bag
type, friendly name, local key id, and a valid private key.

Now, the docu of PKCS8ShroudedKeyBag says that decription is handled
behind the scenes, which it's not. Hmm... I'm puzzled!

Anybody any ideas?!

Thanks in advance,
// Bruno


  _  _  _  _  _   Ergon Informatik AG         Bruno Essmann
 /_\| \/ \/ \| \  Baechtoldstrasse 4          dipl. Informatik Ing. ETH
 \  |  \_/\_/| |  8044 Zuerich - Switzerland  bruno.essmann@ergon.ch
        /         Phone: +41-1-268 89 00      Direct Line: +41-1-268 89 16
                  Fax: +41-1-261-27-50        http://www.ergon.ch/
Mailinglist-archive at

To unsubscribe send an email to listserv@iaik.at with the folowing content: