PKCS12 to OpenPGP Conversion
Justin Wienckowski
Justin.Wienckowski@trw.com
Thu Jul 26 18:53:01 2001
As part of a project at my company, I've developed a program that converts =
a PKCS#12 certificate produced by Microsoft's CryptoAPI (CPS v1.0) into a =
format suitable for import into an OpenPGP-compliant program (like gpg, =
cheer!).
This is an EXTREME ALPHA release for those of you who are masochistic but =
wanna see how the conversion works. It was done as a proof of concept. =
The code is messy, hacked up, and hard to read. It may very well not work =
for your certificates. As soon as I clean it up and make it work right =
I'll release a package containing the nice source code, utilities, and =
sample files to show how to adapt it for your certificate formats.
You can grab the source at http://filebox.vt.edu/users/jwiencko/extract_key=
.c=20
NOTES
--------
1) DOES NOT ENCRYPT THE PRIVATE KEY. I'm lazy and busy so I havn't =
implemented that yet. You can use gpg to set a passphrase on the key =
after you import it.
2) Requires cryptlib to compile. Also uses a bunch of .h files from the =
cryptlib source so it can use the low-level SHA-1 and BIGNUM functions.
3) To import the key pair into gpg after you run it, use gpg --allow-secret=
-key-import --import my_key.pgp
4) Much of the PKCS processing code is directly adapted from Peter =
Gutmann's breakms.c code - thanks Peter! He did some great work on the =
terrible nature of Microsoft's PKCS12 implementation.
I'm happy to answer any questions you may have about the program or PKCS =
or OpenPGP in general - just send them to me directly and not to the list =
:)
Cheers!
-Justin Wienckowski
justin.wienckowski@trw.com