Unparseable PKCS#12 cert

Nikos Mavrogiannopoulos nmav at gnutls.org
Sun Nov 2 13:17:18 CET 2008

Joe Orton wrote:
> Hi folks, I've attached a PKCS#12 file which was apparently produced by 
> the Bouncy Castle Java crypto toolkit; GnuTLS 2.5.6 + libtasn1 1.3 can't 
> parse it.  I haven't attempted to debug this any further.
> OpenSSL can parse it, though PKCS12_parse() failed to pair up the key 
> and cert correctly (instead giving the key and embedded CA cert), which 
> is why I heard about this.  Just happened to try this cert with GnuTLS 
> too.
> $ bin/certtool --p12-info --infile ~/TestUser.p12  --inder
> bin/certtool: p12_import: ASN1 parser: Error in TAG.
> The encryption password is "password".

The attached patch to libtasn1 should solve this issue[0]. It seems the
mozilla pkcs12 structure is BER encoded and our decoder worked with DER
data. Still our decoder lacks full BER support but at least with this
patch it can decode this structure.


[0]. It also contains some optimizations in the libtasn1 tree generation.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: libtasn1.patch
Type: text/x-patch
Size: 64163 bytes
Desc: not available
URL: </pipermail/attachments/20081102/941959d6/attachment.bin>

More information about the Gnutls-devel mailing list