SV: SV: [Mono-list] PKCS#12 example

Hellan.Kim KHE KHE at kmd.dk
Thu Sep 22 03:48:55 EDT 2005 

Thank for that advice. I can see that there definitely is something wrong with the PKCS#12 (no attributes).

This is the PKCS#12 that I generate with Mono using the code found in MakeCert.cs:

MAC Iteration 2000
MAC verified OK
PKCS7 Encrypted data: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2000
Certificate bag
Bag Attributes: <No Attributes>
subject=/C=DK/O=Ingen organisatorisk tilknytning/CN=Nancy Ann Berggren/serialNumber=PID:9208-2001-1-538257423
issuer=/C=DK/O=KMD/OU=KMD/CN=KMD Intern Test - KUN TIL TEST/NO LIABILITY GIVEN
-----BEGIN CERTIFICATE-----
MIIEmjCCA4KgAwIBAgIEQoB3RTANBgkqhkiG9w0BAQUFADBlMQswCQYDVQQGEwJE
SzEMMAoGA1UEChMDS01EMQwwCgYDVQQLEwNLTUQxOjA4BgNVBAMTMUtNRCBJbnRl
cm4gVGVzdCAtIEtVTiBUSUwgVEVTVC9OTyBMSUFCSUxJVFkgR0lWRU4wHhcNMDUw
NTEwMDg1NjM3WhcNMTAwNTEwMDg1NjM3WjB5MQswCQYDVQQGEwJESzEpMCcGA1UE
ChMgSW5nZW4gb3JnYW5pc2F0b3Jpc2sgdGlsa255dG5pbmcxGzAZBgNVBAMTEk5h
bmN5IEFubiBCZXJnZ3JlbjEiMCAGA1UEBRMZUElEOjkyMDgtMjAwMS0xLTUzODI1
NzQyMzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvw9Kz4/Vy+z+zBMSnOfG
Mc3PbFiiNOiSHys54eE8COieaNwR3Wb0nJG8BC/AgchVZnLXqns1kZd5Fd5Il8Zr
ypaz7hpI/RPTU/I47axF/bpRWnNCGsewynfd6A+6Z0+tWqctxt+Q0bOG0cauc6kl
heNPBgA7mCjatIcq6hfNg8sCAwEAAaOCAcAwggG8MA4GA1UdDwEB/wQEAwID+DCC
ATYGA1UdIASCAS0wggEpMIIBJQYJKQEBAQEBAQEBMIIBFjAdBggrBgEFBQcCARYR
aHR0cDovL3d3dy5rbWQuZGswgfQGCCsGAQUFBwICMIHnGoHkRGV0dGUgZGlnaXRh
bGUgY2VydGlmaWthdCBlciB1ZGVsdWtrZW5kZSB0aWwgdGVzdGJydWcgb2cga2Fu
IGlra2UgYW52ZW5kZXMgdGlsIGZvcnBsaWd0ZWRlIGFmdGFsZXIgZWxsZXIgbGln
bmVuZGUuIERldCBza2FsIHNhbXRpZGlnIG5vdGVyZXMgYXQgZGVyIGlra2UgbGln
Z2VyIGVuIHVkc3RlZGVsc2VzcG9saXRpayB0aWwgZ3J1bmQgZm9yIHVkc3RlZGVs
c2VuIGFmIGRldHRlIGNlcnRpZmlrYXQuMAkGA1UdEwQCMAAwJQYDVR0RBB4wHIEa
bmFuY3lfYmVyZ2dyZW5AbmV0aG90ZWwuZGswHQYDVR0OBBYEFO1vQMQvzQHkNncD
kw9qW1NhWhU3MB8GA1UdIwQYMBaAFNj67FB6jYzQ14n4/FjU3OvZmJlQMA0GCSqG
SIb3DQEBBQUAA4IBAQA1sEsnZpQUc/0kYubETfRln1pO/0aIh1aUXCCCqfiE5NlP
HF7DgOltHJME2mr7RFcLaKCaMJR9ZboMxTCWN3kjGbFMEq1O4SO5/9anAzvRlyDF
QIpMfc5LOpD4JUVrbKFqR04BzuTpspD7MHqsRyXyCcwEqxFP9E0ErYRvU4/80Nhv
kiQOkkwEYBHg+2Z5LC2v1AmS8byEOJ4Wk3BEufmLmJTEPJgCcHUoGoNWVRs3gS40
2lVI2EWk9+hcV8jhzIM9wJuZU2kENZoh4/gv1LcRiHdsh2fe2RmRN04r7yx1jfxT
ydvgoU16WWkr42q+lYC8lwA+86T92aXrEddEH+dm
-----END CERTIFICATE-----
PKCS7 Data
Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2000
Bag Attributes: <No Attributes>
Key Attributes: <No Attributes>


This is the "same" PKCS#12 I generate with OpenSSL:

MAC Iteration 1
MAC verified OK
PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 2048
Certificate bag
Bag Attributes
    localKeyID: 56 58 1F EA A7 6C 16 56 2D 06 82 FC 58 1D 81 3F 5E D8 66 69
subject=/C=DK/O=Ingen organisatorisk tilknytning/CN=Nancy Ann Berggren/serialNumber=PID:9208-2001-1-538257423
issuer=/C=DK/O=KMD/OU=KMD/CN=KMD Intern Test - KUN TIL TEST/NO LIABILITY GIVEN
-----BEGIN CERTIFICATE-----
MIIEmjCCA4KgAwIBAgIEQoB3RTANBgkqhkiG9w0BAQUFADBlMQswCQYDVQQGEwJE
SzEMMAoGA1UEChMDS01EMQwwCgYDVQQLEwNLTUQxOjA4BgNVBAMTMUtNRCBJbnRl
cm4gVGVzdCAtIEtVTiBUSUwgVEVTVC9OTyBMSUFCSUxJVFkgR0lWRU4wHhcNMDUw
NTEwMDg1NjM3WhcNMTAwNTEwMDg1NjM3WjB5MQswCQYDVQQGEwJESzEpMCcGA1UE
ChMgSW5nZW4gb3JnYW5pc2F0b3Jpc2sgdGlsa255dG5pbmcxGzAZBgNVBAMTEk5h
bmN5IEFubiBCZXJnZ3JlbjEiMCAGA1UEBRMZUElEOjkyMDgtMjAwMS0xLTUzODI1
NzQyMzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvw9Kz4/Vy+z+zBMSnOfG
Mc3PbFiiNOiSHys54eE8COieaNwR3Wb0nJG8BC/AgchVZnLXqns1kZd5Fd5Il8Zr
ypaz7hpI/RPTU/I47axF/bpRWnNCGsewynfd6A+6Z0+tWqctxt+Q0bOG0cauc6kl
heNPBgA7mCjatIcq6hfNg8sCAwEAAaOCAcAwggG8MA4GA1UdDwEB/wQEAwID+DCC
ATYGA1UdIASCAS0wggEpMIIBJQYJKQEBAQEBAQEBMIIBFjAdBggrBgEFBQcCARYR
aHR0cDovL3d3dy5rbWQuZGswgfQGCCsGAQUFBwICMIHnGoHkRGV0dGUgZGlnaXRh
bGUgY2VydGlmaWthdCBlciB1ZGVsdWtrZW5kZSB0aWwgdGVzdGJydWcgb2cga2Fu
IGlra2UgYW52ZW5kZXMgdGlsIGZvcnBsaWd0ZWRlIGFmdGFsZXIgZWxsZXIgbGln
bmVuZGUuIERldCBza2FsIHNhbXRpZGlnIG5vdGVyZXMgYXQgZGVyIGlra2UgbGln
Z2VyIGVuIHVkc3RlZGVsc2VzcG9saXRpayB0aWwgZ3J1bmQgZm9yIHVkc3RlZGVs
c2VuIGFmIGRldHRlIGNlcnRpZmlrYXQuMAkGA1UdEwQCMAAwJQYDVR0RBB4wHIEa
bmFuY3lfYmVyZ2dyZW5AbmV0aG90ZWwuZGswHQYDVR0OBBYEFO1vQMQvzQHkNncD
kw9qW1NhWhU3MB8GA1UdIwQYMBaAFNj67FB6jYzQ14n4/FjU3OvZmJlQMA0GCSqG
SIb3DQEBBQUAA4IBAQA1sEsnZpQUc/0kYubETfRln1pO/0aIh1aUXCCCqfiE5NlP
HF7DgOltHJME2mr7RFcLaKCaMJR9ZboMxTCWN3kjGbFMEq1O4SO5/9anAzvRlyDF
QIpMfc5LOpD4JUVrbKFqR04BzuTpspD7MHqsRyXyCcwEqxFP9E0ErYRvU4/80Nhv
kiQOkkwEYBHg+2Z5LC2v1AmS8byEOJ4Wk3BEufmLmJTEPJgCcHUoGoNWVRs3gS40
2lVI2EWk9+hcV8jhzIM9wJuZU2kENZoh4/gv1LcRiHdsh2fe2RmRN04r7yx1jfxT
ydvgoU16WWkr42q+lYC8lwA+86T92aXrEddEH+dm
-----END CERTIFICATE-----
PKCS7 Data
Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2048
Bag Attributes
    localKeyID: 56 58 1F EA A7 6C 16 56 2D 06 82 FC 58 1D 81 3F 5E D8 66 69
Key Attributes
    X509v3 Key Usage: 10


But how do I set the correct attributes?
That doesn't seem to be handled in the example.

Thanks!
/Kim


-----Oprindelig meddelelse-----
Fra: mono-list-bounces at lists.ximian.com [mailto:mono-list-bounces at lists.ximian.com] På vegne af Julien Gilli
Sendt: 22. september 2005 09:32
Til: mono-list at lists.ximian.com
Emne: Re: SV: [Mono-list] PKCS#12 example

Hellan.Kim KHE wrote:

>So whenever I try to install this PKCS#12, the certificate is put in the
>"Other people" category instead of "Personal" due to the "missing"
>private key.
>
>  
>
Have you tried to examine the PKCS#12 file with "openssl pkcs12" to make 
sure that everything is in the right place ?

Regards,

-- 
Julien Gilli
IDEALX http://www.idealx.com/

_______________________________________________
Mono-list maillist  -  Mono-list at lists.ximian.com
http://lists.ximian.com/mailman/listinfo/mono-list




_______________________________________________________________________________________
www.kmd.dk   www.kundenet.kmd.dk   www.eboks.dk   www.civitas.dk   www.netborger.dk www.organisator.dk

Hvis du har modtaget denne mail ved en fejl vil jeg gerne, at du informerer mig og sletter den.
KMD skaber it-services, der fremmer effektivitet hos det offentlige, erhvervslivet og borgerne.

If you received this e-mail by mistake, please notify me and delete it. Thank you.
Our mission is to enhance the efficiency of the public sector and improve its service of the general public.

More information about the Mono-list mailing list