Hi there,

I have a use case that is currently unsupported but would like to get implemented if possible.
I am working with an Authenticode code signing certificate issued by DigiCert.
When using decode chain the decode fails as exactly two items are expected in the Authenticated Safe.

It appears that the implementation this is based on had all the certificate bags in one item in the Authenticated Safe and then the PKCS8ShroundedKeyBag in a separate bag under a separate item in the Authenticated Safe, but the PFX PDU that I am using has the shrouded key and all of the cert bags together in a single item within the Safe.

The error is thrown in getSafeContents in pkcs12.go here https://github.com/SSLMate/go-pkcs12/blob/01f6600bb3869be1db8ab7b801c02a76dc56280d/pkcs12.go#L406C2-L406C2 , it would appear from the spec https://www.rfc-editor.org/rfc/rfc7292 that the possibility of >=1 items in the Authenticated Safe is a possibility.

I would be happy to put together a pull request and discuss further if this sounds like something you would like to incorporate.

Thanks.

When I use:
pfxData, err := ioutil.ReadFile(p12Path)
priv, cert, err := pkc12.Decode(pfxData, "1234")
if err != nil {
log.Fatal("Fail: %v\n", err)
}

I get this error:
pkcs12: error reading P12 data: asn1: syntax error: indefinite length found (not DER)

I am getting the following error when I try to parse an encrypted key
panic: pkcs12: error parsing PKCS#8 private key: x509: PKCS#8 wrapping contained private key with unknown algorithm: 1.2.840.10040.4.1

What could be the issue

Hi, i have to test this package before using, there is a problem.
go test software.sslmate.com/src/go-pkcs12 failed with status 2
src/software.sslmate.com/src/go-pkcs12/pkcs12_test.go:135:21: rsaPk.PublicKey.Equal undefined (type rsa.PublicKey has no field or method Equal)

I'm new to the cryptography area, and I'd like to post some stupid question here.

I'm using this package to decode a pfx exported from Azure Key Vault, where the PEM blocks after decoding is in the order of: private key -> root cert -> intermidiary cert -> leaf cert. The DecodeChain returns the root cert as the certficate.

The document of this function clearly states that:

The first certificate is assumed to be the leaf certificate, and subsequent certificates, if any, are assumed to comprise the CA certificate chain.

It is obvious that I can manually tweak the returned certificate and caCerts as I already know my pfx is in the reverse order as is expected by this API. Whilst I'd like to see if there is an idiomatic way to achieve this. Even better, is there a way I can tell which order the current pfx is in, and conditionally apply the order reversing. Does it make sense to embed above ordering things to this API so that it can handle both orders?

OpenSSL 3 throws an error of legacy algorithm when trying to parse P12 that uses RC2 to encrypt its certificates.

I would like to have the ability to encrypt the certificates with triple DES when generating P12. Pretty much an equivalent to the "-descert" flag of openssl.

I have created a proposal for this functionality in #35.

Thanks.

I tried many times and was prompted No required SSL certificate was sent

Currently library supports PBEWithSHAAnd40BitRC2CBC which generates 40 bit key
The library does not support pbeWithSHAAnd128BitRC2CBC which generates 128 bit key

Shall we add support for this algorithm.

func Decode(pfxData []byte, password string) (privateKey interface{}, certificate *x509.Certificate, err error)

how to write privateKey as sting to key file ?

Moin,

I've been wrestling with a library - march_hare - for a while. I need to provide TLS certificates to march_hare, so march_hare can connect to a TLS secured RabbitMQ instance in order to do messaging stuff.

In order to generate these certs from Hashicorp Vault, we have written a small internal tool called the certdeployer. This tool uses the vault API on one side and has a config files to write the certificates into files in pretty much whatever format we need - encoding/pem in three files (ca/key/cert), key and cert bundled, pkcs8, and so on.

This library is used (very successfully) to generate PKCS12 Keystores and Truststores for our java applications via the Encode and EncodeTrustEntries functions and then they can connect to postgres/rabbitmq/whatever.

However, march_hare is throwing a new wrench into the gears, because march_hare does not use a keystore and a truststore like many other applications. Instead, march hare wants one PKCS12 keystore, which in turn contains one key/cert safebag, and one trust-entry safebag with the CA.

Now after some back and forth I kinda bit the bullet and setup a quick and dirty PoC on a fork of kinda merging Encode and EncodeTrustEntries and this results in a keystore that actually works fine, at least in the keystore explorer. You can find the current kludge here:

https://github.com/Tetha/go-pkcs12/blob/combined-key-and-trust-store/pkcs12_combined.go

And like the biggest ordeal in this process was getting the two safebag lists appended right here:

https://github.com/Tetha/go-pkcs12/blob/combined-key-and-trust-store/pkcs12_combined.go#L124

Now, what I'd like to know from you is if you want this merged? If you do, I'd have to clean the code up a little, probably by extracting the safebag creations into reusable functions and adding a few tests. Things like that.

Why can't this project generate a certificate file in jks format?

The following page references godoc.org which is an outdated site for hosting Go documentation.

https://software.sslmate.com/src/go-pkcs12/

There is a replacement (mentioned elsewhere on this repository) that the site can reference. I was unable to find this HTML in the repository.

https://pkg.go.dev/software.sslmate.com/src/go-pkcs12

Related to #28, in order to add cert entries to the JVM keystore in Java 18+, we also need to be able to encode with a blank password.

I have been using EncodeTrustStoreEntries with "" as the password but when attempting to Decode this again I get pkcs12: error reading P12 data: asn1: syntax error: sequence truncated

Is it possible to also add support for Encoding certs with "" to store in a passwordless PKCS12 file?

Cannot add friendly name to certificate properties?
For more information, please see the content of the picturey.

go.mod has golang.org/x/[email protected], which in order depends on golang.org/x/[email protected] which has a number of known vulnerabilities (CVE-2022-41723, CVE-2022-44716, CVE-20220-41717).
Can you please bump golang.org/x/crypto to v0.4.0?

I go a pkcs12 file,and know the password.

I want decode this file, add add some content to the User Notice(eg:emial ) in the Certificate.
then reEncode it to pkcs12 file.

Is it possible?

go newbie here, got some confusion.

func main() {
	keyBytes, err := rsa.GenerateKey(rand.Reader, 1024)

	if err != nil {
		panic(err)
	}

	if err := keyBytes.Validate(); err != nil {
		panic(err)
	}

	dn := pkix.Name{
		Country:            []string{"EN"},
		Organization:       []string{"org"},
		OrganizationalUnit: []string{"org"},
		Locality:           []string{"city"},
		Province:           []string{"province"},
		CommonName:         "name",
	}

	serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
	serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)

	template := x509.Certificate{
		Subject:            dn,
		SignatureAlgorithm: x509.SHA256WithRSA,
		SerialNumber:       serialNumber,
	}
	pfxBytes, err := pkcs12.Encode(rand.Reader, keyBytes, &template, []*x509.Certificate{}, pkcs12.DefaultPassword)

	if err != nil {
		panic(err)
	}

	_, _, err = pkcs12.Decode(pfxBytes, pkcs12.DefaultPassword)
	if err != nil {
		panic(err)  // I got: pkcs12: expected exactly one certificate in the certBag
	}
}

Did I make any mistake with the pkcs12.Encode or others? Many thanks

I have a PKCS 12 file including:

• one certificate
• one private key

What I simply do is:

1. Read my p12 file
2. Decode the p12 file

certFile, err := ioutil.ReadFile("authentication.p12")
privateKey, cert, err := pkcs12.Decode(certFile, "my_password")

The error returned from pkcs12 library is the following:
x509: RSA key missing NULL parameters

Is the problem related to the standard used by this library implementation?

Is it possible to provide a custom FriendlyName with pcks.Export, analogous to openssl pcks12 -export -name "..." ?

If any of the input's Raw fields are nil, then Encode should return an error Instead of succeeding and returning an invalid PKCS#12 file. Inspired by #11.

It looks like a local import path got committed in crypto.go: https://github.com/SSLMate/go-pkcs12/blob/master/crypto.go#L15

Can we possibly have mac iteration as a parameter to the Encode() function? It seems like openssl has 2048 MAC iterations

func Encode ----
The generated pfx format certificate cannot be used in the tomcat program, which will directly cause the tomcat program to fail to start. I have tried many encoding rules, but the problem cannot be solved?
I suspect that the tomcat program's certificate generation rules on the pfx format certificate are different from the rules for generating certificates on the IIS web service for encoding certificates.

<Connector            protocol="org.apache.coyote.http11.Http11NioProtocol"            port="443" maxThreads="200"            scheme="https" secure="true" SSLEnabled="true"            keystoreFile="xxx.com.pfx" keystorePass="4Y2LOv50" keystoreType="PKCS12"            clientAuth="false" sslProtocol="TLS"/>

I'm trying to convert PFX to PEM without success due to this error:

pkcs12: error reading P12 data: asn1: syntax error: indefinite length found (not DER)

Searching online results in an indication to Encode BER to DER and then the ToPEM will not throw this annoying error.
I couldn't find any solution whatsoever.

The pfx file is encoded with base64 and decoded to []byte which doesn't suppose to affect the error in any case.

I don't have any option to change the pfx file which is inserted into this variable config.ClusterCertificate

The code:

blocks, err := pkcs12.ToPEM(config.ClusterCertificate, "")
	if err != nil {
		return nil, err
	}
	var pemData []byte
	for _, b := range blocks {
		pemData = append(pemData, pem.EncodeToMemory(b)...)
	}

	// then use PEM data for tls to construct tls certificate:
	cert, err := tls.X509KeyPair(pemData, pemData)
	if err != nil {
		return nil, err
	}

	config := &tls.Config{
		Certificates: []tls.Certificate{cert},
	}

	_ = config

	x509cert, err := x509.ParseCertificate(cert.Certificate[0])
	if err != nil {
		return nil, err
	}
	store.TrustStore = x509cert
	store.Certificate = &cert

I have been working on a project where this error is significant

Can we create a predefined error value for this?. It makes it easy for error value comparison. I suggest something like this

var ErrExpectedTwoSafeBags error = errors.New("pkcs12: expected exactly two safe bags in the PFX PDU")

So We can do something like this

pfx, cert, err := pkcs12.Decode(pfxData, password)
if errors.Is(err,pkcs12.ErrExpectedTwoSafeBags){
    // LoadChain
}

instead of

if err.Error() == "pkcs12: expected exactly two safe bags in the PFX PDU" {
}

We wish to have access to friendlyName for every object in a pkcs12.
We have seen problems where frientlyName differed between private and public keys, and would like to be able to validate and visualize this.

Thanks for your work with this package :)

EncodeTrustStore() supports using the CN as the friendly name. Encode() does not. Is there a chance it can be added?

If you use openssl, you can do it for key+cert, not just truststore (cert-only); actually you can provide the friendly name separately, which might be an even easier solution:

openssl pkcs12 -export -in cert.pem -inkey key.pem -name "friendlyName" -out new.p12

So perhaps:

func EncodeTrustStore(rand Reader, certs []*x509Certificate, password, friendlyName string) (pfxData []byte, err error)
func Encode(rand Reader, privateKey interface{}, certs []*x509Certificate, password, friendlyName string) (pfxData []byte, err error)

When parsing the p12 file, hitting the above error, the same file can be decoded through web.
Any input as to what can be causing the issue.

Java 18 migrates the cacerts keystore from JKS to a password-less PKCS12 format file. See the release notes and bug details.

When the data from this file is passed to Decode*, the library throws a no MAC in data error. The release notes also state:
"All certificates inside are not encrypted and there is no MacData for password integrity"

Is it possible to add support for this new format?