0

I'm following https://github.com/digitalbazaar/forge#pkcs12 these steps to convert pem cert to p12. And I want .p12 certificate in binary format , don't want to encode it further using base64 as mentioned in above link. If I skip the last step

var p12b64 = forge.util.encode64(p12Der);

then from the output file (which contents the Bytes i.e. p12Der ) I'm not able to extract certificate and keys using openSSL. Steps followed to extract certificates:

openssl pkcs12 -in enc.p12  -out cert.crt -nokeys -clcerts
Which throws following error    
4145202984:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long:asn1_lib.c:157:

How can I generate p12 file in binary format using https://github.com/digitalbazaar/forge#pkcs12 these steps without encoding it(i.e. by skipping the last step to create p12b64)?

Plus, how can I download this file using plain JS (without node)?

Snehal
  • 1
  • 2

1 Answers1

0

Works for me.

$ cat 71308138.js
const fs = require('fs'), forge = require('node-forge');
var key = forge.pki.privateKeyFromPem(fs.readFileSync("71308138.key",'ascii'));
var crt = forge.pki.certificateFromPem(fs.readFileSync("71308138.crt",'ascii'));
var asn1 = forge.pkcs12.toPkcs12Asn1(key,crt,'password',{algorithm:'3des'});
var der = forge.asn1.toDer(asn1).getBytes();
fs.writeFileSync("71308138.p12",der,'binary');
$ nodejs 71308138.js
$ openssl pkcs12 -in 71308138.p12 -password pass:password -info -nodes
MAC: sha1, Iteration 2048
MAC length: 20, salt length: 8
PKCS7 Data
Certificate bag
Bag Attributes
    localKeyID: CB 1E 24 AF CF 80 D2 60 D0 1E A5 E1 3C 7F CB 35 CF F7 A2 D5
subject=CN = 71308138

issuer=CN = 71308138

-----BEGIN CERTIFICATE-----
MIICAjCCAWugAwIBAgIUSMMnVr3zmLgs0o2CL9jCDvS2mRAwDQYJKoZIhvcNAQEL
BQAwEzERMA8GA1UEAwwINzEzMDgxMzgwHhcNMjIwMzAzMDYwNTMxWhcNMjIwNDAy
MDYwNTMxWjATMREwDwYDVQQDDAg3MTMwODEzODCBnzANBgkqhkiG9w0BAQEFAAOB
jQAwgYkCgYEAwnMSHu6OBCdp5Zy3lRY9QieDc8Uyb62KRZeoHmnp9E5jDb8Tdxpb
tkg8ewr2SUKj7HBjiRZWDDclhSskqND5isqxgIpFbKOiiDyP7DtgqqaUqg5N6Hn7
5ZhajK//x+Xadjo8PKcKyisUOoAkOBy9ztcWPJ0pFZG8MVlkwykg61cCAwEAAaNT
MFEwHQYDVR0OBBYEFO1A7mfsya5J2fv7x9p480LjXj3yMB8GA1UdIwQYMBaAFO1A
7mfsya5J2fv7x9p480LjXj3yMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL
BQADgYEAuqCOu2pbN9nVcPB57/c1Ja3HKLHZx6tjif/4gy3c6OALT8h9LfU0Xl++
kJlNXdaCSTDEDCQsRPUGwzTbALBlzHMc905WsbSqywUe3pgNjPw/+dBz42v9hD0p
ztiZr+2g8iQZpib1vc+xlBTPJ7b/av0EaYkh4hCGRq5cYnjL+Tk=
-----END CERTIFICATE-----
PKCS7 Data
Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2048
Bag Attributes
    localKeyID: CB 1E 24 AF CF 80 D2 60 D0 1E A5 E1 3C 7F CB 35 CF F7 A2 D5
Key Attributes: <No Attributes>
-----BEGIN PRIVATE KEY-----
MIICdQIBADANBgkqhkiG9w0BAQEFAASCAl8wggJbAgEAAoGBAMJzEh7ujgQnaeWc
t5UWPUIng3PFMm+tikWXqB5p6fROYw2/E3caW7ZIPHsK9klCo+xwY4kWVgw3JYUr
JKjQ+YrKsYCKRWyjoog8j+w7YKqmlKoOTeh5++WYWoyv/8fl2nY6PDynCsorFDqA
JDgcvc7XFjydKRWRvDFZZMMpIOtXAgMBAAECgYA8Q1tvWLGM2gY40iwXOXA8y3Ay
9f+emuMKlGjXHC4UuCJ8xSYsOHAJ+zM7UvdnVw7knSRL/S8n1AN91RQkebeMYGSJ
RtsVip4Plfh1DQVA+8QYDhqibIa3hhYkBE8TBmfHNcpLkVooskU7ZPiJ8DRBdi43
yI5hRPP3O3PvtbzbGQJBAPKIIOgYKTc5rMbjBMryAFonRuSXO2vXc2pQhoYa7ggr
oVgDWsi1W33Io4u4/bI4K2iyzqTuyx8lXkyCp7ZEJqsCQQDNP2WdjydYcyovFG7g
NqC05qPhzIzGPBcrNR2qGcvYIIZKYBa/Kt40UqosXm+vEqGMNqkcSSP52jc4wXK8
TH4FAkAEe0V4ZHHmhldN+YXuJhihkdY6hRzg+kM0tLY3pim91uiNUsqLqOY+5cU3
4Lw3XdhXf+5Xl94C/lLGwSdOM+YvAkAwa6VoX05T8o9gHfzuTlTpeIPvEBeh6Kk6
m0RNTdqmOT4VK8gR/2X+iAX3g6vrbITKFFcfAi5HknB2pkSQIaeVAkAil33xA/wg
SjTvcO33u4vkViLCioo/MZWr+V8FAw94yLvAmp2AD+vCA2Tx7Wk0Reh+PoR1YP2R
O9Gkz+6UdiwA
-----END PRIVATE KEY-----
$
dave_thompson_085
  • 34,712
  • 6
  • 50
  • 70
  • Thanks, this is working! But I'm not using Node.js. As the parent application in not based on node (and there no such intent to configure node app for this component), I have added just JavaScript implementation of node-forge lib as a utility rather than importing whole package in app. So, how can I download this file with binary content using plain JS? – Snehal Mar 05 '22 at 12:39
  • Adding to prev. comment, I've followed https://stackoverflow.com/a/33542499/18343243 this implementation. Changed the blob type to "application/binary" and "application/octet-stream" but still getting same error while extracting keys from the downloaded file. Any suggestion on this? – Snehal Mar 05 '22 at 13:11
  • @Snehal: sorry, I don't do browser-side. Do you want me to delete this so your Q shows (again) as unanswered, which might encourage someone else to look at it? – dave_thompson_085 Mar 06 '22 at 02:08
  • No, that's fine. This is a bit new to me. So, just an add-on question, would you be able to explain what's the need to encode the binary p12 file? Is it for easier transportation? – Snehal Mar 07 '22 at 05:18
  • @Snehal: there are lots of things in transport or storage for which binary is impossible or inconvenient but it varies all over the lot. When PEM started (and also PGP which doesn't use PKCS12 but does use base64 'armor') email usually couldn't handle binary; today it can. Historically many databases couldn't but now most can. Text editors can't, and that includes things you want to edit as text like yaml. HTML and XML can't, and JS source can't easily, although HTTP or WS can handle a _separate_ (non-embedded) resource. Often important today, screen/GUI cut&paste can't. – dave_thompson_085 Mar 08 '22 at 15:41