28

I try to use curl on Windows to post a timestamp request. Authentication is needed, so I use p12 file. I get error message, but password of p12 file is correct.

Command:

curl --insecure --cert-type P12 --cert my.p12:mypassword -X POST -d @mytest.req <myTSURL>

Error message:

curl: (58) could not parse PKCS12 file, check password, OpenSSL error error:0308010C:digital envelope routines::unsupported

curl -V

curl 7.83.1 (x86_64-pc-win32) libcurl/7.83.1 OpenSSL/3.0.2 (Schannel) zlib/1.2.12 brotli/1.0.9 libidn2/2.3.2 libssh2/1.10.0 nghttp2/1.47.0 ngtcp2/0.5.0 nghttp3/0.4.1 libgsasl/1.10.0
Release-Date: 2022-05-11
Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: alt-svc AsynchDNS brotli gsasl HSTS HTTP2 HTTP3 HTTPS-proxy IDN IPv6 Kerberos Largefile libz MultiSSL NTLM SPNEGO SSL SSPI TLS-SRP UnixSocket
plaidshirt
  • 5,189
  • 19
  • 91
  • 181

2 Answers2

43

Meta: this isn't really programming or development, and would probably be better on superuser or maybe security.SX, but this is issue is likely to become more common as OpenSSL 3.0 spreads and I wanted to get the answer out.

OpenSSL 3.0.x (and up) by default doesn't support old/insecure algorithms, but until recently most software that creates PKCS12 (including OpenSSL 1.x.x) used such an algorithm for the certbag(s), namely a PKCS12-defined PBE using 40-bit RC2, usually abbreviated RC2-40 -- and some still does at least sometimes, like the Windows 10 cert-export dialog by default. To check this do (fixed)

openssl pkcs12 -in my.p12 -info -nokeys -nocerts 
# in 3.x.x add -provider legacy -provider default or just -legacy
# to avoid prompt use -password or -passin, see man pages

and I expect the output will include

PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 2048

See if your curl has an option to specify the OpenSSL 3.0.x providers and if so specify (fixed) both 'legacy' and 'default'. Otherwise, convert your pkcs12 like (fixed TWICE)

# in 3.x.x
openssl pkcs12 -in old -nodes -provider legacy -provider default >temp && <temp openssl pkcs12 -export -out new
# or simpler
openssl pkcs12 -in old -nodes -legacy >temp && <temp openssl pkcs12 -export -out new

# in 1.x.x
openssl pkcs12 -in old -nodes >temp && <temp openssl pkcs12 -export -descert -out new 

# and in either case securely delete temp; on systems with a memory tmpfs, 
# typically /tmp, putting the file there can help assure this

# IFF 'old' was created by software that put the keybag before the certbag,
# which you can infer from the order displayed by pkcs12 -info,
# you can skip the temp file and pipe directly from one openssl to the other

Conversion loses any 'friendlyname' set in the existing file. For curl, and probably most other programs, this doesn't matter, but if you want to use this same file with something where friendlyname does matter, add -name $name on the -export part.

dave_thompson_085
  • 34,712
  • 6
  • 50
  • 70
  • 2
    Output was: `MAC: sha1, Iteration 1024 MAC length: 20, salt length: 20 PKCS7 Data Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 1024 PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 1024 Error outputting keys and certificates B00E0000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:crypto\evp\evp_fetch.c:349:Global default library context, Algorithm (RC2-40-CBC : 0), Properties ()'` – plaidshirt Jun 14 '22 at 06:44
  • @dave_thompson_085 thanks for the answer, however see https://stackoverflow.com/a/59934697/3872647 I don't think your cert conversion commands work unless there is a way to make openssl emit the key first follow by the cert – bilogic Sep 11 '22 at 16:45
  • 1
    Hey, so if RC2-40 is old & unsecure, which algorithm should be used? – user3677636 Nov 15 '22 at 09:03
  • @bilogic: I apparently didn't get or missed a notification for your comment; you're half right, what it actually depends on is how the input p12 was created. Editted. – dave_thompson_085 Nov 15 '22 at 09:44
  • 1
    @user3677636: certs don't really need to be encrypted, because the point of public-key crypto is that public keys, and certs, can be public. So RC2-40 isn't actually a vulnerabililty, but it is a wart: it looks silly to encrypt but do it badly. Nicer options are to not encrypt _at all_ which `openssl` can do with `-certpbe NONE` but other software maybe not, or to use the same PBE-SHA1-3DES traditionally used for keybag(s), which is what all my commands above do (3.0.x uses that by default, and 1.x.x with `-descert` does the same in spite of saying `des` and not `3des` or `tdes` etc) – dave_thompson_085 Nov 15 '22 at 09:49
  • @user3677636 CORRECTION: 1.x.x `-export -descert` uses 3DES (not 1DES as you might think), but 3.x.x by default uses PBES2/AES256 which is modern and good but may be an issue for some software such as older Java; to get 3DES from 3.x.x you must specify `-legacy -descert`, or explicit and less convenient `-certpbe PBE-SHA1-3DES -keypbe PBE-SHA1-3DES`. – dave_thompson_085 Aug 20 '23 at 21:42
19

I was getting the same error using OpenVPN. I was able to fix it by adding or uncommenting the following lines in the /etc/ssl/openssl.cnf configuration file:

   openssl_conf = openssl_init
   
   [openssl_init]
   providers = provider_sect
   
   [provider_sect]
   default = default_sect
   legacy = legacy_sect
   
   [default_sect]
   activate = 1
   
   [legacy_sect]
   activate = 1

This is based on the information at OpenSSL WIKI

bobmcn
  • 1,027
  • 9
  • 23
  • 1
    Worked for me, windows subsystem for Linux, thankyou! – JGlass Dec 07 '22 at 17:28
  • Yeah, fixed my issue connecting to VPN with pkcs12 file after Ubuntu upgrade to 22.10 / openvpn 2.6 – MiroJanosik Jan 09 '23 at 14:45
  • Worked for me too on Ubuntu 23.04. OpenVPN 2.6.1 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO] library versions: OpenSSL 3.0.8 7 Feb 2023, LZO 2.10 – Max Jul 17 '23 at 08:50