Author Topic: CkPrivateKey->GetPkcs8Pem problem  (Read 430 times)

DevSidious

  • Guest
CkPrivateKey->GetPkcs8Pem problem
« on: April 06, 2018, 11:35:14 AM »
Testing with a secp256r1 elliptic curve key, loaded from a Java key store . When exported to PKCS8 PEM from the key store, the output looks like this:

-----BEGIN PRIVATE KEY-----
MIGTAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBHkwdwIBAQQgsX79T3NCPmkl7OLM
gLjXN5e8+9ZAgGYvfPtFMdNwzy+gCgYIKoZIzj0DAQehRANCAAS6tUlQ58fswzy2
TXFX+gj8Gtn0UVC8UYb56yxLxvuVpxAYuxR+c/4XhL9hASXW4jg9MJMstarwDQFc
+8nGvmas
-----END PRIVATE KEY-----

Loading this key in XCA (a GUI around OpenSSL) and then exporting it to PKCS8 PEM results in this:

-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgsX79T3NCPmkl7OLM
gLjXN5e8+9ZAgGYvfPtFMdNwzy+hRANCAAS6tUlQ58fswzy2TXFX+gj8Gtn0UVC8
UYb56yxLxvuVpxAYuxR+c/4XhL9hASXW4jg9MJMstarwDQFc+8nGvmas
-----END PRIVATE KEY-----

However, when loading this key from the key store via Chilkat APIs and calling CkPrivateKey->GetPkcs8Pem, the output looks like this:

-----BEGIN PRIVATE KEY-----
MDECAQEEILF+/U9zQj5pJezizIC41zeXvPvWQIBmL3z7RTHTcM8voAoGCCqGSM49
AwEH
-----END PRIVATE KEY-----

Attempting to load this output in XCA errors out with: "Unable to load private key in file... . Tried PEM and DER private, public, PKCS#8 key types and SSH2 format."

This also errors out when attempting to import the output of GetPkcs8Pem with a key store manager app (Key Store Explorer): "Could not load the unencrypted PKCS #8 private key file. Possible reasons include: a) The file is not in PKCS #8 format b) The PKCS #8 private key file is corrupted."

However, walking the same procedure with a RSA key works as expected. I suspect GetPkcs8Pem does not export domain parameters, which would make this data useless.

What am I missing here?
« Last Edit: April 06, 2018, 12:11:57 PM by DevSidious »

Chilkat

  • Administrator
  • Full Member
  • *****
  • Posts: 103
  • Karma: +6/-0
    • View Profile
Re: CkPrivateKey->GetPkcs8Pem problem
« Reply #1 on: April 07, 2018, 12:06:16 PM »
Chilkat is providing the PKCS1 PEM.  I made the fix so that PKCS8 is produced.  If you would like a new build, please let me know the exact programming language, operating system, and anything else I'd need to know (.NET Framework, Java JDK version, Perl version, etc.)

DevSidious

  • Guest
Re: CkPrivateKey->GetPkcs8Pem problem
« Reply #2 on: April 08, 2018, 09:51:07 AM »
I'm static linking against Chilkat C/C++ libs. Momentarily building on Windows (MSVC) and Linux X86_64 (GCC) so I could get away with Windows and Linux X86_64 builds. At some point I will have to be able to build on Mac OS X and Linux ARM.

Do you know when the fix is going to be available in the official Chilkat downloads?

Thanks.

Chilkat

  • Administrator
  • Full Member
  • *****
  • Posts: 103
  • Karma: +6/-0
    • View Profile
Re: CkPrivateKey->GetPkcs8Pem problem
« Reply #3 on: April 08, 2018, 01:12:05 PM »
The fix will be in the next version.

If you tell me the version of MSVC, I can provide a pre-release build.  I'll create a Linux x86_64 build sometime today and will post the link here..

Chilkat

  • Administrator
  • Full Member
  • *****
  • Posts: 103
  • Karma: +6/-0
    • View Profile
Re: CkPrivateKey->GetPkcs8Pem problem
« Reply #4 on: April 08, 2018, 01:32:02 PM »
Here's a 64-bit Linux pre-release:  https://chilkatdownload.com/prerelease/chilkat-9.5.0-x86_64-linux-gcc-463.tar.gz

(The number "463" is just a counter number to create a unique URL to avoid caching issues..)