问题
I am using forge library to create a self signed certificate in .p12 format which generates private-public key pair using WebCryptoAPI. But when i am trying to import the .p12 file in windows certificate store, i am getting the following error :
This link says that there might be issue with private key.
Following is my key generation snippet by webcryptoApi
window.crypto.subtle.generateKey({
name: 'RSA-PSS',
modulusLength: 2048,
publicExponent: new Uint8Array([0x01, 0x00, 0x01]),
hash: {name: 'SHA-1'}
}
And my forge code snippet to generate p12 is as follows :
var newPkcs12Asn1 = forge.pkcs12.toPkcs12Asn1(
keys.privateKey, [cert], password,
{generateLocalKeyId: true, friendlyName: 'test'},
{algorithm: '3des'});
var newPkcs12Der = forge.asn1.toDer(newPkcs12Asn1).getBytes();
var p12b64 = forge.util.encode64(newPkcs12Der);
var downloadLink = document.createElement("a");
downloadLink.download = "example.p12";
downloadLink.innerHTML = "Download File";
downloadLink.setAttribute('href', 'data:application/x-pkcs12;base64,' + p12b64);
downloadLink.style.display = "none";
downloadLink.click();
Note :
- I am unable to import the file in Mozilla certificate store also. So there might be issue with the p12 file ?
- Windows certificate store validating my private key password properly while importing, only finish stage fails.
回答1:
As shown in comments, the problem is a syntax error in the pkcs12 encoding params
{generateLocalKeyId: true, friendlyName: 'test',algorithm: '3des'}
It is needed to set algorithm: '3des' because forge by default encrypts p12 with aes-128.
As can be read in this article the RFC7292 that standarizes PKCS#12, doesn’t specify a need to support AES, but there is enough information to use it in an interoperable way. Windows (even windows10)is not able to work with files produced with more secure encryption schemes and ciphers. Then, the most secure algorithm that can be used is triple-des
来源:https://stackoverflow.com/questions/43066591/p12-file-import-failure-in-windows-certificate-store-by-forge-javascript-library