I've just generated an APNS certificate (for push notification) that ends up to a P12 file.
I put this file on my server, associated to its password and the whole works: notifications are well sent to devices.
I read a lot of articles explaining how to convert a P12 file to a PEM file.
Question is: What is the benefit of a PEM file if the P12 already makes the job.
Some programs do not support reading the key and certificate from a PKCS #12 (*.p12) file. Others only support PKCS #12, and many support both.
Because your program supports PKCS #12 there is no need (or benefit) to convert to PEM.
Related
I have generated a public/private JWS Key Pair and I need to convert my private key to a .pem file to sign my JWT using RS256 Algorithm.
Is there a solution for this?
I dont mind using like bash scripts etc, I am writing in .NET though if there is a way to do it in the code. Just anything expect an online converter!
FYI, I found a website with a NodeJS script on it and it worked a treat!
https://www.jvt.me/posts/2019/12/10/node-jwk-to-x509-pem/
I need to create a .pfx file starting from the digital signature contained in a smart card.
I have a smart card and I know the key code that allow me to create a .cer file, but not the .pfx. I tried using the "OpenSSL" utility but what I miss is the ".key" file.
How can I generate the .key file knowing the key code of the smart card?
You might be doing something here that you don't really want to do. Creating a certificate (the .cer file you mentioned) is a normal use case with smart cards where you use the smart card to sign that certificate. You don't get the "key file" because that's secured in your smart card.
In typical cryptographic smart cards you cannot export the key as this would invalidate the whole idea of having it physically protected.
PFX file as well as pkcs#12 container both include a certificate and the private key in the same container. And as you most likely cannot export your key from your smart card, what you are asking is not possible.
On our iOS projects, we commit to the version control repository both the signing certificate and the provisioning profiles used to generate AdHoc and AppStore builds. This way, whenever a new developer downloads a new fresh copy of the app, he has everything he needs to create an AdHoc build for testers.
We are using Jenkins for Continous Integration, and I would like to have a script that does some sanity checks on the commited files. In particular, I'd like to check that the commited provisioning profiles were indeed generated with the signing certificate commited in the repository.
Does anyone know how to do this from the command line? I can't figure out the .mobileprovision file format, although it seems to be a signed binary plist file.
Answering my own question, I hope this helps someone else.
Turns out, the mobileprovision file is a PKCS7 digitally signed message. It is not signed with the developer's certificate, but with Apple's one.
However, the data that's signed is an XML plist that contains the public key of the certificate you use to sign your binaries.
So basically, the steps are as follows:
Extract the data from the PKCS7 file.
Extract the public-key from the p12 file.
Compare the two, and check if they are the same.
I managed to do this easily with Ruby, since it provides nice wrappers to OpenSSL. I left a script in Github, if anyone wants to use.
The relevant parts of the code are as follows:
profile = File.read(#profile_file)
certificate = File.read(#certificate_file)
p7 = OpenSSL::PKCS7.new(profile)
cert = OpenSSL::PKCS12.new(certificate, #certificate_password)
store = OpenSSL::X509::Store.new
p7.verify([], store)
plist = REXML::Document.new(p7.data)
plist.elements.each('/plist/dict/key') do |ele|
if ele.text == "DeveloperCertificates"
keys = ele.next_element
key = keys.get_elements('//array/data')[0].text
profile_cert = "-----BEGIN CERTIFICATE-----" + key.gsub(/\t/, "") + "-----END CERTIFICATE-----\n"
#provisioning_cert = OpenSSL::X509::Certificate.new(profile_cert)
end
end
# Compare #provisioning_cert.to_s and cert.certificate.to_s
Here is a blog entry I found that explains the structure of the .mobileprovision file: .mobileprovision files structure and reading
And thats how csr files are looking like: What is a CSR (Certificate Signing Request)?
I don't think that there is already a working solution out there exactly fitting your needs. That's probably not the answer you were looking for, but I hope that you will find a connection somehow.
I need to protect a file with password when I send it as email attachment from iPhone. I have zipped the file using libz.dylib zlib.h class. Basically I followed the approach discussed in http://www.cocoadev.com/index.pl?NSDataCategory ie., to create NSDataCategory and calling zlib methods to compress the file. So I have the .gz format file as NSData and I want to protect it with a password. My question is how to protect a .gz file with a password. And I have also a basic question of how the password protection on a file work? Will it encrypt the total file with the given password or will it just act as a gate keeper to open the file?
You can't add password encryption to a .gz file, there is no support in libz. What you are thinking of is .zip tools that also add a simple layer of encryption where the password is used to decrypt the file. You might want to have a look at lzmaSDK to implement that sort of feature, I have read that it supports AES. But, be aware that adding encryption code to your iPhone app is more trouble that it is worth because then you will need to also register to export the encryption. It will significantly complicate your app release process.
I want to use Perl to extract information from a Certificate Signing Request, preferably without launching an external openssl process. Since a CSR is stored in a base64-encoded ASN.1 format, I tried the Convert::PEM module. But it requires an ASN.1 description of the content, which I haven't been able to put together (ASN.1 being the beast it is).
Does anybody have the right ASN.1 description for a CSR or a module that parses such a request ?
Maybe Convert::X509 can help you.
See also Convert::X509::Parser.
Your real question is what format are CSRs using? There are two formats to do it, PKCS #10 and SPKAC. The former is described in RFC 2986. I don't know where the latter is described.