doumiang2297 2019-03-06 12:51
浏览 706

如何将base64编码的p12转换为tls.certificate

I have a generated base64 .p12 file to authenticate to a service and my resty client expects to receive a tls.Certificate.

However, pkcs12.Decode always fail with ": asn1: syntax error: indefinite length found (not DER)"

Does it mean that I need to convert my base64 encoded .p12 file into a der formatted file? Or what else am I supposed to do to send the certificate to the server?

data, _ := ioutil.ReadFile("/PathTo/certificate.p12")

privateKey, certificate, _ := pkcs12.Decode(data, "abc123")//password=abc123

tlsCertificate := tls.Certificate{
    Certificate: [][]byte{cert.Raw},
    PrivateKey:  privateKey,
    Leaf:        cert,
}
//...
resty.SetCertificates(tlsCertificate)
  • 写回答

1条回答 默认 最新

  • dongshen2903 2019-05-12 21:10
    关注

    PKCS#12 (also knows as PFX) is encoded in ASN.1 (abstract syntax notation) and uses DER (distinguished encoding rules). ASN.1 is written as TLV (type, length and value). The value can be defined or as in your case indefinite, which just means that the length is not explicitly specified. A lot of encoders and decoders do NOT support indefinite lengths. For instance before Windows 10 indefinite lengths wasn't supported by the Microsoft crypto APIs.

    What's to do? There are a few options: - Convert the PFX (maybe using openSSL) to get a PKCS#12 with defined lengths - Try another library to read the PKCS#12 that supports indefinite lengths.

    评论

报告相同问题?

悬赏问题

  • ¥15 c程序不知道为什么得不到结果
  • ¥40 复杂的限制性的商函数处理
  • ¥15 程序不包含适用于入口点的静态Main方法
  • ¥15 素材场景中光线烘焙后灯光失效
  • ¥15 请教一下各位,为什么我这个没有实现模拟点击
  • ¥15 执行 virtuoso 命令后,界面没有,cadence 启动不起来
  • ¥50 comfyui下连接animatediff节点生成视频质量非常差的原因
  • ¥20 有关区间dp的问题求解
  • ¥15 多电路系统共用电源的串扰问题
  • ¥15 slam rangenet++配置