Geek Answers Handbook

Forge errors with reading p12 and pfx files

I get the following errors when trying to read / decode p12 and pfx files:

Cannot read PKCS#12 PFX. ASN.1 object is not an PKCS#12 PFX Too few bytes to read ASN.1 value.

I am trying to read a file in Javascript with the following:

 <input id="cert-file" type="file" name="cert" /><output id="p12cert"></output>

Using jQuery, I add an "on change" event handler to validate the selected file.

 $j("#cert-file").change(handleFileSelect); function handleFileSelect(evt) { var files = evt.target.files; // FileList object getFile(files[0]); }

Then I try to read the file and decode it with forge.

 function getFile(p12cert) { var reader = new FileReader(); var password = 'password'; reader.onload = (function (theFile) { return function(eve) { var p12Der = forge.util.decode64(eve.target.result); // get p12 as ASN.1 object // Not working for one of my p12 files var p12Asn1 = forge.asn1.fromDer(p12Der); // decrypt p12 using the password 'password' // TODO: Not working for some reason for p12 and pfx file var p12 = forge.pkcs12.pkcs12FromAsn1(p12Asn1, password); }; })(p12cert); reader.readAsText(p12cert);

}

I am not sure if I just read the file wrong. I left the FileReader examples from here . Am I doing something wrong or can something be wrong with my certificates?

+7
javascript pkcs # 12 forge
source share
2 answers

Refresh . It seems that the problem occurs before passing data to forge. Data is not read in the appropriate format. You can try one of these options:

Option 1:

 reader.readAsDataURL(p12cert); // change from readAsText // in reader.onload, parse out the base64 part: var p12Der = forge.util.decode64(eve.target.result.split(',')[1]);

Option 2:

 reader.readAsBinaryString(p12cert); // change from readAsText // in reader.onload, skip base64 decoding step entirely since the data is // already in a binary string that forge can work with -- the downside // is that this method is deprecated in the FileReader API var p12Der = eve.target.result;

Option 3:

 // instead, use an ArrayBuffer reader.readAsArrayBuffer(p12cert); // in reader.onload, convert to base64 and then decode as you were doing before var b64 = forge.util.binary.base64.encode(new Uint8Array(eve.target.result));

Option 4:

 // instead, use an ArrayBuffer reader.readAsArrayBuffer(p12cert); // in reader.onload, just do a raw conversion to a binary string and skip // the base64 decoding (though this may cause a stack overflow // with the current implementation in forge which is experimental) var p12Der = forge.util.binary.raw.encode(new Uint8Array(eve.target.result));

Old

Have you tried loading PKCS # 12 in non-strict mode? This often fixes this error:

 var p12Asn1 = forge.asn1.fromDer(p12Der, false); var p12 = forge.pkcs12.pkcs12FromAsn1(p12Asn1, false, password);
+7
source share

It will work great

  // get p12 as ASN.1 object //here buffer is a result for readFileSync pkcs12 file var p12Asn1 = forge.asn1.fromDer(buffer); // decrypt p12 using the password 'password' var p12 = forge.pkcs12.pkcs12FromAsn1(p12Asn1, password); // get bags by type var certBags = p12.getBags({bagType: forge.pki.oids.certBag}); var pkeyBags = p12.getBags({bagType: forge.pki.oids.pkcs8ShroudedKeyBag}); // fetching certBag var certBag = certBags[forge.pki.oids.certBag][0]; // fetching keyBag var keybag = pkeyBags[forge.pki.oids.pkcs8ShroudedKeyBag][0]; // generate pem from private key var privateKeyPem = forge.pki.privateKeyToPem(keybag.key); // generate pem from cert var certificate = forge.pki.certificateToPem(certBag.cert);
0
source share

More articles:


All Articles