0

I have a generated base64 .p12 file to authenticate to a service and my resty client expects to receive a tls.Certificate.

However, pkcs12.Decode always fail with ": asn1: syntax error: indefinite length found (not DER)"

Does it mean that I need to convert my base64 encoded .p12 file into a der formatted file? Or what else am I supposed to do to send the certificate to the server?

data, _ := ioutil.ReadFile("/PathTo/certificate.p12")

privateKey, certificate, _ := pkcs12.Decode(data, "abc123")//password=abc123

tlsCertificate := tls.Certificate{
    Certificate: [][]byte{cert.Raw},
    PrivateKey:  privateKey,
    Leaf:        cert,
}
//...
resty.SetCertificates(tlsCertificate)
Sammy
  • 885
  • 3
  • 13
  • 32
  • 1
    have you verified the file is indeed a PKCS#12 container, and not, say, its base64 encoding or whatever? You may start with, say, `openssl pkcs12 -in yourfile.p12 -noout -info` – kostix Mar 06 '19 at 13:39

1 Answers1

1

PKCS#12 (also knows as PFX) is encoded in ASN.1 (abstract syntax notation) and uses DER (distinguished encoding rules). ASN.1 is written as TLV (type, length and value). The value can be defined or as in your case indefinite, which just means that the length is not explicitly specified. A lot of encoders and decoders do NOT support indefinite lengths. For instance before Windows 10 indefinite lengths wasn't supported by the Microsoft crypto APIs.

What's to do? There are a few options: - Convert the PFX (maybe using openSSL) to get a PKCS#12 with defined lengths - Try another library to read the PKCS#12 that supports indefinite lengths.

Daniel Fisher lennybacon
  • 3,865
  • 1
  • 30
  • 38