Jump to content

razzmatazz

Members
  • Content Count

    6
  • Joined

  • Last visited

Everything posted by razzmatazz

  1. I'm interested in loading a certificate (with any encryption) and save it with PrivKeyEncTripleDES. The following code: GSSLEAY_LOAD_LEGACY := True; cert := TX509Base.Create(nil); cert.LoadFromP12File('cert.p12',croYes,croYes,'password'); cert.SaveToP12File('save.cert.p12','password',false,PrivKeyEncTripleDES); cert.Free; loads the cert correctly but raises an exception on saving: "3DES key encryption not supported without legacy module". However, GSSLEAY_LOAD_LEGACY is set to TRUE, what means that the legacy mode is in use. Anyway, the problem seems to go further, because any attempt to try and save the file ends in exception: GSSLEAY_LOAD_LEGACY := True; cert := TX509Base.Create(nil); cert.LoadFromP12File('cert.p12',croYes,croYes,'password'); cert.SaveToP12File('save.cert.p12','password'); cert.Free; SaveToP12File raises "error:06800086:asn1 encoding routines::invalid utf8string", and so it does: cert.SaveToFile('save.cert.p12',true,true,false,'password',PrivKeyEncAES256); what looks like nonsense to me as I'm not providing any string that could be causing the utf8 encoding problem. In a nutshell: even if I'm interested in saving PrivKeyEncTripleDES only, I seem to be unable to save any certificate with any encryption. What am I missing? PD: My certs may include utf8 special characters as I'm Spanish, but hopefully this is not a problem for ICS
  2. razzmatazz

    Use of TX509Base.SaveToFile()

    Thanks, Angus. Yes, I have LEGACY.DLL in the folder. My about window says: PEM Certificate Tool (c) 2003-2022 by François PIETTE V8.70 Oct 20, 2022 TWSocket (c) 1996-2022 Francois Piette V8.70 SSL Version: OpenSSL 3.0.7 1 Nov 2022 Dir: C:\Delphi7\ICS\Samples\Delphi\Ssllnternet\libcrypto-3.dll Legacy Provider Loaded OK Compiler: Delphi 7 Win32
  3. razzmatazz

    Use of TX509Base.SaveToFile()

    OK, this is what I did in PEM Tools, just checking with you: Went to "Create certificates" tab Loaded one of mine importing private key I used the "Save PKCS12 cert" button down - exception arose: 'error:0588000D:x509 certificate routines::ASN1 lib' As I couldn't see the encryption anywhere here, I looked for it in a different tab. I found it in the next tab, called "New cert properties". There I selected "Triple DES" Back to the previous tab, I hit the save button: '3DES key encryption not supported without legacy module' With AES256 it came 'Error creating PKCS12 certificate - error:0588000D:x509 certificate routines::ASN1 lib' Does this test help? Thanks A LOT for your help.
  4. razzmatazz

    Use of TX509Base.SaveToFile()

    Thanks for the speedy response, Angus! I'm not familiar to PEM Tools, but I can give it a try. However, suspecting that I was doing anything wrong, yesterday I added a button to PEM Tools: procedure TfrmPemTool1.Button1Click(Sender: TObject); var cert: TX509Base; begin cert := TX509Base.Create(nil); cert.LoadFromFile('cert3.p12',croTry,croTry,'pw'); cert.SaveToP12File('save.cert3.p12','pw',false,PrivKeyEncTripleDES); cert.Free; end; Same result. 😕 "3DES key encryption not supported without legacy module" Is this similar to my manual test on PEM Tools?
  5. Hi, I'm new to ICS. I need to load PKCS#12 certificate files in an application I'm developing in Delphi 7. I've been testing the PEM tool demo included in ICS (ICS/samples/delphi/SSLinternet/OberbyteICSPEMTool.dpr) with all my personal certs and it can open them all. All of them are PFX / P12. However, when I try to open some of them with my own code, it fails with the error of the subject: "Error PKCS12 certificate - error:0308010C:digital envelope routines::unsupported". cert := TX509Base.Create(nil); cert.LoadFromFile('cert.p12',croTry,croTry,'password'); cert.Free; The result is the same if I call LoadFromFileEx or LoadFromP12File directly, or if I try croNo or croYes instead of croTry. Both, the ICS sample/demo and my three lines of code are loading LIBSSL-3.DLL and LIBCRYPTO-3.DLL. Still, the demo works and my code doesn't. Any help would be much appreciated!
×