[Botan-devel] problems decoding BER

Jack Lloyd lloyd at randombit.net
Sat Jan 27 23:08:12 EST 2007


Yes, this is a known bug. Basically the code in PKCS8_decode (in
pkcs8.cpp) uses the PEM header ("PRIVATE KEY"/"ENCRYPTED PRIVATE KEY")
to tell if it should attempt to decrypt the output or not. When raw
BER is used, this doesn't work, it defaults to assuming it is
encrypted and then when the decryption fails it throws the exception.

The code should be rewritten to instead pull objects of the stream one
at a time and figure out which it is (thankfully the encrypted and
non-encrypted formats are (slightly) different), this would also
prevent it from becoming confused by a key with an incorrect PEM
header.

-Jack

On Thu, Jan 25, 2007 at 07:30:25PM +0500, Muzaffar Mahkamov wrote:
> Hi,
> 
> I'm having strange problems decoding RAW_BER encoded Private key.
> Here's a demo code:
> 
> Botan::Pipe pipe;
> pipe.start_msg();
> Botan::PKCS8::encode(priv_key, pipe, Botan::RAW_BER);
> pipe.end_msg();
> 
> Botan::SecureVector<byte> tmp = pipe.read_all();
> 
> Botan::DataSource_Memory ds(tmp);
> auto_ptr<Botan::PKCS8_PrivateKey> pkcs8(Botan::PKCS8::load_key(ds));
> 
> 
> PKCS8::load_key() fails decoding "BER" here. There's no problem using
> PEM encoding. Even if I take "tmp" and encode it to PEM using
> PEM_Code::encode the PKCS8::load_key() fails.
> 
> I'm using Botan 1.4.12
> 
> Thanks in advance,
> Muzaffar
> 
> _______________________________________________
> botan-devel mailing list
> botan-devel at randombit.net
> http://www.randombit.net/mailman/listinfo/botan-devel



More information about the botan-devel mailing list