Helmut
March 11, 2025, 7:10am
1
Hello,
I have a question regarding a CSR generated by the TMS Crypto Pack. The CSR created by the following code cannot be parsed by other tools:
var
Csr: TX509CSR;
begin
Csr := TX509CSR.Create(nil);
try
Csr.KeyFilePath := System.IOUtils.TPath.GetTempFileName;
Csr.CSRFilePath := System.IOUtils.TPath.GetTempFileName;
Csr.signatureAlgorithm := TSignAlgo.sa_sha256rsa;
Csr.BitSizeEncryptionAlgorithm := 2048;
Csr.SubjectCountryName := ACsrConfig.countryName;
Csr.SubjectStateName := ACsrConfig.stateName;
Csr.SubjectLocalityName := ACsrConfig.localityName;
Csr.SubjectOrganizationName := ACsrConfig.organizationName;
Csr.SubjectOrganizationalUnitName := ACsrConfig.OrganizationUnitName;
Csr.SubjectCommonName := ACsrConfig.commonName;
Csr.Generate;
Result := Csr.CSRFilePath;
finally
Csr.Free;
end;
end;
When I parse the CSR using CyberChef, I receive the following error:
Parse CSR - unsupported PKCS#8 public key hex
I am using the latest Crypto Pack Beta version 5.0.3. Could you please explain this behavior?
Thanks in advance!
Best regards,
Bernard
March 11, 2025, 7:28am
2
Hello Helmut, can you send me the CSR as displayed in Cyberchef?
Helmut
March 11, 2025, 8:10am
3
Bernard
March 11, 2025, 9:31am
4
Your CSR decodes well in ASN.1 JavaScript decoder
CertificationRequest SEQUENCE (3 elem)
certificationRequestInfo CertificationRequestInfo SEQUENCE (3 elem)
version INTEGER 0
subject Name SEQUENCE (1 elem)
RelativeDistinguishedName [?] SEQUENCE (6 elem)
AttributeTypeAndValue [?] SET (1 elem)
type AttributeType [?] SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.6 countryName (X.520 DN component)
PrintableString DE
AttributeTypeAndValue [?] SET (1 elem)
type AttributeType [?] SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.8 stateOrProvinceName (X.520 DN component)
PrintableString BW
AttributeTypeAndValue [?] SET (1 elem)
type AttributeType [?] SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.7 localityName (X.520 DN component)
PrintableString Stuttgart
AttributeTypeAndValue [?] SET (1 elem)
type AttributeType [?] SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.10 organizationName (X.520 DN component)
PrintableString Coca-Cola
AttributeTypeAndValue [?] SET (1 elem)
type AttributeType [?] SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.11 organizationalUnitName (X.520 DN component)
PrintableString Coca-Cola CA
AttributeTypeAndValue [?] SET (1 elem)
type AttributeType [?] SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.3 commonName (X.520 DN component)
PrintableString example.com
subjectPKInfo SubjectPublicKeyInfo SEQUENCE (2 elem)
algorithm AlgorithmIdentifier SEQUENCE (2 elem)
algorithm OBJECT IDENTIFIER 1.2.840.113549.1.1.11 sha256WithRSAEncryption (PKCS #1 )
parameters ANY NULL
subjectPublicKey BIT STRING (2160 bit) 001100001000001000000001000010100000001010000010000000010000000100000…
SEQUENCE (2 elem)
INTEGER (2048 bit) 229070516762117220501430947693708313615577470481741593286509398368487…
INTEGER 65537
signatureAlgorithm AlgorithmIdentifier SEQUENCE (2 elem)
algorithm OBJECT IDENTIFIER 1.2.840.113549.1.1.11 sha256WithRSAEncryption (PKCS #1 )
parameters ANY NULL
signature BIT STRING (2048 bit) 111010011011101101010110110111001010011000111101110101110011110100111…
Helmut
March 11, 2025, 9:45am
5
Bernard:
Parse ASN.1 hex
@Bernard Am I doing it correctly?
Bernard
March 11, 2025, 9:47am
6
You need to remove the first and last lines as Cyberchef doesn't do it. It expects a base64 blob, the 'PEM' indicators are mere ASCII lines.
Helmut
March 11, 2025, 9:50am
7
It worked, thank you!
A genereal question... when are you going to release the 5th version?
Bernard
March 11, 2025, 9:53am
8
You can use the beta one, except for some curves and Speck.
1 Like
system
March 12, 2025, 9:54am
10
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.
