[strongSwan] PKCS#12 and leftid

Jacques Monin jacques.monin01 at gmail.com
Wed May 27 09:52:56 CEST 2015

It works !!

For people who have the same issue, here what I did :

openssl asn1parse -i -inform DER -in DERfile -strparse offset -length lgth
-noout -out out.raw
cat out.raw | od --address-radix=n --format=x1 | tr -d ' \n'

Do you know which library am I supposed to use if I want to do the same in
a C++ program ?


2015-05-26 21:06 GMT+02:00 Volker Rümelin <vr_strongswan at t-online.de>:

> If you have any reference (website, paper) talking about this, I would
>> be glad to read them.
>>  The english wikipedia article about ASN.1 should get you started. Don't
> miss the link to that 'A Layman's Guide to a Subset of ASN.1, BER, and DER'
> article there. RFC 5280 defines x509 certificates.
>  So I successed in creating a DER format file but I don't know wich part
>> of the "openssl asn1dn ..." I'm supposed to specify in
>> leftid="asn1dn:#xxxxxx". I dont know what is supposed to replace xxxxx.
>>     You have to use quotes.
>>              leftid="asn1dn:#306c310b3009060355040613024445...
>>     And you have to specify the DN in DER encoded format.
>>     openssl asn1parse decodes my DN example to
>>          0:d=0  hl=2 l= 108 cons: SEQUENCE
>>          2:d=1  hl=2 l=  11 cons:  SET
>>          4:d=2  hl=2 l=   9 cons:   SEQUENCE
>>          6:d=3  hl=2 l=   3 prim:    OBJECT            :countryName
>>         11:d=3  hl=2 l=   2 prim:    PRINTABLESTRING   :DE
>>         15:...
>>  You can extract the RDN from your DER encoded certificate or certificate
> request. openssl asn1parse will tell you the offset and number of bytes to
> copy. In my example the offset is 0 and length is hl+l=110 bytes. Just find
> a sequence similar to my example in your openssl asn1parse output.
> Regards,
> Volker
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150527/79274dea/attachment.html>

More information about the Users mailing list