1. Forum
  2. DOVE-Net
  3. Synchronet Sysops

  • Trying to import Signed EC Cert/Key from another tool.

    From Michael J. Ryan@VERT to GitLab issue in main/sbbs on Sat Jan 23 23:38:19 2021
    open https://gitlab.synchro.net/main/sbbs/-/issues/205

    I'm trying to import a signed EC/Cert key from a Caddy instance. The files in question are in PEM format.

    EC Key looks like...
    ```
    -----BEGIN EC PRIVATE KEY-----
    ...DATA_HERE...
    -----END EC PRIVATE KEY-----
    ```

    EC Cert looks like...

    ```
    -----BEGIN CERTIFICATE----- MIIEBDCCA4qgAwIBAgIQVyDabKzO8adfPYtnJoQrETAKBggqhkjOPQQDAzBLMQsw
    ...DATA_HERE...
    -----END CERTIFICATE-----
    -----BEGIN CERTIFICATE-----
    ...DATA_HERE...
    -----END CERTIFICATE-----
    -----BEGIN CERTIFICATE-----
    ...DATA_HERE...
    -----END CERTIFICATE-----
    ```

    The code I'm trying to use is...

    ```
    require("acmev2.js", "ACMEv2");
    load("base-64.js");

    var keyin = "/caddy-data/caddy/certificates/acme.zerossl.com-v2-dv90/roughneckbbs.com/roughneckbbs.com.key"
    var certin = "/caddy-data/caddy/certificates/acme.zerossl.com-v2-dv90/roughneckbbs.com/roughneckbbs.com.crt"
    var sks_fname = backslash(system.ctrl_dir)+"ssl.cert";
    var maincnf_fname = backslash(system.ctrl_dir)+"main.cnf";

    function getSystemPassword() {
    var maincnf = new File(maincnf_fname);
    if (!maincnf.open("rb", true)) {
    throw("Unable to open "+maincnf.name);
    }
    maincnf.position = 186; // Indeed.
    var syspass = maincnf.read(40);
    syspass = syspass.replace(/\x00/g,'');
    maincnf.close();
    return syspass;
    }

    function readFile(file) {
    var f = new File(file);
    if (!f.open("rb", true)) {
    throw("Unable to open "+f.name);
    }
    var ret = f.read();
    f.close();
    return ret;
    }

    function getKey(file) {
    const raw = readFile(file);
    const middle = raw.trim()
    .replace(/^[-]+[^\-]+[-]+/, '')
    .replace(/[-]+[^\-]+[-]+$/, '')
    .replace(/[\s\r\n]/g, '');
    var kc = new CryptContext(CryptContext.ALGO.ECDSA);
    kc.set_key(raw);
    return kc;
    }

    function getCert(file) {
    var cert = readFile(file);
    cert = ACMEv2.prototype.create_pkcs7(cert);
    cert = new CryptCert(cert);
    return cert;
    }

    var cert = getCert(certin);
    var key = getKey(keyin); // genKey();
    writeln(key);

    var ks = new CryptKeyset(sks_fname, CryptKeyset.KEYOPT.CREATE); ks.add_private_key(key, getSystemPassword());
    ks.add_public_key(cert);
    ks.close();
    ```

    Any help would be appreciated... if I knew the expected format for `ctrl/ssl.cert` it might also be helpful.

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Deuce@VERT to GitLab note in main/sbbs on Tue Jan 26 03:13:54 2021
    https://gitlab.synchro.net/main/sbbs/-/issues/205#note_1354

    It's PKCS#15 encoded with RFC 5083 encryption on the private key.

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Deuce@VERT to GitLab note in main/sbbs on Tue Jan 26 05:12:20 2021
    https://gitlab.synchro.net/main/sbbs/-/issues/205#note_1364

    With the latest code from CVS, it's now possible to use certtool to import/export PKCS#12 files.

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Deuce@VERT to GitLab issue in main/sbbs on Tue Jan 26 05:12:20 2021
    close https://gitlab.synchro.net/main/sbbs/-/issues/205

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net