000021924 - Cannot import PKCS #12 with DSA key gen by RSA BSAFE Crypto-J/Cert-J into web browser

Document created by RSA Customer Support Employee on Jun 15, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000021924
Applies ToRSA BSAFE Cert-J
Microsoft Windows
PKCS #12
IssueCannot import PKCS #12 with DSA key gen by RSA BSAFE Crypto-J/Cert-J into web browser
Importing a PKCS #12 file containing a DSA key into Internet Explorer 6.0 web browser gives error: "An internal error occurred. The private key that you are importing might require a cryptographic service provider that is not installed on your system." FireFox 1.02 gives error: "The PKCS #12 operation failed for unknown reasons".
CauseThe private key algorithm identifier inside the pkcs8ShroudedKeyBag, which is encrypted inside encryptedData in the PKCS #12 file, is encoded using the old OIW OID for DSA instead of the X9.57 OID
ResolutionCall the PKCS12() constructor that takes an additional argument for the keyFormat(s):

    String[] keyFormats = { "DSAPrivateKeyX957BER" };
    PKCS12 p12Obj = new PKCS12(certJ, certs, null, keys, null, null,
null, keyFormats);
Legacy Article IDa25770

Attachments

    Outcomes