000021937 - PKCS #12 file exported from RSA BSAFE Cert-C and containing DSA certificate/key cannot be imported into Microsoft Internet Explorer

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000021937
Applies ToRSA BSAFE Cert-C
Microsoft Windows
Microsoft Internet Explorer
IssuePKCS #12 file exported from RSA BSAFE Cert-C and containing DSA certificate/key cannot be imported into Microsoft Internet Explorer
CauseThe OIW OID for DSA keys is encoded in the PrivateKeyInfo of the shroudedKeyBag encrypted in the encryptedData of the PKCS #12. The signature algorithm is X9.57 dsaWithSHA1. Microsoft does not seem to like the OIW OID for DSA key or this combination.
ResolutionWhen you call C_WriteToPKCS12() (or C_ExportPKCS12()), include PKCS12_DSA_PRIVATE_X957 in the option argument. This will encode the X9.57 DSA OID in the PrivateKeyInfo.
Legacy Article IDa25771

Attachments

    Outcomes