Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Uncaught (in promise) CryptoServerError: Cannot parse Certificate or Certificate Request from incoming ASN1 #12

Open
antonioaraujob opened this issue Aug 26, 2021 · 7 comments
Open

Uncaught (in promise) CryptoServerError: Cannot parse Certificate or Certificate Request from incoming ASN1 #12

antonioaraujob opened this issue Aug 26, 2021 · 7 comments
Assignees
@donskov

Comments

@antonioaraujob
Copy link

Dear Friends of Fortity,
I hope you are fine.

I am testing fortify-examples using a SafeNet 5110 USB token for generating a CSR.

When I open https://peculiarventures.github.io/fortify-examples/example1.html the web page lists the provider (SafeNet eToken 5100), however when I try to create the CSR I see the following in the Browser’s console:

Screen Shot 2021-08-26 at 10 08 13 AM

It seems the CSR object was created but the importCert() function fails.

// Convert request to DER
const derRequest = request.toSchema(true).toBER(false);
const base64 = DerToPem(derRequest, "CERTIFICATE REQUEST");
console.log(base64);

// import key to crypto
const req = await crypto.certStorage.importCert("request", derRequest, alg, ["sign", "verify"]);

I also checked the Fortify’s log and I could see the following:

Screen Shot 2021-08-26 at 10 19 12 AM

Could you please guide me on how to fix this issue?

Is this related to a dependency version?

I have a little doubt about CSR generation process. Please excuse me if this is a basic question but I understand that WebCrypto is using the Provider to generate the key pair, so I would like to know why we have to import the CSR and keys as follows:

// import key to crypto
const req = await crypto.certStorage.importCert("request", derRequest, alg, ["sign", "verify"]);

// add keys and request to storage
const privateKeyIndex = await crypto.keyStorage.setItem(keys.privateKey);
const publicKeyIndex = await crypto.keyStorage.setItem(keys.publicKey);
const requestIndex = await crypto.certStorage.setItem(req);

Best regards

Antonio
@donskov
Copy link
Collaborator

donskov commented Aug 26, 2021
edited
Loading

@antonioaraujob Hello and thank you for the issue. Related for me too on NSS Certificate DB provider. We will investigate what happened.

@antonioaraujob
Copy link
Author

Hello @donskov, thanks for your comments and your time.

Yes, you are right. I also saw the same behavior for MacOS Crypto provider:

Screen Shot 2021-08-26 at 1 25 15 PM

and NSS Certificate DB provider:

Screen Shot 2021-08-26 at 1 25 40 PM

Best regards

@donskov
Copy link
Collaborator

donskov commented Aug 26, 2021

@antonioaraujob I think the problem was fixed. Please try to run the example again.

@antonioaraujob
Copy link
Author

Dear @donskov, I hope you are fine.
I run the example again and it worked for MacOS Crypto provider:

MacOSCrypto

and SafeNet eToken 5100 provider:

token

For NSS Certificate DB I got the following:

nssCertificateDB

Thank you very much for the support.

Best regards

@rmhrisk rmhrisk assigned donskov and unassigned microshine Aug 26, 2021
@donskov
Copy link
Collaborator

donskov commented Aug 27, 2021

@microshine Hey. Do you know anything about it? Maybe NSS Certificate DB doesn't support CSR?

@microshine
Copy link
Collaborator

We are using CKO_DATA for CSR keeping. As I can remember NSS doesn't support that type of objects

@rmhrisk
Copy link
Contributor

rmhrisk commented Aug 27, 2021

Then sounds like we need to come up with an alternative way for NSS?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@donskov donskov

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@rmhrisk @microshine @antonioaraujob @donskov