Beefy Boxes and Bandwidth Generously Provided by pair Networks
We don't bite newbies here... much
 
PerlMonks  

Using Perl to convert pkcs12 certificates to pem format, separate files for public/public keys

by symgryph (Acolyte)
on Jun 04, 2009 at 19:05 UTC ( #768547=perlquestion: print w/ replies, xml ) Need Help??
symgryph has asked for the wisdom of the Perl Monks concerning the following question:

I have a program below, which recursively calls openssl and coverts .pkcs12 files with the password being the same name as the filename to a .pem format with client certs and private keys. I want to take the first part (which works) and then parse out the two certificates (public and private) and then name them *.cert and *.key respectively. I am having trouble figuring out how to get perl to separate the two types of certificate. File 1 should contain the private key, me.key and me .cert (public cert).
!/usr/bin/perl -w @files = <*.p12>; foreach $file(@files) { $fileconvert=$file; $fileconvert=~s/\.p12//g; `openssl pkcs12 -passin pass:$fileconvert -clcerts -nodes -in $fi +le -out $fileconvert.pem\n"`; } @secondpass = <*.pem>; foreach $secondpass(@secondpass) { $filename=$secondpass; open CERT, "<$filename"; @cert=<CERT>; print @cert; while (@cert =~s/BEGIN RSA PRIVATE KEY(.*?)END RSA PRIVATE KEY//s) + { $code = $1; print "$code.\n"; } }
The data:
Bag Attributes localKeyID: 33 32 34 33 39 38 33 33 30 32 36 30 33 friendlyName: verisign class 3 public primary certification author +ity subject=/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification + Authority issuer=/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification +Authority -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- Bag Attributes localKeyID: 31 32 33 33 39 38 33 33 30 22 11 30 34 friendlyName: mycerts.test.com Key Attributes: <No Attributes> -----BEGIN RSA PRIVATE KEY----- THIS IS THE FILE i WANT ... -----END RSA PRIVATE KEY----- Bag Attributes localKeyID: 23 32 34 33 39 38 33 33 44 32 36 30 21 friendlyName: mycerts.test.com subject=/C=US/ST=Somewhere/L=There/O=My Org/OU=Terms of use at www.ver +isign.com/rpa (c)00/CN=MYCERTS.TEST.COM issuer=/O=VeriSign Trust Network/OU=VeriSign, Inc./OU=VeriSign Interna +tional Server CA - Class 3/OU=www.verisign.com/CPS Incorp.by Ref. LIA +BILITY LTD.(c)97 VeriSign -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- Bag Attributes localKeyID: 31 32 34 33 39 38 44 33 30 32 36 30 36 friendlyName: verisign intermediate ca subject=/O=VeriSign Trust Network/OU=VeriSign, Inc./OU=VeriSign Intern +ational Server CA - Class 3/OU=www.verisign.com/CPS Incorp.by Ref. LI +ABILITY LTD.(c)97 VeriSign issuer=/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification +Authority -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE-----
"Two Wheels good, Four wheels bad."

Comment on Using Perl to convert pkcs12 certificates to pem format, separate files for public/public keys
Select or Download Code
Re: Using Perl to convert pkcs12 certificates to pem format, separate files for public/public keys
by toolic (Chancellor) on Jun 04, 2009 at 21:27 UTC
    This looks like a job for Range Operators:
    use strict; use warnings; while (<DATA>) { print if (/BEGIN RSA PRIVATE KEY/ .. /END RSA PRIVATE KEY/); } __DATA__ Bag Attributes localKeyID: 33 32 34 33 39 38 33 33 30 32 36 30 33 friendlyName: verisign class 3 public primary certification author +ity subject=/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification + Authority issuer=/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification +Authority -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- Bag Attributes localKeyID: 31 32 33 33 39 38 33 33 30 22 11 30 34 friendlyName: mycerts.test.com Key Attributes: <No Attributes> -----BEGIN RSA PRIVATE KEY----- THIS IS THE FILE i WANT ... -----END RSA PRIVATE KEY----- Bag Attributes localKeyID: 23 32 34 33 39 38 33 33 44 32 36 30 21 friendlyName: mycerts.test.com subject=/C=US/ST=Somewhere/L=There/O=My Org/OU=Terms of use at www.ver +isign.com/rpa (c)00/CN=MYCERTS.TEST.COM issuer=/O=VeriSign Trust Network/OU=VeriSign, Inc./OU=VeriSign Interna +tional Server CA - Class 3/OU=www.verisign.com/CPS Incorp.by Ref. LIA +BILITY LTD.(c)97 VeriSign -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- Bag Attributes localKeyID: 31 32 34 33 39 38 44 33 30 32 36 30 36 friendlyName: verisign intermediate ca subject=/O=VeriSign Trust Network/OU=VeriSign, Inc./OU=VeriSign Intern +ational Server CA - Class 3/OU=www.verisign.com/CPS Incorp.by Ref. LI +ABILITY LTD.(c)97 VeriSign issuer=/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification +Authority -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE-----

    which prints:

    -----BEGIN RSA PRIVATE KEY----- THIS IS THE FILE i WANT ... -----END RSA PRIVATE KEY-----

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://768547]
Approved by ikegami
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others scrutinizing the Monastery: (17)
As of 2014-07-10 12:39 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    When choosing user names for websites, I prefer to use:








    Results (209 votes), past polls