Beefy Boxes and Bandwidth Generously Provided by pair Networks
There's more than one way to do things
 
PerlMonks  

Using Perl to convert pkcs12 certificates to pem format, separate files for public/public keys

by symgryph (Acolyte)
on Jun 04, 2009 at 19:05 UTC ( #768547=perlquestion: print w/ replies, xml ) Need Help??
symgryph has asked for the wisdom of the Perl Monks concerning the following question:

I have a program below, which recursively calls openssl and coverts .pkcs12 files with the password being the same name as the filename to a .pem format with client certs and private keys. I want to take the first part (which works) and then parse out the two certificates (public and private) and then name them *.cert and *.key respectively. I am having trouble figuring out how to get perl to separate the two types of certificate. File 1 should contain the private key, me.key and me .cert (public cert).
!/usr/bin/perl -w @files = <*.p12>; foreach $file(@files) { $fileconvert=$file; $fileconvert=~s/\.p12//g; `openssl pkcs12 -passin pass:$fileconvert -clcerts -nodes -in $fi +le -out $fileconvert.pem\n"`; } @secondpass = <*.pem>; foreach $secondpass(@secondpass) { $filename=$secondpass; open CERT, "<$filename"; @cert=<CERT>; print @cert; while (@cert =~s/BEGIN RSA PRIVATE KEY(.*?)END RSA PRIVATE KEY//s) + { $code = $1; print "$code.\n"; } }
The data:
Bag Attributes localKeyID: 33 32 34 33 39 38 33 33 30 32 36 30 33 friendlyName: verisign class 3 public primary certification author +ity subject=/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification + Authority issuer=/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification +Authority -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- Bag Attributes localKeyID: 31 32 33 33 39 38 33 33 30 22 11 30 34 friendlyName: mycerts.test.com Key Attributes: <No Attributes> -----BEGIN RSA PRIVATE KEY----- THIS IS THE FILE i WANT ... -----END RSA PRIVATE KEY----- Bag Attributes localKeyID: 23 32 34 33 39 38 33 33 44 32 36 30 21 friendlyName: mycerts.test.com subject=/C=US/ST=Somewhere/L=There/O=My Org/OU=Terms of use at www.ver +isign.com/rpa (c)00/CN=MYCERTS.TEST.COM issuer=/O=VeriSign Trust Network/OU=VeriSign, Inc./OU=VeriSign Interna +tional Server CA - Class 3/OU=www.verisign.com/CPS Incorp.by Ref. LIA +BILITY LTD.(c)97 VeriSign -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- Bag Attributes localKeyID: 31 32 34 33 39 38 44 33 30 32 36 30 36 friendlyName: verisign intermediate ca subject=/O=VeriSign Trust Network/OU=VeriSign, Inc./OU=VeriSign Intern +ational Server CA - Class 3/OU=www.verisign.com/CPS Incorp.by Ref. LI +ABILITY LTD.(c)97 VeriSign issuer=/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification +Authority -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE-----
"Two Wheels good, Four wheels bad."

Comment on Using Perl to convert pkcs12 certificates to pem format, separate files for public/public keys
Select or Download Code
Re: Using Perl to convert pkcs12 certificates to pem format, separate files for public/public keys
by toolic (Chancellor) on Jun 04, 2009 at 21:27 UTC
    This looks like a job for Range Operators:
    use strict; use warnings; while (<DATA>) { print if (/BEGIN RSA PRIVATE KEY/ .. /END RSA PRIVATE KEY/); } __DATA__ Bag Attributes localKeyID: 33 32 34 33 39 38 33 33 30 32 36 30 33 friendlyName: verisign class 3 public primary certification author +ity subject=/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification + Authority issuer=/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification +Authority -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- Bag Attributes localKeyID: 31 32 33 33 39 38 33 33 30 22 11 30 34 friendlyName: mycerts.test.com Key Attributes: <No Attributes> -----BEGIN RSA PRIVATE KEY----- THIS IS THE FILE i WANT ... -----END RSA PRIVATE KEY----- Bag Attributes localKeyID: 23 32 34 33 39 38 33 33 44 32 36 30 21 friendlyName: mycerts.test.com subject=/C=US/ST=Somewhere/L=There/O=My Org/OU=Terms of use at www.ver +isign.com/rpa (c)00/CN=MYCERTS.TEST.COM issuer=/O=VeriSign Trust Network/OU=VeriSign, Inc./OU=VeriSign Interna +tional Server CA - Class 3/OU=www.verisign.com/CPS Incorp.by Ref. LIA +BILITY LTD.(c)97 VeriSign -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- Bag Attributes localKeyID: 31 32 34 33 39 38 44 33 30 32 36 30 36 friendlyName: verisign intermediate ca subject=/O=VeriSign Trust Network/OU=VeriSign, Inc./OU=VeriSign Intern +ational Server CA - Class 3/OU=www.verisign.com/CPS Incorp.by Ref. LI +ABILITY LTD.(c)97 VeriSign issuer=/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification +Authority -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE-----

    which prints:

    -----BEGIN RSA PRIVATE KEY----- THIS IS THE FILE i WANT ... -----END RSA PRIVATE KEY-----

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://768547]
Approved by ikegami
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others rifling through the Monastery: (6)
As of 2014-12-22 10:07 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    Is guessing a good strategy for surviving in the IT business?





    Results (114 votes), past polls