javascript - 伪造读取 p12 和 pfx 文件的错误

Question

我在尝试读取/解码 p12 和 pfx 文件时遇到以下错误:

Cannot read PKCS#12 PFX. ASN.1 object is not an PKCS#12 PFX

Too few bytes to read ASN.1 value.

我正在尝试使用以下 Javascript 读取文件:

<input id="cert-file" type="file" name="cert" /><output id="p12cert"></output>

使用 JQuery，我附加了一个“更改时”事件处理程序，以检查所选文件。

$j("#cert-file").change(handleFileSelect);

function handleFileSelect(evt) {
    var files = evt.target.files; // FileList object
    getFile(files[0]);    
}

然后我尝试读取文件并使用 forge 对其进行解码。

function getFile(p12cert)
{
    var reader = new FileReader();

    var password = 'password';

    reader.onload = (function (theFile) {
        return function(eve) {

            var p12Der = forge.util.decode64(eve.target.result);

            // get p12 as ASN.1 object
            // Not working for one of my p12 files
            var p12Asn1 = forge.asn1.fromDer(p12Der);

            // decrypt p12 using the password 'password'
            // TODO: Not working for some reason for p12 and pfx file
            var p12 = forge.pkcs12.pkcs12FromAsn1(p12Asn1, password);
        };
    })(p12cert);

reader.readAsText(p12cert);

我不确定我是否只是读错了文件。我正在关闭 here 中的 FileReader 示例.我做错了什么或者我的证书可能有问题吗？

Answer 1

更新:看起来问题出现在数据传递给伪造之前。没有以正确的格式读取数据。您可以尝试以下选项之一:

选项 1:

reader.readAsDataURL(p12cert); // change from readAsText

// in reader.onload, parse out the base64 part:
var p12Der = forge.util.decode64(eve.target.result.split(',')[1]);

选项 2:

reader.readAsBinaryString(p12cert); // change from readAsText

// in reader.onload, skip base64 decoding step entirely since the data is
// already in a binary string that forge can work with -- the downside
// is that this method is deprecated in the FileReader API
var p12Der = eve.target.result;

选项 3:

// instead, use an ArrayBuffer
reader.readAsArrayBuffer(p12cert);

// in reader.onload, convert to base64 and then decode as you were doing before
var b64 = forge.util.binary.base64.encode(new Uint8Array(eve.target.result));

选项 4:

// instead, use an ArrayBuffer
reader.readAsArrayBuffer(p12cert);

// in reader.onload, just do a raw conversion to a binary string and skip
// the base64 decoding (though this may cause a stack overflow
// with the current implementation in forge which is experimental)
var p12Der = forge.util.binary.raw.encode(new Uint8Array(eve.target.result));

旧:

您是否尝试过在非严格模式下加载 PKCS#12？这通常会解决此特定错误:

var p12Asn1 = forge.asn1.fromDer(p12Der, false);

var p12 = forge.pkcs12.pkcs12FromAsn1(p12Asn1, false, password);