[blackpaw]

I've

• purchased a publisher ID
• Extracted the .cer and .key files with tcp12p8.bat
• Filled in a DevRequest certificat and submitted it to Symbian Signed Online
• Got a developer certificate file back

But when I try to create a signed sis file using the key file and the developer certificate I just get:

Code:

ensymble.py: not an RSA or DSA private key in PEM format

The key file is base64 encoded and starts with -----BEGIN PRIVATE KEY-----

Any suggestions?

thanks,

Lindsay

[jethro.fn]

Quote:

Originally Posted by blackpaw

I just get:

Code:

ensymble.py: not an RSA or DSA private key in PEM format

The key file is base64 encoded and starts with -----BEGIN PRIVATE KEY-----

Ensymble is unable to determine whether the key type is RSA or DSA. Change the first line to read

Code:

-----BEGIN RSA PRIVATE KEY-----

or

Code:

-----BEGIN DSA PRIVATE KEY-----

depending on the key type (my guess is RSA).

[blackpaw]

Thanks jethro, that seemed to make a difference. I checked the cert in explorer - its RSA 2048 bit, so I set that in the certificate.

Now I just get

Code:

ensymble.py: wrong pass phrase

I set no password when I exported the key from IE. It tried rexport with a passphrase and using that, still no joy.

Oddly when I set the key type to DSA (which I kow is wrong) I still get the same error.

Can ensymble/signsis cope with RSA 2048 bit?

[jethro.fn]

Quote:

Originally Posted by blackpaw

Code:

ensymble.py: wrong pass phrase

Any failure to convert the key to a binary format will lead to this error message. Most of the time that means wrong pass-phrase, so I decided that there was not much point trying to guess all the possible failures that might occur and handle them separately.

Quote:

Originally Posted by blackpaw

Oddly when I set the key type to DSA (which I kow is wrong) I still get the same error.

Can ensymble/signsis cope with RSA 2048 bit?

Ensymble uses the OpenSSL command line tool and should therefore support all the key types and sizes OpenSSL supports. However, Ensymble's OpenSSL integration is less than optimal, making it sensitive to untested cases. There's a command line swith --debug, which displays a lot of information about the OpenSSL invocations. Can you copy here the output of Ensymble with that option enabled?

[blackpaw]

Thanks jethro, here it is:

Code:

DEBUG: os.popen3('c:\\utils\\openssl rsa -in c:\\docume~1\\lindsay\\locals~1\\te
mp\\ensymble-ttqfpe\\privkey.pem -out c:\\docume~1\\lindsay\\locals~1\\temp\\ens
ymble-ttqfpe\\privkey2.pem -passin stdin')
DEBUG: pipeerr.read() = 'unable to load Private Key\n2140:error:0906D066:PEM rou
tines:PEM_read_bio:bad end line:.\\crypto\\pem\\pem_lib.c:744:\n'
Traceback (most recent call last):
  File "ensymble.py", line 1010, in <module>
    import cmdmain
  File "D:\Python25\lib\ihooks.py", line 404, in import_module
    q, tail = self.find_head_package(parent, str(name))
  File "D:\Python25\lib\ihooks.py", line 440, in find_head_package
    q = self.import_it(head, qname, parent)
  File "D:\Python25\lib\ihooks.py", line 495, in import_it
    m = self.loader.load_module(fqname, stuff)
  File "<package>", line 28, in load_module
  File "cmdmain.py", line 98, in <module>
  File "cmdmain.py", line 82, in main
  File "cmd_py2sis.py", line 625, in run
  File "sisfile.py", line 634, in tofile
  File "sisfile.py", line 574, in tostring
  File "sisfile.py", line 88, in signstring
  File "cryptutil.py", line 121, in signstring
ValueError: wrong pass phrase

[jethro.fn]

Wow. I learned something here...

Files that contain "-----BEGIN PRIVATE KEY-----" are in a newer format called PKCS#8, according to OpenSSL documentation. Ensymble only handles the old SSLeay compatible format.

This is something that needs to be implemented in Ensymble, but in the meantime you can convert your key to the old format with the OpenSSL command line tool:

Code:

openssl pkcs8 -in newformatkey.pem -out oldformatkey.pem

or

Code:

openssl pkcs8 -in newformatkey.pem -out oldformatkey.pem -nocrypt

if the new format key is not encrypted (OpenSSL does not auto-detect this).

[blackpaw]

Thanks! worked a treat (unencrypted),

Saved my ass