0

I sniffed the communication between the client and the server using Wireshark, and I found out that during the handshake session, the client sends its certificate to the server.

I've managed to get the client's certificate, which is a PKCS12 formatted certificate and it looks like this:

MIIQuQIBAzCCEH8GCSqGSIb3DQEHAaCCEHAEghBsMIIQaDCCCx8GCSqGSIb3DQEHBqCCCxAwggsMAgEAMIILBQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQIYreCShA7AXACAggAgIIK2G6f/joD/1VqmZGehnd4f6UQ89fDrRUJ1tugG3ncL6ewz8iD/viVbdDtYD2+CYQaXAu2jx4ePRw9ohippdK3pQLPPDzjzN7p4RmmsdCc3F8lVEmVkDq2IRzB1BSmZ3HK6PU5v5BvUQmIqZpijUiLCLdn7dKNTyvjFFKDfGS0oy5JVYr+O5WS1CqxfafDtwrX+iCiHMzDulGYVldb9+FHV8SMKkiiwjszih3+hgo+S6DVa3Cyfir3KEa9G2MBh2VkeQgCQdw893WAyFbIwHdB9QWWkwSWk4FGCtXP4gZ0Vjprv0tRydxnAcxpish5b5vmG0uMtguRC2criPAyFhW1NlT2TqzlX/mJW+shdh2FRvSyGlWqzcPdcT8Uks8BnZHpYOZVP9LbYVnO0X7bEAnNw6lsmbL4jxPJhAXGXX16vaXcCWLF+s64qFG6j/Jp61Vf6MxJWiqaC2AWLIVfdh9FJjQlvKtoX04uK9abYdBEvJ/J3u+/YIO7EIPiVwet1C23PRahybAQuGIXXHkk23rSDQ2AaIwnNBCBmW+mv2RuraS5KOm7Lk/9a9jWEWbjTYIMYSiy0PUFjhiZjjf3F1E4OqHGhbmCn3uhiYBGUXLRD8D33R9kMpzg1CAKq5ZOOyMkcNy2TWiWFB0ykQNuaPoOaoiXtsJiGEM/9ejhFQzOB28GiE3DG7xRfOb/BQTgjPzzAtfs1yXalzWu9CgguVZ/7/wL9sQVO29BWYwZQvbizEGczmPcHnzK4ft81bK1Ap4jZDvqSEfOBbH6j2BNw1d9hPUF/kjaccm/2jKkJTG4zQSz7RzxNs3w+QrYryc5sx8sQgcnYyGemirizHoNahbQU9RIzjP3lE0IjTuYl//DVXlVMXMu6JuLGwlC1F5wZ108NH1gUBC/Hepz8PXbwqB+exuSFNO51Mfg8kPTekO7wMTJK6OVBFkHi5QQLiL1PZSTtD4ypfL8BA/BFpm8A5N6ERCIwK5h8AOFdUO58iYeH98lSdppbwEQL7cMsSFczvBMJgiSfcflmPR1/mDEJtC9lqXt4pXhxbLSwMLB/CKaAMKBR6O3Ej6KVOsH2gOt2xGSHW08EURLXBLkvaFEpFi7JYg+N9UAWfS9eCNiLD6KKPCf1eBtJXfN3AR/n8/qouhOeub+MEHXNIaUoBpwaH+68ezDh7EAId9ytZXkiDWO9XMJYvfDIcJHoAKSjEYpnMjr3C9FbUpMDm4Bzu2eDOPR5B9T3oXH+HUDlSn6wERxNd79FgWuyUljZ2kQXIPLlKEgcCulAszHQeLEYgh/vbnwj/4lZ+LNehI6qyAphfEr1WOSfbVVGrZe0ekUDHi0hEifYm3sVwoiJHDE4Z0Qa+xHmGohVPrlvELNhcG7K1+Hd+MuNgTNAwxj40ix3qGQKEDfX .........

This is all I've got.

Also, I have the password used to secure the certificate, but I can't get any information out of it. So I've tried the extensions .p12 and .pfx in the file containing my certificate, and I've tried to convert the PEM format using openssl pkcs12 -in certificate.pfx -out certificate.cer -nodes; This didn't work!

I've also used the header/footer : ----BEGIN PKCS12-----/-----END PKCS----- and I still can't convert it to pem.

Is there anything else I can try? Thank you.

yosra
  • 121
  • 4
  • I believe, this is not a PFX, it is public X.509 certificate. – Crypt32 Jun 19 '19 at 16:39
  • @Crypt32 what made you think this? The name of the function that gets me this certificate is `getCplusPKCS12Cert()` (java) – yosra Jun 19 '19 at 16:44
  • because only public part of certificate (in PKCS#7 format) is sent to server during mutual TLS negotiation. It is not PFX (PKCS#12). – Crypt32 Jun 20 '19 at 07:30
  • @Crypt32 Thanks for your response. But can you please tell me how can you so sure that it's PKCS7 and not PKCS12? – yosra Jun 20 '19 at 08:02
  • https://tools.ietf.org/html/rfc5246#section-7.4.2: `The certificate type MUST be X.509v3, unless explicitly negotiated otherwise (e.g., [TLSPGP]).`. Though, it is not a pure PKCS#7, it is a `SEQUENCE` which is ordered (rather unordered `SET`). Anyway, it is not PKCS#12. – Crypt32 Jun 20 '19 at 08:45

0 Answers0