Invalid public key in certificate

[Julchenwsf]

I try to create a key, afterwards a certificate signed by another key.

So this is my Code to generate Keys
let keypair = KEYUTIL.generateKeypair("EC", "secp256r1"); let privateKey = keypair.prvKeyObj; let publicKey = keypair.pubKeyObj; //encrypted key let prvPEM = KEYUTIL.getPEM(privateKey, "PKCS8PRV", password, "AES-256-CBC"); let publicPEM = KEYUTIL.getPEM(publicKey);

To generate the certificate i use:

let tbsObject = new KJUR.asn1.x509.TBSCertificate();
    tbsObject.setSerialNumberByParam({'int': 4});
    tbsObject.setNotBeforeByParam({'str': creationTimeStamp});
    tbsObject.setNotAfterByParam({'str': expirationTimeStamp});
    tbsObject.setSubjectByParam({'/CN=User1'});
    tbsObject.setSignatureAlgByParam({'name': 'SHA256withECDSA'});
    tbsObject.setSubjectPublicKeyByGetKey(publicPEM);
    tbsObject.setIssuerByParam({'str': '/CN=UserCA'});

    let caKey = KEYUTIL.getKey(this.privateKey, password2); 

    let cert = new KJUR.asn1.x509.Certificate
    ({'tbscertobj': tbsObject, 'prvkeyobj': caKey });
    cert.sign();
    let certPEM = cert.getPEMString();

The generated Certificate is the following one:

-----BEGIN CERTIFICATE----- MIIBizCCATCgAwIBAgIBBDAKBggqhkjOPQQDAjBOMQswCQYDVQQGEwJERTERMA8G A1UECgwIQ0FfZmlybWExEDAOBgNVBAsMB2ZpbmFuY2UxGjAYBgkqhkiG9w0BCQEM C2Zpcm1hQGNhLmRlMBkXCzE2MTkzODA0OTFaFwoxNzc4MjEyMjhaMFQxCzAJBgNV BAYTAkRFMRgwFgYDVQQDDA9KdWxpYSBTY2huZWlkZXIxKzApBgkqhkiG9w0BCQEM HGp1bGlhLXNjaG5laWRlcjFAdC1vbmxpbmUuZGUwWTATBgcqhkjOPQIBBggqhkjO PQMBBwNCAASiWjJuLgTgD9dVyMNOdV+waWfUa8SUI6+zTzD0ZWEkgZZil6PYhsAF wQQehinyxBWbx00HAh+5nTKDLVtw57sBMAoGCCqGSM49BAMCA0kAMEYCIQDmSPkw +Kw2PtO0FbIR+Y5Sq6NHAXjPk5s07VrNSuonYwIhAIXxWFdB87LYm0V0e78AaCHD cD/Sw0FhlhtCYNNuE6QF -----END CERTIFICATE-----

I saved it to my PC and try to open it in Windows. Than an error says that the public Key is invalid.

Did I done something wrong? Do you habe an Idea what could be the error?

thanks in advance.

Best regards

Julia

[kjur]

Sorry but your code is based on obsoleted APIs. How about following Node.JS example?:

var rs = require("jsrsasign");
var rsu = require("jsrsasign-util");

var kp = rs.KEYUTIL.generateKeypair("EC", "secp256r1");
var prv = kp.prvKeyObj;
var pub = kp.pubKeyObj;
var prvpem = rs.KEYUTIL.getPEM(prv, "PKCS8PRV");
var pubpem = rs.KEYUTIL.getPEM(pub, "PKCS8PUB");

var x = new rs.KJUR.asn1.x509.Certificate({
version: 3,
serial: {int: 4},
issuer: {str: "/CN=UserCA"},
notbefore: "201231235959Z",
notafter:  "221231235959Z",
subject: {str: "/CN=User1"},
sbjpubkey: pub,
ext: [
  {extname: "basicConstraints", cA: false},
  {extname: "keyUsage", names:["digitalSignature"]},
  {extname: "cRLDistributionPoints",
   array: [{fulluri: 'http://example.com/a.crl'}]}
],
sigalg: "SHA256withECDSA",
cakey: prv
});

console.log(prvpem);
console.log(pubpem);
console.log(x.getPEM());

[Julchenwsf]

So i changed the code and now my error is: ERROR not signed yet

[kjur]

Did you specify "cakey" member? When "cakey" is specified properly, the certificate will be signed when "getPEM()" method is called. Above example shall work.

[Julchenwsf]

Finallly it worked. Thanks for your help.