英文:
Pkpass generation fails after yearly signature renewal
问题
我正在通过AWS Lambda函数生成pkpass文件。到目前为止,我一直在使用certificate.pem、private.key和wwdr.pem证书与wallet-3kpy(https://github.com/pretix/wallet-py3k)库。现在,一年过去了,证书需要更新。因此,我经历了生成.p12文件的过程,以从中提取certificate.pem和private.key。wwdr.pem我没有更改。现在生成pkpass时,出现了来自openssl的DecryptFail消息。我通过一个专用的lambda层向lambda函数提供了openssl11。而对于新的pkpass,我使用了不同的openssl版本。这可能是原因吗?
英文:
I am generating the pkpass files via an AWS Lambda function. So far I have been using the certificate.pem, private.key and wwdr.pem certificates with wallet-3kpy(https://github.com/pretix/wallet-py3k) library. Now, after a year, the certificate needs to be renewed. So I went through the process of generating the .p12 file in order to extract the certificate.pem and private.key out of it. The wwdr.pem I did not touch. The generation of the pkpass now fails with DecryptFail messages from openssl. I have provided openssl11 to the lambda function via a dedicated lambda layer. And for the new pkpass I used a different openssl version. Could that be the reason?
答案1
得分: 1
可能是您的 .p12 文件中的密钥与证书不匹配。
要检查:
提取证书和密钥(将 file.p12 替换为您的 .p12 文件名)。
:
openssl pkcs12 -in file.p12 -clcerts -nokeys -out certificate.pem
openssl pkcs12 -in file.p12 -nocerts -out privatekey.pem
获取每个的模数:
openssl rsa -noout -modulus -in privatekey.pem | openssl md5
openssl x509 -modulus -noout -in certificate.pem | openssl md5
如果它们不匹配,那么您的证书可能使用了错误的密钥。
英文:
It is possible that the key in your .p12 file doesn't match the certificate.
To check:
Extract the certificate and key (replace file.p12 with your .p12 filename).
:
openssl pkcs12 -in file.p12 -clcerts -nokeys -out certificate.pem
openssl pkcs12 -in file.p12 -nocerts -out privatekey.pem
Get the modulus for each:
openssl rsa -noout -modulus -in privately.pem | openssl md5
openssl x509 -modulus -noout -in certificate.pem | openssl md5
If they don't match, then you have the wrong key for your certificate.
答案2
得分: 0
我以错误的方式生成了 private.key。
正确的两个步骤如下:
- 通过以下方式使用 .p12 文件创建 certificate.pem:
openssl pkcs12 -in your_p12_file.p12 -out certificate.pem -nodes
- 通过以下方式从 certificate.pem 创建 private.key:
openssl rsa -in certificate.pem -out private.key
与 wwdr.pem 一起(苹果证书也需要是 .pem 格式),可以使用 wallet-py3k 库签署 pkpass 文件。
英文:
I generated the private.key in the wrong way.
The correct 2 steps are:
- Create the certificate.pem with the .p12 file via:
openssl pkcs12 -in your_p12_file.p12 -out certificate.pem -nodes
- Create the private.key out of the certificate.pem via:
openssl rsa -in certificate.pem -out private.key
Together with the wwdr.pem (the apple certificate needs to be in .pem too), pkpass files can be signed via the wallet-py3k library.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论