StreamSec Home  Forum Home
username password  
Welcome, Guest.
Your IP: 216.73.216.54
2026-07-19 03:20:17 
 Public Support
 'Wrong password' is returned from pfx
Bottom
 
Total posts: 7
 Author 'Wrong password' is returned from pfx
Bryn Lewis

2026-06-30 05:06:12
Registered user
hi

I am using rtc and steamsec 4.

smSimpleTLSInternalServer1.ImportFromPFX(global.APP_PATH+'Server.pfx',PW)

and it is returning 'Wrong password'

I am sure i am using the correct password. It also fails if password is ''.

if macData.Verify(lContent,aPW) then begin
  returns false
  
 I can provide the pfx and password by email.
 
thanks, Bryn
Bryn Lewis

2026-06-30 08:03:42
Registered user
It has something to do with the OpenSSL export (used to create the pfx).

I get the 'Wrong password' exception when using openSSL 3.6, but I don't get it with an older version (2019)
Henrick Wibell Hellström

2026-06-30 09:24:27
Registered user
The certificate.pfx file you sent me opens with the implementation in my working dir. I haven't checked with older version of StreamSec 4.x. But the only thing I noticed when parsing the pfx structure was that you probably have to add stPkcs5 to a project uses clause, and then pass the password using the tDualSecretKey class instead of the tSecretKey. Let us know if that leads to any progress.
Bryn Lewis

2026-07-01 01:54:40
Registered user
There is no TDualSecret in the stPkcs5 unit that I have - I can't find it in the Streamsec code at all.
Henrick Wibell Hellström

2026-07-01 06:38:17
Registered user
The tDualSecretKey class lives in unit stSecUtils, next to tSecretKey and the iSecretKey interface, which it implements.

Unit stPkcs5 has to be added because it registers a class that StreamSec.DSI.Pkcs12 needs for decrypting PFX files generated by more recent OpenSSL versions.
Bryn Lewis

2026-07-01 22:34:49
Registered user
tDualSecretKey is not in my stSecUtils either.
Henrick Wibell Hellström

2026-07-01 22:49:10
Registered user
OK, then I am sorry, but you have to update to a later version. But on the flip side there are a lot of new features in the latest version, such as TLS 1.3, support for post quantum cryptography, OCSP, automatic CRL refresh, revamped SSH tunneling, updated SNIF remoting, a ton of bug fixes, and more.
Top

:: Written with and Powered by the RealThinClient SDK and StreamSec Tools 4.0::
Copyright (c) Danijel Tkalcec, StreamSec HB