This project is unmaintained. Please have a look at apc-p15-tool for a better alternative.
The target of this project is to provide a CLI alternative for the APC/Schneider Electric Security Wizard.
The project started with a fork of the pemtrans project form Abhijit Menon-Sen. pemtrans is essentially exactly what we need but the result doesn't work yet with APC devices.
- APC uses cryptlib as crypto lib.
- At the time of this writing the latest version (1.04) of the APC Security Wizard is using an ancient version of cryptlib (version 3.1.1).
- It seems like there are some compatibility issues between files created by different versions of cryptlib.
- The "CA Root certificate" files generated by the Security Wizard are unmodified p15 files.
- The key label is "Private key" and the password is "root".
- The final files for the devices generated by the "SSL Server Certificate"/"Import Signed Certificate" options are p15 files with an additional APC Header.
- The header is always 228 bytes long (See apcheader.c for details).
- The remaining data of the file is the p15 files generated by cryptlib.
- The key label is "Private key" and the password is "user".
- Remove APC header from server certificate
dd if=server-apc.p15 of=server.p15 bs=228 skip=1- Add APC header to a standard p15 file containing a 1024 bit key
apcheader server.p15 server-apc.p15 1