AW: How to figure out if .P12 is RSA or ECC crypted

[Beilharz, Michael]

Well, i have to convert the .P12 into .PEMs and there are different steps with openssl.exe the convert a .P12 (RSA) or a .P12 (ECC). The steps are clear and everything works fine, but instead of offering two options ("Import .P12 (RSA)" and "Import .P12 (ECC)") I would like to offer only one import option and the import routine analyse the .P12 to decide RSA or ECC import routine.

Regards
Michael

-----Ursprüngliche Nachricht-----
Von: openssl-users <openssl-users-bounces at openssl.org> Im Auftrag von Viktor Dukhovni
Gesendet: Donnerstag, 9. Juni 2022 14:40
An: openssl-users at openssl.org
Betreff: Re: How to figure out if .P12 is RSA or ECC crypted

On Thu, Jun 09, 2022 at 10:16:24AM +0000, Beilharz, Michael wrote:

> I retrieve .P12 certificates, they can be RSA or ECC crypted

PKCS#12 objects are encrypted with a *symmetric* password: 3DES, AES, ...  Perhaps you're confusing the public key algorithm in the certificate (or corresponding private key) with the encryption algorithm of the PKCS#12 object?

> so I offer two methods, to convert them into .PEMs.

The extraction of PEM formatted (PKCS#8) private keys and certificate chains (a sequence of X.509 certificate objects) from a PKCS#12 object does not require any public key algorithm-dependent techniques.  The same basic steps work for both RSA and ECDSA.

> I would like to detect, if a P12 is RSA or ECC crypted, so that I 
> offer only one Method and the method itself decide the correct way to 
> convert the P12.

What actual problem are you trying to solve?

-- 
    Viktor.