AW: How to figure out if .P12 is RSA or ECC crypted

Hubert Kario hkario at redhat.com
Thu Jun 9 12:59:20 UTC 2022


On Thursday, 9 June 2022 14:54:48 CEST, Beilharz, Michael wrote:
> Well, i have to convert the .P12 into .PEMs and there are 
> different steps with openssl.exe the convert a .P12 (RSA) or a 
> .P12 (ECC). The steps are clear and everything works fine, but 
> instead of offering two options ("Import .P12 (RSA)" and "Import 
> .P12 (ECC)") I would like to offer only one import option and 
> the import routine analyse the .P12 to decide RSA or ECC import 
> routine.

I think the issue is that the steps you have use the `openssl rsa` and
`openssl ec` commands instead of the `openssl pkey` command...

> Regards
> Michael
>
> -----Ursprüngliche Nachricht-----
> Von: openssl-users <openssl-users-bounces at openssl.org> Im 
> Auftrag von Viktor Dukhovni
> Gesendet: Donnerstag, 9. Juni 2022 14:40
> An: openssl-users at openssl.org
> Betreff: Re: How to figure out if .P12 is RSA or ECC crypted
>
> On Thu, Jun 09, 2022 at 10:16:24AM +0000, Beilharz, Michael wrote:
>
>> I retrieve .P12 certificates, they can be RSA or ECC crypted
>
> PKCS#12 objects are encrypted with a *symmetric* password: 
> 3DES, AES, ...  Perhaps you're confusing the public key 
> algorithm in the certificate (or corresponding private key) with 
> the encryption algorithm of the PKCS#12 object?
>
>> so I offer two methods, to convert them into .PEMs.
>
> The extraction of PEM formatted (PKCS#8) private keys and 
> certificate chains (a sequence of X.509 certificate objects) 
> from a PKCS#12 object does not require any public key 
> algorithm-dependent techniques.  The same basic steps work for 
> both RSA and ECDSA.
>
>> I would like to detect, if a P12 is RSA or ECC crypted, so that I 
>> offer only one Method and the method itself decide the correct way to 
>> convert the P12.
>
> What actual problem are you trying to solve?
>

-- 
Regards,
Hubert Kario
Principal Quality Engineer, RHEL Crypto team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic



More information about the openssl-users mailing list