[openssl-dev] pkcs12 settings, Was: Re: [openssl.org #4588] pkcs12 -info doesn't handle PKCS#12 files with PKCS#5 v2.0 PBE
Dr. Stephen Henson
steve at openssl.org
Tue Jul 19 23:35:13 UTC 2016
On Tue, Jul 19, 2016, Hubert Kario wrote:
> I have few questions now though:
>
> I've noticed that 1.0.2 uses sha1 hmac for the PRF while the master
> uses sha256
>
> is there a way to set this?
>
Not currently no (at least not from the command line, maybe by delving
into the pkcs12 internals). It's determined by the encryption algorithm (if it has a
preference: most don't) or the value is hard coded in p5_pbev2.c
> also, is there a way to report the MAC algorithm used over the whole
> file (the one set using -macalg)
>
Not from the command line currently. The PKCS12_get0_mac() function can be
used to retrieve the X509_ALGOR structure corresponding to the MAC though.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
More information about the openssl-dev
mailing list