[openssl-dev] pkcs12 settings, Was: Re: [openssl.org #4588] pkcs12 -info doesn't handle PKCS#12 files with PKCS#5 v2.0 PBE
Hubert Kario
hkario at redhat.com
Wed Jul 20 12:25:42 UTC 2016
On Tuesday, 19 July 2016 23:35:13 CEST Dr. Stephen Henson wrote:
> On Tue, Jul 19, 2016, Hubert Kario wrote:
> > I have few questions now though:
> >
> > I've noticed that 1.0.2 uses sha1 hmac for the PRF while the master
> > uses sha256
> >
> > is there a way to set this?
>
> Not currently no (at least not from the command line, maybe by delving
> into the pkcs12 internals). It's determined by the encryption algorithm (if
> it has a preference: most don't) or the value is hard coded in p5_pbev2.c
yes, I don't see a simple way to do that, thanks anyway
> > also, is there a way to report the MAC algorithm used over the whole
> > file (the one set using -macalg)
>
> Not from the command line currently. The PKCS12_get0_mac() function can be
> used to retrieve the X509_ALGOR structure corresponding to the MAC though.
something like this?
https://github.com/openssl/openssl/pull/1334
the small problem is that this prints:
MAC algorithm: sha1, <unsupported parameters>
I'm not sure how correct is that (haven't read the PKCS#12 standard)
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160720/3205137e/attachment-0001.sig>
More information about the openssl-dev
mailing list