[openssl-users] pkcs12 is no encryption possible for certs?

Sean Leonard dev+openssl at seantek.com
Fri Feb 13 19:33:46 UTC 2015


Using the openssl pkcs12 -export command, is it possible to specify a 
"-certpbe" value that does not do encryption? Perhaps you only want 
integrity protection--you don't care whether the certificates are 
shrouded. The PKCS #12 standard seems to imply that "certBags" can be 
used as-is; however, all examples of PKCS #12 files that I have seen 
encrypt the certificates.

Will other common crypto stacks be able to process such a PKCS #12 file 
(that does not encrypt the certificates)?

Thanks, Sean


More information about the openssl-users mailing list