[openssl-users] pkcs12 is no encryption possible for certs?
Michael Sierchio
kudzu at tenebras.com
Fri Feb 13 21:25:11 UTC 2015
Yes, I am sure that some folks find known plaintext in an encrypted object
to be helpful.
[apologies for top-posting... dumb smart phone]
- M
On Feb 13, 2015 1:21 PM, "Viktor Dukhovni" <openssl-users at dukhovni.org>
wrote:
> On Fri, Feb 13, 2015 at 12:02:06PM -0800, Michael Sierchio wrote:
>
> > Whenever I hear someone talking about encrypting a certificate, I
> > conclude that they are horribly confused. A cert is signed, over the
> > entire contents, so integrity is reducible to the cryptographic
> > algorithms employed. A cert is not a secret, does not contain secrets,
> > etc.
>
> And yet, PKCS#12 objects are encrypted, and include certificates.
>
> --
> Viktor.
> _______________________________________________
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150213/8c7ba729/attachment.html>
More information about the openssl-users
mailing list