[openssl-users] PKCS12 command ignore -cipher option silently
Michel
michel.sales at free.fr
Thu Feb 11 22:16:10 UTC 2016
Hi,
Testing the PKCS12 command I notice the -cipher option (in this case
-aes128) was silently ignore :
c:\OpenSSL_11_dbg\bin\openssl pkcs12 -export -out Certificate.p12 -inkey
RSAKey.pem -in Certificate.cer -aes128 -passin pass:test -passout pass:test
looks Ok but verifying, it is still 3des :
c:\openssl_11_dbg\bin\openssl pkcs12 -in Certificate.p12 -info -noout
-passin pass:test
MAC Iteration 2048
PKCS7 Encrypted data: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2048
Certificate bag
PKCS7 Data
Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2048
Surprisingly, with 1.0.2 it fails loudly :
openssl pkcs12 -export -out Certificate.p12 -inkey RSAKey.pem -in
Certificate.cer -aes128 -passin pass:test -passout pass:test
8632:error:060740A0:digital envelope routines:EVP_PBE_CipherInit:unknown
cipher:.\crypto\evp\evp_pbe.c:181:
8632:error:23077073:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 algor cipherinit
error:.\crypto\pkcs12\p12_decr.c:87:
8632:error:2306C067:PKCS12 routines:PKCS12_item_i2d_encrypt:encrypt
error:.\crypto\pkcs12\p12_decr.c:188:
8632:error:23073067:PKCS12 routines:PKCS12_pack_p7encdata:encrypt
error:.\crypto\pkcs12\p12_add.c:213:
Am I missing something ?
Regards,
Michel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160211/47fd154a/attachment.html>
More information about the openssl-users
mailing list