[openssl-users] [SOLVED?] Re: openssl 1.0.2h pkcs12 export fails @ "digital envelope routines:EVP_PBE_CipherInit:unknown cipher"

PGNet Dev pgnet.dev at gmail.com
Tue Jun 28 18:03:27 UTC 2016

Reading @


		"By default the private key is encrypted using triple DES and the 
certificate using 40 bit RC2."

which clearly implies, with RC2 disabled (it is), that'll cause a 
problem in default config.

Adding the options

	openssl pkcs12 -export \
>>>	-descert

fixes the problem, insofar as no error's caused on export.

Would code to enable/use "-descert" as default cert, in the case of RC2 
disabled, be called for?

Or, perhaps with RC2 considered 'weak' these days, worhtwhile to make 
"-descert" the default?

More information about the openssl-users mailing list