[openssl-users] Combining certificate and key in PEM format into a P12 file without knowing the key password?

Viktor Dukhovni openssl-users at dukhovni.org
Tue Feb 20 13:27:51 UTC 2018

On Tue, Feb 20, 2018 at 12:23:14PM +0100, Jakob Bohm wrote:

> > I was wondering whether it was possible somehow to take a certificate and an
> > enciphered private key, both in .pem format, and combine them into a PKCS12
> > structure without knowing the key passphrase?
> In the commonly accepted variants of PKCS#12, private key and all the
> certificates are encrypted with the same password.  PKCS#12 with
> different password for private key and certificates is not widely
> supported.

Do any of the PKCS#12 key derivation functions implement the same
password -> key algorithm as is used in OpenSSL's PEM password to
key mapping for private keys?  I suspect that might be another
problem area.

What combination of the "-keypbe", "-macalg", and "-maciter" options
yields a key derivation function that matches PEM?


More information about the openssl-users mailing list