[openssl-users] Combining certificate and key in PEM format into a P12 file without knowing the key password?
Viktor Dukhovni
openssl-users at dukhovni.org
Tue Feb 20 13:27:51 UTC 2018
On Tue, Feb 20, 2018 at 12:23:14PM +0100, Jakob Bohm wrote:
> > I was wondering whether it was possible somehow to take a certificate and an
> > enciphered private key, both in .pem format, and combine them into a PKCS12
> > structure without knowing the key passphrase?
>
> In the commonly accepted variants of PKCS#12, private key and all the
> certificates are encrypted with the same password. PKCS#12 with
> different password for private key and certificates is not widely
> supported.
Do any of the PKCS#12 key derivation functions implement the same
password -> key algorithm as is used in OpenSSL's PEM password to
key mapping for private keys? I suspect that might be another
problem area.
What combination of the "-keypbe", "-macalg", and "-maciter" options
yields a key derivation function that matches PEM?
--
Viktor.
More information about the openssl-users
mailing list