Collaborate Disseminate
recently I had a look at the capabilities of the Java keytool to create PKCS#12 containers with a protected private key. According to the standard a private key is protected using a PKCS#8 shrouded key bag applying a PKCS#5 password-based … Continue reading Specification of AES-based PKCS#5 Password-Based Encryption (PBE)
I have a folder with a private key file, certificate file, and a subfolder with several root certificate files.
I have concatenated the latter into the file $DIR/Root Certificates/all.crt.
If I create a pkcs12 certificate out of this using… Continue reading Why do certain openssl-generated pkcs12 MAC algorithms not work?
I’m writing a parse tool to extract each field of P12 file in C language, OpenSSL is too huge for my project.
After reading PKCS# series documents and ASN.1 documents, I understand the basic parse step.
I use OpenSSL to generate a self-sig… Continue reading How to Parse P12 File
I have a PKCS #12 file and want to export certificates and private key from the PKCS #12 file with openssl.
openssl pkcs12 -in test.p12 -nocerts -out key.pem
openssl pkcs12 -in test.p12 -out certs.pem -nokeys -nodes
I want to uncrypt the … Continue reading Get a key values mismatch when export cert and key from PKCS#12
Sorry this might be a noob question, but I subscribed to a VPN provider which ships its own app on Windows. Now I thought I’d prefer to use the OpenVPN client app instead.
I create a profile by providing it with a .ovpn file, which contai… Continue reading Using OpenVPN on Windows instead of VPN apps: missing certificate
I generated a pkcs12 keystore in Java and wanted to inspect it with OpenSSL, but OpenSSL threw back an error. After a bit of head scratching I realized that the KeyStore format in Java allows you to have different passwords on the store it… Continue reading Java KeyStore vs OpenSSL implementations of pkcs12 files -They seem to differ. Do they?
I want to know that what the security impact is if someone leaks the password of a PKCS12 certificate. I am referring to the password which is required when we export the certificate.
Continue reading PKCS12 password stolen – what’s the security impact?
It seems that the default password based key derivation function that is used by PKCS12 to generate a MAC is this one. It is unique to the standard and probably not used anywhere else. Is it possible to use PBKDF2 instead to generate a MAC… Continue reading Can I use PBKDF2 derivation function to generate a MAC in PKCS12 file?
As part of an internal Client/Server application, I have created my own (self-signed) Certificate Authority (CA), as well as both Client and Server certificates signed by my CA.
Loading my CA certificates into FireFox in PEM format is rel… Continue reading What are the sources of “SEC_ERROR_REUSED_ISSUER_AND_SERIAL” errors when using self-signed x509 Certificates in PKCS#12 files?
Is it possible to generate a PKCS12 keystore that will be FIPS compliant? In regular mode, I’m using “1.2.840.113549.1.12.1.3” – pbeWithSHAAnd3-KeyTripleDES-CBC(3) algorithm to encrypt private keys, while leaving the certific… Continue reading Can a PKCS12 keystore be FIPS compliant?