Using the openssl pkcs12 -export command, how can one specify a
different friendlyName attribute for the private key?
For example, consider the command:
openssl pkcs12 -export -out pkcs12.p12 -name "sean key 2015" -inkey
key.txt -in user.crt -name "sean user cert 2015" -certfile othercerts.txt
The resulting PKCS #12 file is structured:
=================================================
Certificate bag
Bag Attributes
localKeyID: A8 27 59 DA...
friendlyName: sean user cert 2015
subject=/...
issuer=/...
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgIQM9l4W5HgK1Amk8O6j/ceiDANBgkqhkiG9w0BAQsFADCB
...
-----END CERTIFICATE-----
Certificate bag
...
-----BEGIN CERTIFICATE-----
MIIFOjCCBCKgAwIBAgIRAOeNEe8GIrMlFJ1tdJReavQwDQYJKoZIhvcNAQELBQAw
...
-----END CERTIFICATE-----
Certificate bag
...
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgIQNeTi/66wrvlNcjCDiUjjWzANBgkqhkiG9w0BAQsFADCB
...
-----END CERTIFICATE-----
PKCS7 Data
Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2048
Bag Attributes
localKeyID: A8 27 59 DA...
friendlyName: sean user cert 2015
Key Attributes: <No Attributes>
Enter PEM pass phrase: [input]
Verifying - Enter PEM pass phrase: [input]
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIgGNOtafMxE8CAggA
...
-----END ENCRYPTED PRIVATE KEY-----
=================================================
Note that the friendlyName of the Shrouded Keybag is the friendly name
of the certificate, which is not the intent.
If it is not possible to change the key name with the command-line,
perhaps someone can point me to the source code location(s) where the
key name can be altered?
Thanks!
Sean
