Hi, Testing the PKCS12 command I notice the -cipher option (in this case -aes128) was silently ignore : c:\OpenSSL_11_dbg\bin\openssl pkcs12 -export -out Certificate.p12 -inkey RSAKey.pem -in Certificate.cer -aes128 -passin pass:test -passout pass:test looks Ok but verifying, it is still 3des : c:\openssl_11_dbg\bin\openssl pkcs12 -in Certificate.p12 -info -noout -passin pass:test MAC Iteration 2048 PKCS7 Encrypted data: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2048 Certificate bag PKCS7 Data Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2048 Surprisingly, with 1.0.2 it fails loudly : openssl pkcs12 -export -out Certificate.p12 -inkey RSAKey.pem -in Certificate.cer -aes128 -passin pass:test -passout pass:test 8632:error:060740A0:digital envelope routines:EVP_PBE_CipherInit:unknown cipher:.\crypto\evp\evp_pbe.c:181: 8632:error:23077073:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 algor cipherinit error:.\crypto\pkcs12\p12_decr.c:87: 8632:error:2306C067:PKCS12 routines:PKCS12_item_i2d_encrypt:encrypt error:.\crypto\pkcs12\p12_decr.c:188: 8632:error:23073067:PKCS12 routines:PKCS12_pack_p7encdata:encrypt error:.\crypto\pkcs12\p12_add.c:213: Am I missing something ? Regards, Michel -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160211/47fd154a/attachment.html>
