On 20/02/2018 11:04, Tobias Dussa (SCC) wrote:
Hi, I was wondering whether it was possible somehow to take a certificate and an enciphered private key, both in .pem format, and combine them into a PKCS12 structure without knowing the key passphrase? Googling does not reveal much useful information, unfortunately, and so far we have been unsuccessfully diving into PKCS12/8/5 specs. I don't really see a reason why it should not be possible, but of course that doesn't mean it is. :) THX & Cheers, Toby.
In the commonly accepted variants of PKCS#12, private key and all the certificates are encrypted with the same password. PKCS#12 with different password for private key and certificates is not widely supported. In the concatenated PEM format, only the private key is encrypted, but not the certificates. So to convert from concatenated PEM format to PKCS#12, even if the encrypted private key could be kept without decrypting the private key, the password for the private key is still needed to encrypt the certificates with the same password. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
