Hi, On Tue, Feb 20, 2018 at 12:23:14PM +0100, Jakob Bohm wrote: > >Googling does not reveal much useful information, unfortunately, and so far we > >have been unsuccessfully diving into PKCS12/8/5 specs. I don't really see a > >reason why it should not be possible, but of course that doesn't mean it is. :) > In the commonly accepted variants of PKCS#12, private key and all the > certificates are encrypted with the same password. PKCS#12 with > different password for private key and certificates is not widely > supported. I see. > In the concatenated PEM format, only the private key is encrypted, but > not the certificates. Yep. > So to convert from concatenated PEM format to PKCS#12, even if the > encrypted private key could be kept without decrypting the private > key, the password for the private key is still needed to encrypt > the certificates with the same password. ... iff you need to retain wide-spread compatibility. So if that is not necessary, the question remains: Is there a way to reuse an already-encrypted privkey? THX & Cheers, Toby. -- I know that you believe that you understood what you think I said, but I am not sure you realize that what you heard is not what I meant.
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
