On Thursday, 17 February 2022 10:31:40 CET, Florin Spătar wrote:
I see. Thanks for the suggested workaround.
Are there any plans for PKCS12_parse to support PKCS12 files
without MAC or any plans to use a FIPS approved algorithm for
PKCS12 MAC? Any of these would help dealing with PKCS12 files in
FIPS mode.
As Tomas said, the issue is with the PKCS#12 standard.
For the MAC calculation to use FIPS approved KDF the PKCS#12 standard would
have to be updated.
That's something my colleagues and me will probably tackle, but don't know
when.
Thanks,
Florin Spatar
On 16.02.2022 17:25, Tomas Mraz wrote:
Yes, unfortunately PKCS12_parse currently does not support PKCS12 files
without the MAC. Such support could be easily added. As a workaround
you can look at how the pkcs12 application is implemented and use these
calls instead.
--
Regards,
Hubert Kario
Senior Quality Engineer, RHEL Crypto team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
