Re: How to convert .P12 Certificate (ECC crypted) to .PEMs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Michael,

openssl pkcs12 -in "inCert.p12" -out "out.pem" -passin pass:<pw> -nodes

is sufficient to convert all credentials in the PKCS#12 file to a single PEM file with the key being stored unencrypted.
Since OpenSSL 3.0, the outdated -nodes option has been deprecated; so there better use -noenc.

To get the leaf cert only, your

openssl pkcs12 -in "inCert.p12" -clcerts -nokeys -out "outCert.pem" -passin pass:<pw>

is adequate, while to get the related key only, it is sufficient to use

openssl pkcs12 -in "inCert.p12" -nocerts -noenc -out "outKey.pem" -passin pass:<pw>


To decrypt any type of key, you can use e.g., 

openssl pkey -in "outTmpKey.pem" -out "outKey.pem" -passin pass:<pw>

All the commands mentioned above work regardless of the key type (RSA, EC, etc.).
If you really need to handle (in this case: decrypt) specifically EC keys, you can use, e.g.,

openssl ec -in "outTmpKey.pem" -out "outKey.pem" -passin pass:<pw>


On Wed, 2022-05-25 at 19:23 +0000, Lynch, Pat wrote:

Try adding the following command line arguments:   -outform pem


This won't work because the openssl pkcs12 command does not have an -outform option.
And for those having it such as openssl x509, it is not needed because PEM is the default.

Regards,
David

 

From: openssl-users <openssl-users-bounces@xxxxxxxxxxx>On Behalf Of Beilharz, Michael
Sent: Wednesday, May 25, 2022 3:10 AM
To: 'openssl-users@xxxxxxxxxxx' <openssl-users@xxxxxxxxxxx>
Subject: How to convert .P12 Certificate (ECC crypted) to .PEMs

 

Hi OpenSSLCommunity,

 

actual I have to convert a .P12 certificate (RSA crypted/created) into .PEM certificates,

I use the following commands:

openssl pkcs12 -in "inCert.p12" -clcerts -nokeys -out "outCert.pem" -passin pass:<pw>

openssl pkcs12 -in "outCert.pem" -nocerts -out "outTmpKey.pem" -passin pass:<pw> -passout pass:<pw>

openssl rsa -in "ouTmpKey.pem" -out "outKey.pem" -passin pass:<pw>

 

I can’t say, if these 3 commands are the best way, but they still work fine and I can use the outCert.pem and the outKey.pem.

 

Now I have to convert a .P12 certificate, which is crypte d/created with ECC.

 

The first command still works (I think so, ‘cause there are no errors):

openssl pkcs12 -in "inCert.p12" -clcerts -nokeys -out "outCert.pem" -passin pass:<pw>

 

But not the rest of the commands. I tried to use theec orecparam parameter, but I couldn’t figure out how to use them correct.

 

I am happy about any help or hint

 

 

Regards

Michael

 


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux