On Thursday, 9 June 2022 14:54:48 CEST, Beilharz, Michael wrote:
Well, i have to convert the .P12 into .PEMs and there are
different steps with openssl.exe the convert a .P12 (RSA) or a
.P12 (ECC). The steps are clear and everything works fine, but
instead of offering two options ("Import .P12 (RSA)" and "Import
.P12 (ECC)") I would like to offer only one import option and
the import routine analyse the .P12 to decide RSA or ECC import
routine.
I think the issue is that the steps you have use the `openssl rsa` and
`openssl ec` commands instead of the `openssl pkey` command...
Regards
Michael
-----Ursprüngliche Nachricht-----
Von: openssl-users <openssl-users-bounces@xxxxxxxxxxx> Im
Auftrag von Viktor Dukhovni
Gesendet: Donnerstag, 9. Juni 2022 14:40
An: openssl-users@xxxxxxxxxxx
Betreff: Re: How to figure out if .P12 is RSA or ECC crypted
On Thu, Jun 09, 2022 at 10:16:24AM +0000, Beilharz, Michael wrote:
I retrieve .P12 certificates, they can be RSA or ECC crypted
PKCS#12 objects are encrypted with a *symmetric* password:
3DES, AES, ... Perhaps you're confusing the public key
algorithm in the certificate (or corresponding private key) with
the encryption algorithm of the PKCS#12 object?
so I offer two methods, to convert them into .PEMs.
The extraction of PEM formatted (PKCS#8) private keys and
certificate chains (a sequence of X.509 certificate objects)
from a PKCS#12 object does not require any public key
algorithm-dependent techniques. The same basic steps work for
both RSA and ECDSA.
I would like to detect, if a P12 is RSA or ECC crypted, so that I
offer only one Method and the method itself decide the correct way to
convert the P12.
What actual problem are you trying to solve?
--
Regards,
Hubert Kario
Principal Quality Engineer, RHEL Crypto team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
