AW: AW: How to figure out if .P12 is RSA or ECC crypted

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



well, i use:

pkcs12 -in "cert.p12" -clcerts -nokeys -out cert.PEM" -passin pass:<pass>
pkcs12 -in "cert.p12" -nocerts -out tmpkey.PEM -passin pass:<pass> -passout pass:<pass>
rsa -in tmpkey.PEM" -out key.PEM -passin pass:<pass>

to create the cert.pem and the key.pem from a RSA .P12

and this:

pkcs12 -in cert.p12 -out client.pem -passin pass:<passs> -nodes 
ec -in client.pem -out key.pem -passin pass:<pass>

to create the cert.pem and the key.pem from a ECC .P12

can I use the pkey for both? RSA and ECC?


-----Ursprüngliche Nachricht-----
Von: Hubert Kario <hkario@xxxxxxxxxx> 
Gesendet: Donnerstag, 9. Juni 2022 14:59
An: Beilharz, Michael <MBeilharz@xxxxxxxxxx>
Cc: openssl-users@xxxxxxxxxxx
Betreff: Re: AW: How to figure out if .P12 is RSA or ECC crypted

On Thursday, 9 June 2022 14:54:48 CEST, Beilharz, Michael wrote:
> Well, i have to convert the .P12 into .PEMs and there are different 
> steps with openssl.exe the convert a .P12 (RSA) or a
> .P12 (ECC). The steps are clear and everything works fine, but instead 
> of offering two options ("Import .P12 (RSA)" and "Import
> .P12 (ECC)") I would like to offer only one import option and the 
> import routine analyse the .P12 to decide RSA or ECC import routine.

I think the issue is that the steps you have use the `openssl rsa` and `openssl ec` commands instead of the `openssl pkey` command...

> Regards
> Michael
>
> -----Ursprüngliche Nachricht-----
> Von: openssl-users <openssl-users-bounces@xxxxxxxxxxx> Im Auftrag von 
> Viktor Dukhovni
> Gesendet: Donnerstag, 9. Juni 2022 14:40
> An: openssl-users@xxxxxxxxxxx
> Betreff: Re: How to figure out if .P12 is RSA or ECC crypted
>
> On Thu, Jun 09, 2022 at 10:16:24AM +0000, Beilharz, Michael wrote:
>
>> I retrieve .P12 certificates, they can be RSA or ECC crypted
>
> PKCS#12 objects are encrypted with a *symmetric* password: 
> 3DES, AES, ...  Perhaps you're confusing the public key algorithm in 
> the certificate (or corresponding private key) with the encryption 
> algorithm of the PKCS#12 object?
>
>> so I offer two methods, to convert them into .PEMs.
>
> The extraction of PEM formatted (PKCS#8) private keys and certificate 
> chains (a sequence of X.509 certificate objects) from a PKCS#12 object 
> does not require any public key algorithm-dependent techniques.  The 
> same basic steps work for both RSA and ECDSA.
>
>> I would like to detect, if a P12 is RSA or ECC crypted, so that I 
>> offer only one Method and the method itself decide the correct way to 
>> convert the P12.
>
> What actual problem are you trying to solve?
>

--
Regards,
Hubert Kario
Principal Quality Engineer, RHEL Crypto team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic





[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux