well, i use:
pkcs12 -in "cert.p12" -clcerts -nokeys -out cert.PEM" -passin pass:<pass>
pkcs12 -in "cert.p12" -nocerts -out tmpkey.PEM -passin pass:<pass> -passout pass:<pass>
rsa -in tmpkey.PEM" -out key.PEM -passin pass:<pass>
to create the cert.pem and the key.pem from a RSA .P12
and this:
pkcs12 -in cert.p12 -out client.pem -passin pass:<passs> -nodes
ec -in client.pem -out key.pem -passin pass:<pass>
to create the cert.pem and the key.pem from a ECC .P12
can I use the pkey for both? RSA and ECC?
-----Ursprüngliche Nachricht-----
Von: Hubert Kario <hkario@xxxxxxxxxx>
Gesendet: Donnerstag, 9. Juni 2022 14:59
An: Beilharz, Michael <MBeilharz@xxxxxxxxxx>
Cc: openssl-users@xxxxxxxxxxx
Betreff: Re: AW: How to figure out if .P12 is RSA or ECC crypted
On Thursday, 9 June 2022 14:54:48 CEST, Beilharz, Michael wrote:
> Well, i have to convert the .P12 into .PEMs and there are different
> steps with openssl.exe the convert a .P12 (RSA) or a
> .P12 (ECC). The steps are clear and everything works fine, but instead
> of offering two options ("Import .P12 (RSA)" and "Import
> .P12 (ECC)") I would like to offer only one import option and the
> import routine analyse the .P12 to decide RSA or ECC import routine.
I think the issue is that the steps you have use the `openssl rsa` and `openssl ec` commands instead of the `openssl pkey` command...
> Regards
> Michael
>
> -----Ursprüngliche Nachricht-----
> Von: openssl-users <openssl-users-bounces@xxxxxxxxxxx> Im Auftrag von
> Viktor Dukhovni
> Gesendet: Donnerstag, 9. Juni 2022 14:40
> An: openssl-users@xxxxxxxxxxx
> Betreff: Re: How to figure out if .P12 is RSA or ECC crypted
>
> On Thu, Jun 09, 2022 at 10:16:24AM +0000, Beilharz, Michael wrote:
>
>> I retrieve .P12 certificates, they can be RSA or ECC crypted
>
> PKCS#12 objects are encrypted with a *symmetric* password:
> 3DES, AES, ... Perhaps you're confusing the public key algorithm in
> the certificate (or corresponding private key) with the encryption
> algorithm of the PKCS#12 object?
>
>> so I offer two methods, to convert them into .PEMs.
>
> The extraction of PEM formatted (PKCS#8) private keys and certificate
> chains (a sequence of X.509 certificate objects) from a PKCS#12 object
> does not require any public key algorithm-dependent techniques. The
> same basic steps work for both RSA and ECDSA.
>
>> I would like to detect, if a P12 is RSA or ECC crypted, so that I
>> offer only one Method and the method itself decide the correct way to
>> convert the P12.
>
> What actual problem are you trying to solve?
>
--
Regards,
Hubert Kario
Principal Quality Engineer, RHEL Crypto team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
