Re: Generating PFX with 3DES

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


Thank you Michael, will check and verify. I also saw a keypbe option. Do we have any official docs for all these? Didn't see anything explained in OpenSSL docs for this.

Also why isn't it by default 3DES as RC2 is deprecated long time back.


On Tue, Feb 28, 2023, 11:36 PM Michael Wojcik <Michael.Wojcik@xxxxxxxxxxxxxx> wrote:
> From: openssl-users <openssl-users-bounces@xxxxxxxxxxx> On Behalf Of Newbie User
> Sent: Tuesday, 28 February, 2023 10:22

> I was trying to generate a PFX file from cert.pem and key.pem, however it seems that default OpenSSL
> still using RC2 for PKCS7 data type.

Specify a different PBE for the certificate with the -certpbe option. For example:

$ openssl pkcs12 -export -inkey key.pem -in cert.pem -certpbe PBE-SHA1-3DES -out output.pfx

("PFX" is an archaic format which has been superseded by PKCS#12, so personally I eschew that file suffix, but it really doesn't matter.) This works for me using OpenSSL 3.0.8.

You can use

$ openssl pkcs12 -in output.pfx -info -noout

to verify the PBE used for the certificate and key.

Michael Wojcik

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux