PKCS12 command ignore -cipher option silently

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

PKCS12 command ignore -cipher option silently

Michel

Hi,

 

Testing the PKCS12 command I notice the -cipher option (in this case -aes128) was silently ignore :

 

c:\OpenSSL_11_dbg\bin\openssl pkcs12 -export -out Certificate.p12 -inkey RSAKey.pem -in Certificate.cer -aes128 -passin pass:test -passout pass:test

 

looks Ok but verifying, it is still 3des :

 

c:\openssl_11_dbg\bin\openssl pkcs12 -in Certificate.p12 -info -noout -passin pass:test

MAC Iteration 2048

PKCS7 Encrypted data: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2048

Certificate bag

PKCS7 Data

Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2048

 

Surprisingly, with 1.0.2 it fails loudly :

 

openssl pkcs12 -export -out Certificate.p12 -inkey RSAKey.pem -in Certificate.cer -aes128 -passin pass:test -passout pass:test

8632:error:060740A0:digital envelope routines:EVP_PBE_CipherInit:unknown cipher:.\crypto\evp\evp_pbe.c:181:

8632:error:23077073:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 algor cipherinit error:.\crypto\pkcs12\p12_decr.c:87:

8632:error:2306C067:PKCS12 routines:PKCS12_item_i2d_encrypt:encrypt error:.\crypto\pkcs12\p12_decr.c:188:

8632:error:23073067:PKCS12 routines:PKCS12_pack_p7encdata:encrypt error:.\crypto\pkcs12\p12_add.c:213:

 

Am I missing something ?

 

Regards,

 

Michel


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users