equal
deleted
inserted
replaced
|
1 The following example creates a PKCS#12 file that is identical to a reference |
|
2 file created using OpenSSL. |
|
3 |
|
4 |
|
5 Limitations |
|
6 *********** |
|
7 1) There is no support for the PKCS#12 PBE KDF. The derived keys must be calculated externally. |
|
8 |
|
9 *** OpenSSL must be in your path for the example to work. *** |
|
10 |
|
11 Reference PKCS12 file (root5ca.p12) details |
|
12 ****************************************** |
|
13 certificate: root5ca.pem |
|
14 key: root5ca_key.pem |
|
15 commands line: openssl pkcs12 -export -in root5ca.pem -inkey root5ca_key.pem -out root5ca.p12 -name "Root5CA" -password pass:password |
|
16 password: password |
|
17 |
|
18 The salt was extracted from root5ca.p12 and the iv and key were re-created using |
|
19 the PKCS12 KDF. These crypto params could be re-used to create other examples |
|
20 so long as the same ciphers are used. |
|
21 |
|
22 Certificate |
|
23 ----------- |
|
24 salt: 07EE43282EFFF9D4 |
|
25 iter: 2048 |
|
26 key: 44f58eebbf |
|
27 iv: 2b4076b4b266f90b |
|
28 |
|
29 Private Key |
|
30 ----------- |
|
31 salt: 17D32E39CDF9CCD6 |
|
32 iter: 2048 |
|
33 key: 3abe08c2e6a4782090258b75936f730c81165ad16a968401 |
|
34 iv: d23d26d5f997e21f |
|
35 |
|
36 Mac |
|
37 --- |
|
38 salt: 6F855D153C618D4C |
|
39 iter: 2048 |
|
40 key: d9c9d4803178c611251ccefef608bda2bf7ec183 |
|
41 |
|
42 Running the example |
|
43 ******************* |
|
44 From the example directory run |
|
45 ..\dergen.pl --binary --in pkcs12simple.txt --out pkcs12simple.p12 |
|
46 |
|
47 Viewing the data |
|
48 openssl pkcs12 -in pkcs12simple.p12 -info -nodes -password pass:password |
|
49 |
|
50 or double-click on the file in Explorer |
|
51 |
|
52 Instructions for DERGEN.pl |
|
53 ************************** |
|
54 see ..\syntax.txt |