Failure to import LotW p12 file — NoSuchAlgorithmException SecretKeyFactory not available

[dbrianwalton]

Trying to import my .p12 certificate generated from tqsl using my LotW certificate. Transferred the file from computer to Android via GoogleDrive and downloaded to local storage on device. Open the .p12 file and get the following error after typing the certificate import password:

Error importing certificate: exception unwrapping private key - java.security.NoSuchAlgorithmException: 1.2.840.113549.1.5.12 SecretKeyFactory not available!

Attempting to install on moto x4, Android version 9

Repeated with certificates with and without a security password and get same error. Running openssl pkcs12 -info -in CALLSIGN.p12 on the computer shows data that makes sense, so I think the file itself should be okay.

[dbrianwalton]

Did some more hunting about what the error might be from. Found this link about the algorithm: https://www.aicg.com/blog/fixing-the-1-2-840-113549-1-5-3-not-available-pkcs-encryption-issue/

I believe that TQSL was encoding the p12 certificate with an algorithm that has been depricated. I am using TQSL v 2.7.1 on Mac OS. It shows OpenSSL 3.1.2 1 Aug 2023.

On my Mac, I exported the p12 file to a pem file and then back to a new p12 using OpenSSL with the following commands: openssl pkcs12 -in CALLSIGN.p12 -out CALLSIGN.pem openssl pkcs12 -export -in CALLSIGN.pem -out CALLSIGN-2.p12

The new certificate now seems to successfully load into aprsdroid. However, I still seem to need the APRS-IS Passcode. I thought the certificate was supposed to be a more secure alternative, but I can't tell how to skill the passcode after loading the certificate, or even where to see that the certificate was loaded and used (other than the log entry saying it was).

[penguin359]

How was TQSL installed? Was it installed from the official package download from ARRL.org, from homebrew, or built from source?