openssl icon indicating copy to clipboard operation
openssl copied to clipboard

Published 20 hours ago verified publisher icon ruby

Add support for specifying PKCS#12 MAC parameters

Open paihu opened this issue 8 months ago • 2 comments

Issue https://github.com/ruby/openssl/issues/654 closed but it doesn't seem to be resolved.

Here's what we created using the legacy provider:

openssl pkcs12 -in xx.p12 -info -noout -legacy
Enter Import Password:
MAC: sha256, Iteration 1
MAC length: 32, salt length: 8
PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 2048
Certificate bag
PKCS7 Data
Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2048

It uses sha256 instead of sha1.

current OpenSSL::PKCS12.create not support -macalg

https://github.com/pyca/cryptography/issues/7293#issuecomment-1199167579

paihu avatar Jul 01 '24 00:07 paihu