Can't decode PKCS#12 certificates

[lilyball]

x509_parser::parse_x509_certificate() fails with Der(InvalidTag) when called with the contents of a .p12 file. I'm still just learning about the low-level details of certificates, but my understanding is PKCS#12 is DER-encoded, so this was surprising. My assumption right now is that this is not expecting a PKCS#12 container but just the certificate itself (and I have a suspicion that it's primarily just used to decode the data from within a PEM), and of course that it doesn't handle any sort of encryption.

First off, I would love for this to be noted in the documentation. I've been told many times that a .p12 is a DER-encoded file containing a certificate, so it's only natural to look at x509_parser::parse_x509_certificate(), see that it parses a DER-encoded certificate, and believe that it applies here.

Secondly, is there any reasonable solution here? Could x509-parser learn to handle PKCS#12 files (including the password), or is there some recommended alternative approach for handling these and extracting the certificate data from them? I would really prefer not to pull in openssl just to decode a PKCS#12 archive into a certificate, then encode that certificate into DER, just so x509-parser can then decode it again.

[lilyball]

I found another crate called p12 that can decode the PKCS#12 structure and give me a Vec<u8> that I can then give to x509-parser. p12 has no documentation but reading through the PKCS#12 RFC gave me enough info to figure it out.

[chifflier]

Hi, PKCS#12 files are containers, that can contain X.509 certificates (often encrypted). There is currently no support for p12 in x509-parser, so maybe other crates can provide decoding of the container.

I may have a look at PKCS#12 support later, but this would probably go in a separate crate.