Support triple DES certificate encryption

Question

Support triple DES certificate encryption

Marc-Pons opened this issue 2 years ago · comments

OpenSSL 3 throws an error of legacy algorithm when trying to parse P12 that uses RC2 to encrypt its certificates.

I would like to have the ability to encrypt the certificates with triple DES when generating P12. Pretty much an equivalent to the "-descert" flag of openssl.

I have created a proposal for this functionality in #35.

Thanks.

Marc Marti Calabres · Answer 1 · Mon Jul 18 2022 18:10:07 GMT+0800 (China Standard Time)

Any updates on this thread?

pschou · Answer 2 · Fri Sep 16 2022 03:36:24 GMT+0800 (China Standard Time)

Can you try #39 and see if the with config / added asn1 option field fixes this support need?

Marc-Pons · Answer 3 · Fri Sep 16 2022 16:29:28 GMT+0800 (China Standard Time)

@pschou Awesome, it works like a charm! It would be great if your PR #39 could be merged and I will proceed to close mine 😄

pschou · Answer 4 · Fri Sep 16 2022 20:03:50 GMT+0800 (China Standard Time)

I think I want to re-write the logic to make a P12 object to fill and write out... Please stand by.

pschou · Answer 5 · Sat Sep 17 2022 02:04:09 GMT+0800 (China Standard Time)

@Marc-Pons Do you mind pulling down the changes and trying out the refactored method? I would value your feedback and any help you may be willing to give, specifically by providing example(s).

pschou · Answer 6 · Tue Oct 04 2022 23:09:08 GMT+0800 (China Standard Time)

@AGWA @marc1161 @Marc-Pons - Please take a look at the rewrite. I am suggesting an additional function call for CustomKeyEncryption for the case where one would want to encrypt different keys with different passwords.