Mbed TLS is now part of TrustedFirmware.org.

Hello,is mbedtls support pkcs12?


Feb 17, 2017 09:52
mayahs

I use stm32 and C to decrypt RSA,and have a encrypted pkcs12 cert(also have password),enc and dec with RSA was already OK,but can not parse the pkcs12 cert. Now I already get the pkcs8 priKey date from pkcs12 cert,and know the algorithm is MBEDTLS_OID_PKCS12_PBE_SHA1_RC2_40_CBC,but it seems cant decrypt it with RC2_40_CBC. I am not sure,does it have some ways? Thanks.

 
Feb 20, 2017 09:27
Ron Eldor

Hi Maya,
MBEDTLS_OID_PKCS12_PBE_SHA1_RC2_40_CBC is not supported in mbed TLS. RC2 has its disadvantages, security being one of them. You can use other PKCS12 algorithms, such as MBEDTLS_OID_PKCS12_PBE_SHA1_DES3_EDE_CBC.
Regards,
mbed TLS Team member
Ron

 
Feb 21, 2017 01:11
mayahs

Well,thanks:)

 
Mar 7, 2017 07:10
lindl

hi mayahs: i want to get pubkey and prikey from pfx certificate,Which interface or algorithm can be implemented´╝č thanks.

 
Mar 19, 2018 09:52
Heiko

Hello,

is there an example how to use the mbedtls-stack with PKCS#12?

I tried the following stepps, but I had no luck:

  1. I generated a key + cetificate with openssl:
    openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 365

  2. I generated pkcs#12 with these files:
    openssl pkcs12 -export -out ssl_pkcs12.pfx -inkey key.pem -in cert.pem -certpbe PBE-SHA1-RC4-128 -keypbe PBE-SHA1-RC4-128

  3. I tried do decode the pkcs#12 file with the mbedtls example "pk_decrypt".
    This throws the error "PK - Invalid key tag or value". (-0x3D00)
    It seems that the ASN1-Parser has a problem with the version tag of the pkcs#12-file.

What am I doing wrong?

Greetings, Heiko