🔐 PKCS12¶

PKCS12 introduction¶

PKCS12 (also known as PFX) is a binary format for storing a certificate together with its private key in a single, password-protected file (usually .p12 or .pfx).

CertBob issues certificates in PKCS12 format so that they can be directly imported into operating systems and browsers (e.g. macOS Keychain, iOS, Windows). The PKCS12 password can be configured via the PKCS12_PASSWORD setting.

Hint

By default, CertBob uses the step CLI to convert certificates to PKCS12. However, due to compatibility issues with certain platforms (see below), OpenSSL can be used instead by setting USE_OPENSSL to yes.

PKCS12 incompatibility¶

Warning

⚠️ 🐰 WARNING, RABBIT HOLE AHEAD 🐰 ⚠️

During the engineering of the CA & CertBob, we had some issues with PKCS12 certificates and the macOS keychain. This happened especially when we used the step certificate p12 command.

There’s some talk in the interwebs regarding incompatibility (e.g. pyca cryptography issue), because the SSL library of macOS wasn’t compatible with OpenSSL 3.x in the beginning. Thus, some suggest using the -legacy flag when exporting PKCS12 certificates, or explicitly setting setting the algorithms.

In the end, we could always import certificates exported with openssl pkcs12 -export…, but never with step certificate p12…. We checked the certificates, and could find a minor difference, which “broke” the macOS keychain support:

openssl pkcs12 -in working-openssl.p12 -info -noout
# MAC: sha256, Iteration 2048
# MAC length: 32, salt length: 8
# PKCS7 Encrypted data: PBES2, PBKDF2, AES-256-CBC, Iteration 2048, PRF hmacWithSHA256
# Certificate bag
# Certificate bag
# PKCS7 Data
# Shrouded Keybag: PBES2, PBKDF2, AES-256-CBC, Iteration 2048, PRF hmacWithSHA256

openssl pkcs12 -in broken-step.p12 -info -noout
# MAC: sha256, Iteration 2048
# MAC length: 32, salt length: 16
# PKCS7 Encrypted data: PBES2, PBKDF2, AES-256-CBC, Iteration 2048, PRF hmacWithSHA256
# Certificate bag
# Certificate bag
# PKCS7 Data
# Shrouded Keybag: PBES2, PBKDF2, AES-256-CBC, Iteration 2048, PRF hmacWithSHA256

Important

As you can see, the only difference is the salt length. macOS seems to have an issue with either the salt length of 16 characters – or the salt has some characters which macOS didn’t like.