PKCS 12
Template:Short description Template:Correct title Script error: No such module "Infobox".Template:Template otherScript error: No such module "Check for unknown parameters".
In cryptography, PKCS #12 defines an archive file format for storing many cryptography objects as a single file. It is commonly used to bundle a private key with its X.509 certificate or to bundle all the members of a chain of trust.
A PKCS #12 file may be encrypted and signed. The internal storage containers, called "SafeBags", may also be encrypted and signed. A few SafeBags are predefined to store certificates, private keys and CRLs. Another SafeBag is provided to store any other data at individual implementer's choice.[1][2]
PKCS #12 is one of the family of standards called Public-Key Cryptography Standards (PKCS) published by RSA Laboratories.
The filename extension for PKCS #12 files is .p12 or .pfx.[3]
These files can be created, parsed and read out with the OpenSSL pkcs12 command.[4]
Relationship to PFX file format
PKCS #12 is the successor to Microsoft's "PFX";[5] however, the terms "PKCS #12 file" and "PFX file" are sometimes used interchangeably.[3][4][6]
The PFX format has been criticised for being one of the most complex cryptographic protocols.[6]
Normal usage
The full PKCS #12 standard is very complex. It enables buckets of complex objects such as PKCS #8 structures, nested deeply. But in practice it is normally used to store just one private key and its associated certificate chain.Script error: No such module "Unsubst".
PKCS #12 files are usually created using OpenSSL, which only supports a single private key from the command line interface. The Java keytool can be used to create multiple "entries" since Java 8, but that may be incompatible with many other systems.[7] As of Java 9 (released 2017-09-21), PKCS #12 is the default keystore format.[8][9]
A simpler, alternative format to PKCS #12 is PEM which just lists the certificates and possibly private keys as Base 64 strings in a text file.
GnuTLS's certtool may also be used to create PKCS #12 files including certificates, keys, and CA certificates via --to-p12. However, beware that for interchangeability with other software, if the sources are in PEM Base64 text, then --outder should also be used.
References
<templatestyles src="Reflist/styles.css" />
- ↑ Script error: No such module "citation/CS1".
- ↑ Script error: No such module "citation/CS1".
- ↑ a b Script error: No such module "citation/CS1".
- ↑ a b Script error: No such module "citation/CS1".
- ↑ Script error: No such module "citation/CS1".
- ↑ a b Script error: No such module "citation/CS1".
- ↑ Script error: No such module "citation/CS1".
- ↑ Script error: No such module "citation/CS1".
- ↑ Script error: No such module "citation/CS1".
Script error: No such module "Check for unknown parameters".
External links
- Template:IETF RFC - PKCS #12: Personal Information Exchange Syntax v1.1
- Script error: No such module "citation/CS1".
- Overview about PKCS#12 capabilities, usage, implementations, history and future: Script error: No such module "citation/CS1".
Template:PKCS navbox Script error: No such module "Navbox".