This is a discussion on Re: OpenSSL newbie Question [Regd: java class to read a PEM file] - Openssl ; On Tue, Nov 28, 2006, Julius Davies wrote: > > 2. Max Weijun Wang recommends using "KeyStore.getInstance("pkcs12")" > to load it. That's a great idea, but you probably need to get openssl > to output the file in "DER" format ...
On Tue, Nov 28, 2006, Julius Davies wrote:
> 2. Max Weijun Wang recommends using "KeyStore.getInstance("pkcs12")"
> to load it. That's a great idea, but you probably need to get openssl
> to output the file in "DER" format first:
> openssl pkcs12 -in pkcs12.pem -out pkcs12.der -outform DER
> Java can read PKCS #12 files, but only in DER form. Not in OpenSSL's
> PEM form. The "PKCS #12" file created by OpenSSL in PEM format is
> actually just a series of X509 certificates and an encrypted private
> key (usually using the "Traditional SSLeay Format"). If you have time
> you can manually split out all those different PEM items (using cut &
> paste) into separate files. You can then get "openssl" to decrypt the
> RSA key into unencrypted PKCS #8 DER format (see below).
OpenSSL doesn't use PEM format for PKCS#12 files: they are always in DER
What you refer to above is a PEM file containing various keys and certificates
concatentated. That is *not* PKCS#12 form.
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
OpenSSL Project http://www.openssl.org
Development Mailing List firstname.lastname@example.org
Automated List Manager email@example.com