PKCS 12
| Filename extension | .p12, .pfx |
|---|---|
| Internet media type |
application/x-pkcs12 |
private keys, X.509 CRLs , generic data | |
| Extended from | Microsoft PFX file format |
In
A PKCS #12 file may be encrypted and signed. The internal storage containers, called "SafeBags", may also be encrypted and signed. A few SafeBags are predefined to store certificates, private keys and CRLs. Another SafeBag is provided to store any other data at individual implementer's choice.[2][3]
PKCS #12 is one of the family of standards called
The filename extension for PKCS #12 files is .p12 or .pfx.[4]
These files can be created, parsed and read out with the OpenSSL pkcs12 command.[5]
Relationship to PFX file format
PKCS #12 is the successor to Microsoft's "PFX";[6] however, the terms "PKCS #12 file" and "PFX file" are sometimes used interchangeably.[4][5][7]
The PFX format has been criticised for being one of the most complex cryptographic protocols.[7]
Normal usage
The full PKCS #12 standard is very complex. It enables buckets of complex objects such as PKCS #8 structures, nested deeply. But in practice it is normally used to store just one private key and its associated certificate chain.[citation needed]
PKCS #12 files are usually created using OpenSSL, which only supports a single private key from the command line interface. The Java keytool can be used to create multiple "entries" since Java 8, but that may be incompatible with many other systems. As of Java 9, PKCS #12 is the default keystore format.[8][9]
A simpler, alternative format to PKCS #12 is
GnuTLS's certtool may also be used to create PKCS #12 files including certificates, keys, and CA certificates via --to-p12. However, beware that for interchangeability with other software, if the sources are in PEM Base64 text, then --outder should also be used.
References
- Apple Inc. Archivedfrom the original on 2023-05-28.
- ^
"PKCS #12: Personal Information Exchange Syntax Standard". RSA Laboratories. Archived from the originalon 2017-04-17.
This standard specifies a portable format for storing or transporting a user's private keys, certificates, miscellaneous secrets, etc.
- ^ "PKCS 12 v1.0: Personal Information Exchange Syntax" (PDF). RSA Laboratories. 1999-06-24. Archived from the original (PDF) on 2020-01-16. Retrieved 2020-01-16.
- ^ Microsoft Corporation. Archivedfrom the original on 2023-06-06. Retrieved 2013-03-14.
All Windows operating systems define the extensions .pfx and .p12 as Personal Information Exchange, or PKCS #12, file types.
- ^ a b "openssl-cmds: pkcs12". OpenSSL Project. 2019. Archived from the original on 2023-06-06. Retrieved 2020-01-16.
The pkcs12 command allows PKCS#12 files (sometimes referred to as PFX files) to be created and parsed.
- The USENIX Association. Archived(PDF) from the original on 2023-06-06. Retrieved 2020-01-16.
In 1996 Microsoft introduced a new storage format [...] called PFX (Personal Information Exchange) [...] it was later re-released in a cleaned-up form as PKCS #12
- ^ a b Peter Gutmann (1998-03-12). "PFX - How Not to Design a Crypto Protocol/Standard". Archived from the original on 2023-07-10. Retrieved 2020-01-16.
- ^ "JEP 229: Create PKCS12 Keystores by Default". OpenJDK JEPs. Oracle Corporation. 2014-05-30. Archived from the original on 2023-06-08.
- ^ Ryan, Vincent (2014-05-30). "Bug JDK-8044445: Create PKCS12 Keystores by Default". JDK Bug System. Archived from the original on 2023-02-06.
External links
- RFC 7292- PKCS #12: Personal Information Exchange Syntax v1.1
- "PKCS #12: Personal Information Exchange Syntax Standard". RSA Laboratories. Archived from the originalon 2017-04-17.
This standard specifies a portable format for storing or transporting a user's private keys, certificates, miscellaneous secrets, etc.
- Overview about PKCS#12 capabilities, usage, implementations, history and future: Ryan Hurst and Yury Strozhevsky (2015-12-02). "The PKCS#12 standard needs another update". Archived from the original on 2017-03-03.
