Reputation: 9
SHA2 P12/pfx cert
I have a certificate in a .PEM file and a key.
The signing algorithm of the certificate file is SHA256WithRSAEncryption but when I create a p12/pfx file using the certificate file and the key the Signature Algorithm of p12/pfx file changes to
"PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 2048"
Is there a way I can get a SHA-2 certificate after the process?
Upvotes: 0
Views: 1505
Answers (1)
Reputation: 94038
The certificate lists the algorithm used to sign the certificate, while the PKCS#12 store lists the method that was used to encrypt the key / certificate store.
PBE stands for Password Based Encryption, and the SHA-1 is only applicable to the way the password is transformed into a key; it has nothing to do with the certificate itself. The same certificate is still in the store if everything went well.
Notes:
- Also in there is 40 bit RC2 and a low iteration count; this provides next to no security. So if you're using this to protect the private key you'll have to start over again;
- The RSA key pair for the certificate can be used to perform signature generation / verification with any hash algorithm (if non-repudiation or authentication is compatible with the key usage of the certificate), not just the one used to sign the certificate itself.
Upvotes: 1
Related Questions
- Creating a .p12 file
- Need a little help to generate p12 cert
- No certificate matches private key while generating .p12 file
- What for are the commonly used PKCS-Standards: PKCS#7, PKCS#10 and PKCS#12?
- How to generate a PKCS12 (.p12) from a .SPC (code signing certificate) and .PKCS12 (private key)?
- How to create a pkcs12-certificate using sha512
- Convert to PKCS12 v1.0
- openssl: Generate a pkcs12 with 2 certificates
- Certificate question (pkcs7)
- What is the most common PKCS#12 format for Certificates used for SSL Applications?