verfiy password for a PKCS#12 file

Question

In my php program I try to verify the password for a PKCS#12 file (.p12/.pfx) with this OpenSSL command :

openssl pkcs12 -info -in myDigitalID.p12 -noout -passin pass:mypassword

output:

MAC: sha1, Iteration 2048
MAC length: 20, salt length: 8
PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 2048
Error outputting keys and certificates
C4500000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:crypto\evp\evp_fetch.c:349:Global default library context, Algorithm (RC2-40-CBC : 0), Properties ()

But I don't understand why it doesn't work! please can any one help? thanks

Answer 1

If the command used to work in previous OpenSSL version try the following

Failing command:

openssl pkcs12 -info -in myDigitalID.p12 -noout -passin pass:mypassword

Failing command output:

MAC: sha1, Iteration 2000
MAC length: 20, salt length: 8
PKCS7 Data
Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2000
PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 2000
Error outputting keys and certificates
0C670000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:crypto\evp\evp_fetch.c:349:Global default library context, Algorithm (RC2-40-CBC : 0), Properties ()

Ensure you have the legacy library (file named legacy*., e.g. legacy-x64.dll). Instead of configuring environment variables it may be easier to just copy the library as legacy. (e.g. legacy.dll) in both the libraries path and the path containing openssl executable.

Then try command:

openssl pkcs12 -info -in myDigitalID.p12 -noout -passin pass:mypassword -legacy -provider-path "C:\path\to\legacy_dir" -provider default

This time it should work and show something like this:

MAC: sha1, Iteration 2000
MAC length: 20, salt length: 8
PKCS7 Data
Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2000
PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 2000
Certificate bag