Comments (3)
There was an error with the "algorithm" option name for creating a PKCS#12 via forge. The option wasn't being properly passed through to the private key encryption API.
This has been fixed now -- the correct option name is "algorithm" not "encAlgorithm", however, "encAlgorithm" will still be accepted for backwards compatibility and should actually do the right now. Before, using "encAlgorithm" would have no effect; the default algorithm for encryption (AES-128 CBC) would be chosen. This is why the algorithm information is not displayed by OpenSSL, as it similarly does not display this information for AES-CBC if you use the: -keypbe AES-128-CBC
option when exporting a PKCS#12 via OpenSSL's CLI. If you use "3des" now in forge, OpenSSL will display that information via its CLI.
I'm not sure if this actually fixes the problem you have with loading in iOS. The documentation for SecPKCS12Import
does seem to indicate it should accept keys encrypted with AES-128-CBC.
from forge.
It does fix the problem! Thanks!
Looking at the openssl default for encrypting a private key when creating a PKCS#12, 3DES is the default algo, unless specified otherwise. It seems SecPKCS12Import
assumes this is the case...
Shouldn't 3DES be the default in forge too? Seems the most compatible option.
from forge.
@matthijsvandenbos, great! As for the default... AES was originally chosen as the default because it was implemented in forge before 3DES. So now that there is 3DES support in forge, AES has precedence. It is also faster and is the effective replacement for 3DES -- which really should only be used for compatibility purposes (with legacy applications) at this point.
from forge.
Related Issues (20)
- Add support for SubjectKeyIdentifier in CMS message (PKCS#7) HOT 1
- Add support for RSASSA-PSS as scheme to sign CMS message (PKCS#7)
- Add support for pkcs encryption with secret key for recipient
- node-forge AES-GCM fails to decrypt from .NET core 5.0 HOT 1
- forge/prime.worker.js 404 (Not Found)
- Bug in signcms code
- how can add AIA data to cert?
- Cannot read X.509 certificate. ASN.1 object is not an X509v3 Certificate
- PKCS12 File Password with ISO-8859-9 Encoding
- Can't create a CSR with extKeyUsage extension HOT 1
- Invalid RSAES-OAEP padding WHY
- Inconsistent Key Generation using seed value HOT 6
- License Clarification
- TypeError: i.randomBytes is not a function
- When creating self-signed certificate how can I add subjectAltName HOT 1
- [jsbn] Node 21 introduced `navigator` global object which has changed jsbn behaviour
- node:crypto to node-forge HMAC convertion HOT 1
- Should not assume TLS certificate chain is provided in order
- Randomly thrown "Invalid RSAES-OAEP padding." error with a valid key HOT 1
- Verifying PKCS#7 Signatures
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from forge.