PKCS#12 is a convenient way to lump together a private key with its corresponding X.509 certificate into a standardized single file format. However, the specification was published by RSALabs in 1999 and uses only RC4, RC2 and TripleDES for symmetric encryption. Are there any common semi-standard extensions to the scheme that add more encryption algorithms or other key derivation functions? OpenSSL is documented to implement support for AES and Camellia, but a search for a corresponding standard turns up blank, so this seems to be something implementation specific to OpenSSL. Has anyone documented the ASN.1 module and pseudo code for these extensions?
PKCS#12 uses building-blocks from other standards.
The recommended encryption-mode is based on password based encryption from PKCS#5 (PBES2). This has been extended with support for SHA-2 and AES in PKCS#5 v.2.1.
When OpenSSL uses AES it does it like this:
684 30 806: SEQUENCE {
688 30 802: SEQUENCE {
692 06 11: OBJECT IDENTIFIER
: pkcs-12-pkcs-8ShroudedKeyBag (1 2 840 113549 1 12 10 1 2)
705 A0 723: [0] {
709 30 719: SEQUENCE {
713 30 73: SEQUENCE {
715 06 9: OBJECT IDENTIFIER
: pkcs5PBES2 (1 2 840 113549 1 5 13)
726 30 60: SEQUENCE {
728 30 27: SEQUENCE {
730 06 9: OBJECT IDENTIFIER
: pkcs5PBKDF2 (1 2 840 113549 1
5 12)
741 30 14: SEQUENCE {
743 04 8: OCTET STRING
: BA 6B 5B B3 47 27 C9 73
753 02 2: INTEGER 2048
: }
: }
757 30 29: SEQUENCE {
759 06 9: OBJECT IDENTIFIER
: aes128-CBC (2 16 840 1 101 3 4 1 2)
770 04 16: OCTET STRING
: 0F 79 79 0A D3 EC C0 3E 20 B8 51 85 2F 2B 6C 29
: }
: }
: }
As far as I can read the source, OpenSSL encodes the password as ASCII rather than zero-terminated UTF-16 when using PKCS#5 PBES2.