openssl pkcs12 -export -in _.pem -nodes -out _.p12 generates PFX DER data with MacData in which empty password is used incorrectly, violating following quote from Chapter B, section B.2, item 3 of PKCS#12 standard [1]:
"Note that if the password is the empty string, then so is P." However, I verified that openssl uses 2-byte BMPString "00 00" in hex notation when preparing a string to be hashed. Correct implementation is to use zero-length BMPString for a password. I believe that openssl can read correct formatting of PKCS#12, i.e. it understads both formats, so the problem is limited to export. Another name of this problem is ' NULL v.s. "" '. [1] ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-12/pkcs-12v1.pdf ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
