On Tuesday, 19 July 2016 23:35:13 CEST Dr. Stephen Henson wrote: > On Tue, Jul 19, 2016, Hubert Kario wrote: > > I have few questions now though: > > > > I've noticed that 1.0.2 uses sha1 hmac for the PRF while the master > > uses sha256 > > > > is there a way to set this? > > Not currently no (at least not from the command line, maybe by delving > into the pkcs12 internals). It's determined by the encryption algorithm (if > it has a preference: most don't) or the value is hard coded in p5_pbev2.c
yes, I don't see a simple way to do that, thanks anyway > > also, is there a way to report the MAC algorithm used over the whole > > file (the one set using -macalg) > > Not from the command line currently. The PKCS12_get0_mac() function can be > used to retrieve the X509_ALGOR structure corresponding to the MAC though. something like this? https://github.com/openssl/openssl/pull/1334 the small problem is that this prints: MAC algorithm: sha1, <unsupported parameters> I'm not sure how correct is that (haven't read the PKCS#12 standard) -- Regards, Hubert Kario Senior Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
signature.asc
Description: This is a digitally signed message part.
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
