Arnaud De Timmerman wrote:
>
> All,
>
> I'm trying to import a pkcs12 file created by openssl, in lotus notes R5.0.3. It
> doesn't work, message says it could be a wrong password but I'm sure it isn't.
>
> The pkcs12 file can be imported successfully in netscape 4.7. Once exported from
> netscape, the "new" pkcs12 file is smaller (4210 bytes instead of 4477) but
> lotus notes gladly accepts it !
> It's a strange behaviour, and I don't know what netscape changes in the pkcs12
> file to make it "better" for lotus notes.
>
> What could I change in the way I create the pkcs12 file to make it work with
> lotus notes ?
>
One possible cause is that Netscape uses an iteration count of 1 for
encryption and mac in PKCS#12 files. Try using the -nomaciter and
-noiter options.
I'm surprised that the Netscape PKCS#12 file is smaller though. It may
have omitted a certificate or something because normally Netscape uses
an inefficient encoding and produces a larger file.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]