Hi All,
The following code is to extract cert from a pfx file.
p12Cert = d2i_PKCS12_fp(fp, NULL); //fp points to a .pfx file.
PKCS12_parse(p12Cert, pass, NULL, oCert, NULL);
Here the resultant oCert has multiple localKeyID as shown below.
MAC verified OK
Bag Attributes
localKeyID: 01 00 00 00
localKeyID: E3 E8 08 75 10 C2 89 A6 8A 5C 81 B5 4B 0C 43 49 10 FC 00 BD
The second localKeyID seen in the Bag attributes is actually the thumbprint.
But extracting cert from the same pfx file using openssl command line
utility (openssl pkcs12 -in input.pfx -clcerts -nokeys -out outcert.pem)
results in single localKeyID attribute.
Bag Attributes
localKeyID: 01 00 00 00
Can anyone please tell me why there is an additional localKeyID with the
first method?
Thanks in Advance
Shafeek
