This seems like it should easily documented but I am unable to find.
My c# code does this to create a pfx file.
X509Certificate2 cert = store.Certificates.Find(X509FindType.FindByThumbprint, thumbPrint, false);
File.WriteAllBytes("certFile.pfx", cert.Export(X509ContentType.Pfx, password));
The class X509Certificate2 is from System.Security.Cryptography.X509Certificates which appears to be a built-in .NET library.
I would like to know what encryption algorithm is being used to protect the pfx file. I want to confirm whether it is AES256 or not, but I can't seem to find this information anywhere.
I tried running this OpenSSL command on my "certFile.pfx" file. I had trouble with password so I used "no password" command line. Does this mean that the pfx file is encrypted using TripleDES?!
OpenSSL> pkcs12 -info -in C:\certFile.pfx -nomacver -noout -passin pass:unknown
MAC: sha1, Iteration 2000
MAC length: 20, salt length: 20
PKCS7 Data
Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2000
PKCS7 Encrypted data: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2000
Error outputting keys and certificates
89924:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:crypto\evp\evp_enc.c:570:
89924:error:23077074:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 cipherfinal error:crypto\pkcs12\p12_decr.c:63:
89924:error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe crypt error:crypto\pkcs12\p12_decr.c:94:
error in pkcs12
