Is the PKCS12 only as secure as the password protecting private keys ? Can I distribute the p12 file over an insecure channel ?
Asked
Active
Viewed 467 times
1 Answers
1
I wouldn't do that, since if someone manages to sniff your file it is then subject to brute forcing the password - which is a matter of time.
Let me correct myself and ask a more accurate question: what does your p12 file contain? If it contains your private key, I would not distribute it over an insecure channel and I would even question the need to distribute it... your private key usually stays in one secure place and should not be distributed. If the p12 only contains public keys (certificates) it is fine to distribute it, even on none secure channels, since it is public in its nature.
aviv
- 1,267
- 7
- 8
-
The PKCS#12 file will be automatically transmitted from PKI to final users over internal corporate mail, same thing for the password in a different mail (plain text mail for both). I am wondering if that can be considered “secure”. – crypto-learner Jan 28 '15 at 14:02
-
1No, I would not consider that secure. An internal network is not immune to penetration. Send it over a secured channel, for example let the user download it via https after authentication. – aviv Jan 29 '15 at 09:52