6

I know this question was already asked here but unfortunately there are no satisfactory answers. Please correct me if I'm wrong, but if I have a p12 file the following two situations are possible:

  • The whole p12 file is encrypted. But not only the whole file, also the contained private key (encryption of the private key is done by default). So the key is encrypted twice and there is no way to access the public part of the file (certificates).
  • Only the private key is encrypted. Without having the password I can still easily access the public information (certificates) and read e.g. the common name but of course there is no access to the private key.

Is this right?

So, if we take the first case. Is there any any any way to still access the public information without having the password?

Community
  • 1
alrightythen
  • 63
  • 1
  • 1
  • 4

1 Answers1

12

Yes the entire keystore can be optionally protected with a password (encrypted) and no if that is the case you can not view the public information short of brute forcing the password.

You can verify the status of the keystore by using this command:

openssl pkcs12 -info -in keyStore.p12

The file may have a .pfx instead of .p12 extension. It is the same thing. If you are prompted for a password the entire keystore is encrypted. If you aren't it should display all public information.

Gerald Davis
  • 2,250
  • 16
  • 17
  • 1
    Strangely but that does not work for me. I'm on macOS and Keychain.app is able to extract the some public information from the Content (can be seen via Quick Look) but CLI does not display it. – Kentzo Oct 22 '18 at 02:18