diff options
author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2021-04-15 19:21:28 +0200 |
---|---|---|
committer | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2021-04-19 16:23:46 +0200 |
commit | 16b8862d80dbfb627b72cba36739de29235d8f3d (patch) | |
tree | b9e00ab8072b6172de18b88e630fbb16ea2a8952 /doc/man1/openssl-pkcs12.pod.in | |
parent | ee203a87ff1ff1af46a5ff11f761bdd07a5503e4 (diff) |
PKCS12 etc.: Add hints on using -legacy and -provider-path options
Fixes #14790
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14891)
Diffstat (limited to 'doc/man1/openssl-pkcs12.pod.in')
-rw-r--r-- | doc/man1/openssl-pkcs12.pod.in | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/doc/man1/openssl-pkcs12.pod.in b/doc/man1/openssl-pkcs12.pod.in index b367be2b7f..7a75d9ca32 100644 --- a/doc/man1/openssl-pkcs12.pod.in +++ b/doc/man1/openssl-pkcs12.pod.in @@ -85,8 +85,13 @@ The PKCS#12 export encryption and MAC options such as B<-certpbe> and B<-iter> and many further options such as B<-chain> are relevant only with B<-export>. Conversely, the options regarding encryption of private keys when outputting PKCS#12 input are relevant only when the B<-export> option is not given. + The default encryption algorithm is AES-256-CBC with PBKDF2 for key derivation. +When encountering problems loading legacy PKCS#12 files that involve, +for example, RC2-40-CBC, +try using the B<-legacy> option and, if needed, the B<-provider-path> option. + =over 4 =item B<-help> @@ -132,6 +137,11 @@ and so the input is just verified. =item B<-legacy> Use legacy mode of operation and automatically load the legacy provider. +If OpenSSL is not installed system-wide, +it is necessary to also use, for example, C<-provider-path ./providers> +or to set the environment variable B<OPENSSL_MODULES> +to point to the directory where the providers can be found. + In the legacy mode, the default algorithm for certificate encryption is RC2_CBC or 3DES_CBC depending on whether the RC2 cipher is enabled in the build. The default algorithm for private key encryption is 3DES_CBC. |