diff options
author | Andy Polyakov <appro@openssl.org> | 2016-07-26 16:42:41 +0200 |
---|---|---|
committer | Andy Polyakov <appro@openssl.org> | 2016-08-22 13:52:59 +0200 |
commit | 1194ea8dc3b51a35c9947ed276f38436abee5743 (patch) | |
tree | 3019d2d78ff46aea68ab706720222268d91bda6a /doc | |
parent | b799aef863a81c9a9d5dbffae12cca912ae348b2 (diff) | |
download | openssl-1194ea8dc3b51a35c9947ed276f38436abee5743.tar.gz |
crypto/pkcs12: facilitate accessing data with non-interoperable password.
Originally PKCS#12 subroutines treated password strings as ASCII.
It worked as long as they were pure ASCII, but if there were some
none-ASCII characters result was non-interoperable. But fixing it
poses problem accessing data protected with broken password. In
order to make asscess to old data possible add retry with old-style
password.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Diffstat (limited to 'doc')
-rw-r--r-- | doc/apps/pkcs12.pod | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/doc/apps/pkcs12.pod b/doc/apps/pkcs12.pod index 2f2c4d143d..e851018cfd 100644 --- a/doc/apps/pkcs12.pod +++ b/doc/apps/pkcs12.pod @@ -325,6 +325,16 @@ encrypted private keys, then the option B<-keypbe PBE-SHA1-RC2-40> can be used to reduce the private key encryption to 40 bit RC2. A complete description of all algorithms is contained in the B<pkcs8> manual page. +Prior 1.1 release passwords containing non-ASCII characters were encoded +in non-compliant manner, which limited interoperability, in first hand +with Windows. But switching to standard-compliant password encoding +poses problem accessing old data protected with broken encoding. For +this reason even legacy encodings is attempted when reading the +data. If you use PKCS#12 files in production application you are advised +to convert the data, because implemented heuristic approach is not +MT-safe, its sole goal is to facilitate the data upgrade with this +utility. + =head1 EXAMPLES Parse a PKCS#12 file and output it to a file: |