What Is PKCS12 File Format

This section describes the PKCS12 File Format, which can be used to store multiple cryptography objects, including private/public keys and certificates, in a single file.

What Is PKCS12 File Format? PKCS12 file format follows the PKCS #12 (Public-Key Cryptography Standard #12) standard. It can be used to store multiple cryptography objects, including private/public keys and certificates, in a single file.

PKCS12 file format is specified in RFC 7292 "PKCS #12: Personal Information Exchange Syntax v1.1" at datatracker.ietf.org/doc/html/rfc7292.

PKCS12 file format is an extension of PFX (Personal Information Exchange) file format developed by Microsoft.

A PKCS12 file is written in ASN.1 (Abstract Syntax Notation One) language. Its top level structure is shown in the example below:

    0:d=0  hl=4 l=1950 cons: SEQUENCE          
    4:d=1  hl=2 l=   1 prim: INTEGER           :03
    7:d=1  hl=4 l=1892 cons: SEQUENCE          
   11:d=2  hl=2 l=   9 prim: OBJECT            :pkcs7-data
   22:d=2  hl=4 l=1877 cons: cont [ 0 ]        
   26:d=3  hl=4 l=1873 prim: OCTET STRING      [HEX DUMP]:3082074D...
           ... Encrypted binary string of 
           ... certificates with/without associated key pairs 

 1903:d=1  hl=2 l=  49 cons: SEQUENCE          
 1905:d=2  hl=2 l=  33 cons: SEQUENCE          
 1907:d=3  hl=2 l=   9 cons: SEQUENCE          
 1909:d=4  hl=2 l=   5 prim: OBJECT            :sha1
 1916:d=4  hl=2 l=   0 prim: NULL              
 1918:d=3  hl=2 l=  20 prim: OCTET STRING      [HEX DUMP]:2F07675E...
 1940:d=2  hl=2 l=   8 prim: OCTET STRING      [HEX DUMP]:DF3DE121...
 1950:d=2  hl=2 l=   2 prim: INTEGER           :0800

The most common usage of PKCS12 file is to store a single certificate and its matching private/public key pair. This format is compatible with commonly used tools like OpenSSL toolkit and Java "keytool".

Commonly used file extensions for PKCS12 files are *.p12, *.pfx, and *.jks based on tools used to create them.

Table of Contents

 About This Book

 Introduction of PKI (Public Key Infrastructure)

 Introduction of PKI Certificate

 PKI Certificate File Formats

 OpenSSL - Cryptography Toolkit

 "openssl ca" - CA (Certificate Authority) Tool

 Java "keytool" Commands and KeyStore Files

 PKI Certificate Store

PKCS12 Certificate Bundle File

What Is PKCS12 File Format

 "openssl pkcs12 -export" - Certificate and Key Bundle

 "openssl pkcs12 -export" - Certificate Chain and Key Bundle

 "openssl pkcs12 -export" - 3-Level Certificate Chain and Key Bundle

 "openssl pkcs12 -export" - Limitations and Errors

 "keytool -genkeypair" - Certificate and Key Bundle

 "keytool -importcert" - Certificate-Only Bundle

 "keytool -storetype pkcs12" - Limitations and Errors

 ASN.1 Data Structure of PKCS13 File

 PKCS7 Certificate Chain File

 PKI Certificate Related Terminology

 References

 Full Version in PDF/EPUB