PKI Certificate Tutorials - Herong's Tutorial Examples - v1.12, by Herong Yang
What Is PKCS12 File Format
This section describes the PKCS12 File Format, which can be used to store multiple cryptography objects, including private/public keys and certificates, in a single file.
What Is PKCS12 File Format? PKCS12 file format follows the PKCS #12 (Public-Key Cryptography Standard #12) standard. It can be used to store multiple cryptography objects, including private/public keys and certificates, in a single file.
PKCS12 file format is specified in RFC 7292 "PKCS #12: Personal Information Exchange Syntax v1.1" at datatracker.ietf.org/doc/html/rfc7292.
PKCS12 file format is an extension of PFX (Personal Information Exchange) file format developed by Microsoft.
A PKCS12 file is written in ASN.1 (Abstract Syntax Notation One) language. Its top level structure is shown in the example below:
0:d=0 hl=4 l=1950 cons: SEQUENCE 4:d=1 hl=2 l= 1 prim: INTEGER :03 7:d=1 hl=4 l=1892 cons: SEQUENCE 11:d=2 hl=2 l= 9 prim: OBJECT :pkcs7-data 22:d=2 hl=4 l=1877 cons: cont [ 0 ] 26:d=3 hl=4 l=1873 prim: OCTET STRING [HEX DUMP]:3082074D... ... Encrypted binary string of ... certificates with/without associated key pairs 1903:d=1 hl=2 l= 49 cons: SEQUENCE 1905:d=2 hl=2 l= 33 cons: SEQUENCE 1907:d=3 hl=2 l= 9 cons: SEQUENCE 1909:d=4 hl=2 l= 5 prim: OBJECT :sha1 1916:d=4 hl=2 l= 0 prim: NULL 1918:d=3 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:2F07675E... 1940:d=2 hl=2 l= 8 prim: OCTET STRING [HEX DUMP]:DF3DE121... 1950:d=2 hl=2 l= 2 prim: INTEGER :0800
The most common usage of PKCS12 file is to store a single certificate and its matching private/public key pair. This format is compatible with commonly used tools like OpenSSL toolkit and Java "keytool".
Commonly used file extensions for PKCS12 files are *.p12, *.pfx, and *.jks based on tools used to create them.
Table of Contents
Introduction of PKI (Public Key Infrastructure)
Introduction of PKI Certificate
OpenSSL - Cryptography Toolkit
"openssl ca" - CA (Certificate Authority) Tool
Java "keytool" Commands and KeyStore Files
►PKCS12 Certificate Bundle File
"openssl pkcs12 -export" - Certificate and Key Bundle
"openssl pkcs12 -export" - Certificate Chain and Key Bundle
"openssl pkcs12 -export" - 3-Level Certificate Chain and Key Bundle
"openssl pkcs12 -export" - Limitations and Errors
"keytool -genkeypair" - Certificate and Key Bundle
"keytool -importcert" - Certificate-Only Bundle
"keytool -storetype pkcs12" - Limitations and Errors
ASN.1 Data Structure of PKCS13 File