Open josesimoes opened 2 years ago
There's currently minimal support for PKCS#12 in Mbed TLS, but we would welcome contributions of example code (to go in programs/
).
If you ask on the project mailing list (mbed-tls@lists.trustedfirmware.org) others may be able to help.
@tom-cosgrove-arm understood, but can you confirm that the require "primitives" to accomplish the above exist on MbedTLS?
The pkcs12 module in Mbed TLS specifically handles PKCS#12 encryption. There's also an ASN.1 module and of course X.509 support. I'm not really familiar with PKCS#12, I think it should be possible to implement it with the primitives, but it's possible that full PKCS#12 support requires extra work in pkcs12.c (which hasn't changed in a long time and might not support modern algorithms, if the PFX ecosystem uses modern algorithms) or in ASN.1.
Suggested enhancement
I can't find a way to generate a PFX file from a CRT and KEY file. Maybe I'm overlooking something...
Justification
I'm currently on a "quest" to prove that Mbed TLS can be used instead of OpenSSL to generate certificates for Azure IoT Hub usage. One of the scenarios requires a PFX file (and password) with the device certificate. So far, by using the gen_key and cert_write applications, I'm able to generate the key and certificate. The final (missing) step it to be able to combine those in a PFX file.