PKI.js is a pure JavaScript library implementing the formats that are used in PKI applications (signing, encryption, certificate requests, OCSP and TSP requests/responses). It is built on WebCrypto (Web Cryptography API) and requires no plug-ins.
Importing such p12 file in Windows 10 or 11 to OS cert store works unstable - sometimes key+cert is imported fine but sometimes it seems key is not attached to cert (smartcard dialog appears on import, auth using such cert does not work, windows cert console displays cert+key in other certs not personal).
certutil also throws an error when trying to open such p12 file:
Please verify and disable splitting octet strings in p12 (and other formats where splitting is not absolutely necessary, i.e. PKCS#8 maybe) for Windows compatibility.
PKCS#12 created using code from https://github.com/PeculiarVentures/PKI.js/issues/403 gives us splitted encrypted key payload and splitted encrypted cert payload (1024B boundary):
Importing such p12 file in Windows 10 or 11 to OS cert store works unstable - sometimes key+cert is imported fine but sometimes it seems key is not attached to cert (smartcard dialog appears on import, auth using such cert does not work, windows cert console displays cert+key in other certs not personal).
certutil also throws an error when trying to open such p12 file:
No such problems when importing same file in Firefox or Android.
p12 files produced by Firefox and OpenSSL do not contain splitted octet strings (only prims) and work fine in Windows.
After disabling splitting in pkijs i.e.
p12 produced using code https://github.com/PeculiarVentures/PKI.js/issues/403 contains cert and key as prim not splitted (same like in Firefox and OpenSSL results) and works fine in Windows/certutil (salt must be also reduced like in https://github.com/PeculiarVentures/PKI.js/issues/300#issuecomment-1936632316).
Please verify and disable splitting octet strings in p12 (and other formats where splitting is not absolutely necessary, i.e. PKCS#8 maybe) for Windows compatibility.