Use Bouncy Castle for PKCS12 keystores

kaikramer / keystore-explorer

KeyStore Explorer is a free GUI replacement for the Java command-line utilities keytool and jarsigner.

https://keystore-explorer.org/

GNU General Public License v3.0

1.7k stars 275 forks source link

Use Bouncy Castle for PKCS12 keystores #244

Closed ovk closed 3 years ago

ovk commented 3 years ago

Keystore Explorer currently fails to open PKCS12/PFX keystores that use AES. An example of how to create such keystore:

openssl pkcs12 -export -inkey key.key -in cert.crt -out test.p12 -certpbe AES-256-CBC -keypbe AES-256-CBC

This small PR makes it use the Bouncy Castle library which works with AES encryption and can open such keystores.

kaikramer commented 3 years ago

Thanks for the PR! Unfortunately the PKCS#12 implementation of Bouncy Castle is buggy. That's why I have switched to the standard Java provider for PKCS#12 files about four years ago. I have tried to convince the BC project to fix the bugs, but because of compatibility considerations my request was rejected.

With the standard JCE provider it is simply a matter of updating your JRE to a version that supports AES-256-CBC as PBE for P12 files, see this ticket: https://github.com/kaikramer/keystore-explorer/issues/173