vancluever
commented
4 months ago Fixes #426.
Tested using the commands from that issue.
Closed vancluever closed 4 months ago
vancluever
commented
4 months ago Fixes #426.
Tested using the commands from that issue.
vancluever
commented
4 months ago Just want to paste the details of the Modern2023 settings in go-pkcs12, from the docs, so folks know what to expect:
Modern2023 encodes PKCS#12 files using algorithms that are considered modern as of 2023. Private keys and certificates are encrypted using PBES2 with PBKDF2-HMAC-SHA-256 and AES-256-CBC. The MAC algorithm is HMAC-SHA-2. These are the same algorithms used by OpenSSL 3 (by default), Java 20 (by default), and Windows Server 2019 (when "stronger" is used).
Files produced with this encoder can be read by OpenSSL 1.1.1 and higher, Java 12 and higher, and Windows Server 2019 and higher.
This just updates our call for PKCS encoding to use the Modern2023 encryption settings in go-pkcs12; this should ensure secure encryption and compatibility with modern OpenSSL et al.