Overview #

PKCS #12 is one of the Public-Key Cryptography Standards which was titled Personal Information Exchange Syntax Standard which is described in RFC 7292

PKCS12 defines a file format commonly used to store Private Keys with accompanying Public Key certificates, protected with a password-based Symmetric Key. PFX is a predecessor to PKCS #12.

PKCS12 is a container format can contain multiple embedded objects, such as multiple certificates. Usually protected/encrypted with a password. Usable as a format for the Java key store and to establish client authentication certificates in Mozilla Firefox. Usable by Apache Tomcat.

PKCS12, also called Personal Information Exchange format (PFX), enables the transfer of certificates and their corresponding private keys from one computer to another or from a computer to removable media.

Because exporting a private key might expose it to unintended parties, the PKCS12 format is the recommended format for exporting a certificate and its associated private key.

It is used in Mozilla and Microsoft Internet Explorer with their import and export options.

The filename extension for PKCS12 files is ".p12" or ".pfx".[3] These files can be created, parsed and read out with the OpenSSL pkcs12 command.

Primary purpose of PKCS12 is transport or backup.

The PKCS12 Bundle Contains:

  • Private key encrypted with password
  • Associated certificate
  • Other certificates (chain through trust achor)
  • Private key must be extractable for export
  • File extension = .p12 or .pfx
  • Always binary

More Information#

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-5) was last changed on 21-Feb-2016 12:17 by jim