Short feedback from PKCS#12 encryption with OpenSSL-3.0.3 on IPFire platform.
[root@ipfire-openssl3 ~]# openssl version
OpenSSL 3.0.3 3 May 2022 (Library: OpenSSL 3.0.3 3 May 2022)
[root@ipfire-openssl3 ~]# openssl pkcs12 -info -in /var/ipfire/ovpn/certs/pkcstestopenssldrei.p12 -noout
Enter Import Password:
MAC: sha256, Iteration 2048
MAC length: 32, salt length: 8
PKCS7 Encrypted data: PBES2, PBKDF2, AES-256-CBC, Iteration 2048, PRF hmacWithSHA256
Certificate bag
Certificate bag
PKCS7 Data
Shrouded Keybag: PBES2, PBKDF2, AES-256-CBC, Iteration 2048, PRF hmacWithSHA256
as stated above, the algorithms are nearly the same then with the patch above except the MAC which was not configurable with the current IPFire version 1.1.1n with the ‘-macalg alg’ flag whereby SHA1 has been used.
OpenSSL-3.x uses per default SHA256 which is the only exception and also a difference from Silvio´s tests with Fedora workstation on the Redhat bugtracker whereby SHA512 has been used.
So far from here.
Best,
Erik