While it may be technically feasible, Jean-Marc, it would create a lot of confusion for users, developers and system administrators to see a P12 file on their file-system that would not have a digital certificate in it.
I suspect this is the primary reason why the PKCS specs have a #8 specification distinct from the #12; otherwise they would have just recommended using #12 for all stages of the certificate issuance process. Arshad Noor StrongAuth, Inc. Jean-Marc Desperrier wrote:
It's technically feasible (it does not break the format) to create a private key only pkcs#12,
-- dev-tech-crypto mailing list email@example.com https://lists.mozilla.org/listinfo/dev-tech-crypto