> I supplied some of the info for that article and I wrote PKCS#12 for
> OpenSSL so I'd say yes OpenSSL PKCS#12 implementation is reasonably
> secure with the usual precautions, i.e. not picking obvious or guessable
> passwords.
>
> OpenSSLs implementation uses high mac and encryption iteration counts
> and strong encryption of private keys.
>
> Wrt PKCS#15. Its an evil thing to implement in OpenSSL ASN1 and its very
> new.
>
> If its use became more widespread (e.g. Netscape, IE) for this purpose
> then maybe at some point in the future support could be added. But well
> after the ASN1 gets revised.
>
> Steve.
Thank you for your clearence. There are still some information that I want to
know. Is the default setting to PKCS12_create() will be sufficient? Or do I need
to increase the mac_iter and nid_cert ciper to 3DES-CBC?
--
(~._.~) �� Ⱥ Ӣ (Qun-Ying) (65) 874-6743
( O ) TrustCopy Pte Ltd / Kent Ridge Digital Labs
()~*~() 21 Heng Mui Keng Terrace, Singapore 119613
(_)-(_) [EMAIL PROTECTED] * [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
