On Fri, May 24, 2002, Mads Rasmussen wrote: > > Looking at the AuthenticatedSafe type: > > AuthenticatedSafe ::= SEQUENCE OF ContentInfo > -- Data if unencrypted > -- EncryptedData if password-encrypted > -- EnvelopedData if public key-encrypted > > Is the EnvelopedData ever used? - the signed integrity mode seems to > involve a unwanted big infrastructure. >
I've never seen any public key PKCS#12 files. The only ones I've seen have password based integrity and privacy modes using the same password (though you can have different passwords using OpenSSL). > Also is there always two data objects, one clear and one encrypted? > No, I've seen many variations. MSIE 4.0 for example had one single encrypted authsafe which contained a keybag and certificate bags. Newer versions of Netscape using PSM can back up all user keys and certificates to a single PKCS#12 file. > The first a pkcs-12-pkcs8ShroudedKeyBag and the second a > pbeWithSHAAnd40BitRC2-CBC > > What is the first and what is the second, I would guess the second to be > the private key, but what is the first then? > It could contain anything *however* its most likely to contain certificate bags giving the full path of the corresponding certificates. Steve. -- Dr. Stephen Henson [EMAIL PROTECTED] OpenSSL Project http://www.openssl.org/~steve/ ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
