Gregory, >> * - Windows indeed will not handle a .p12 cert+key with the PKCS5 v2 [i.e. >> aes-256] encryption on it. It appears to only handle 3DES. [I didn't test >> every possible PBE - just 3DES and AES256]
The Microsoft Windows operating system uses Cryptographic Service Provider (CSP) plug-in modules to do the actual implementation of the cryptographic functions so that Microsoft can ship their products world-wide, including to countries where cryptography may be restricted. The Base CSP shipped with all recent versions of Microsoft Windows is most likely restricted to lower-strength cryptography. For a more complete discussion of this concept and to find out what providers are available for your country, see the MSDN article here: http://msdn.microsoft.com/en-us/library/aa386983.aspx According to the MSDN article referenced; in the US, Microsoft _does_ provide full support for AES-256 algorithms, but it is probable that the CSP that provides this capability might not be loaded by default on the operating system baseline. Apple also uses this concept of "Cryptographic Service Provider", so search their web site(s) using this term. you may also be able to leverage Java and OpenSSL as the Apple OS X is UNIX-based. Java 6 SE (and above) supports this under Java Cryptographic Architecture (JCA) and Java Secure Sockets Extensions (JSSE), splitting the API and implementations using a similar concept of Providers. A good starting point for Oracle Java Cryptographic Architecture that discusses which Providers are available is at this URL: http://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProviders.html Good luck with your testing of .p12. Cheers! Simba Engineering
