Personal Information Exchange Syntax (pkcs12)

(Public Key Cryptography Standard 12)

This standard describes a transfer syntax for personal identity information, including private keys, certificates, miscellaneous secrets, and extensions. Machines, applications, browsers, Internet kiosks, and so on, that support this standard will allow a user to import, export, and exercise a single set of personal identity information.

This standard supports direct transfer of personal information under several privacy and integrity modes. The most secure of the privacy and integrity modes require the source and destination platforms to have trusted public/private key pairs usable for digital signatures and encryption, respectively. The standard also supports lower security, password-based privacy and integrity modes for those cases where trusted public/private key pairs are not available.

History

PKCS12 was developed by RSA Laboratories in 1999, based upon PKCS8.

Protocol dependencies

There are no protocol dependencies for PKCS12.

Example traffic

XXX - Add example decoded traffic for this protocol here (as plain text or Wireshark screenshot).

Wireshark

The PKCS12 dissector is fully functional though it is not capable of decrypting and displaying the encrypted components.

Preference Settings

There are no preference settings for PKCS12.

Example capture file

Below is a sample PKCS12 file, which is a raw ASN.1 file and not a network capture file.

There are many more samples available within the Certificate Builder and Test Utilities package available at the BAe Systems website.

Display Filter

A complete list of PROTO display filter fields can be found in the display filter reference

Capture Filter

There is no specific capture filter for the PKCS12. However, PKCS12 may be dissected by loading .pfx or .p12 files directly into Wireshark. PKCS12 may also be seen in an LDAP capture within a userPKCS12 attribute.

Discussion

Protocols/pkcs12 (last edited 2008-04-12 17:50:20 by localhost)