Differences between revisions 1 and 2
Revision 1 as of 2007-01-28 11:12:29
Size: 2522
Editor: 535424F6
Comment: Initial version.
Revision 2 as of 2008-04-12 17:50:20
Size: 2534
Editor: localhost
Comment: converted to 1.6 markup
Deletions are marked like this. Additions are marked like this.
Line 42: Line 42:
 * attachment:SampleCaptures/pkcs12.pfx  * [[attachment:SampleCaptures/pkcs12.pfx]]
Line 44: Line 44:
There are many more samples available within the ''Certificate Builder and Test Utilities'' package available at the [http://www.digitalnet.com/knowledge/download.htm BAe Systems website]. There are many more samples available within the ''Certificate Builder and Test Utilities'' package available at the [[http://www.digitalnet.com/knowledge/download.htm|BAe Systems website]].
Line 47: Line 47:
A complete list of PROTO display filter fields can be found in the [http://www.wireshark.org/docs/dfref/p/pkcs12.html display filter reference] A complete list of PROTO display filter fields can be found in the [[http://www.wireshark.org/docs/dfref/p/pkcs12.html|display filter reference]]
Line 55: Line 55:
PKCS12 may also be seen in an ["LDAP"] capture within a ''userPKCS12'' attribute. PKCS12 may also be seen in an [[LDAP]] capture within a ''userPKCS12'' attribute.
Line 59: Line 59:
 * [ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-12/pkcs-12v1.pdf] ''PKCS 12 v1.0: Personal Information Exchange Syntax''
 * [ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-12/pkcs-12.asn] ''ASN.1 Module''
 * [[ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-12/pkcs-12v1.pdf]] ''PKCS 12 v1.0: Personal Information Exchange Syntax''
 * [[ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-12/pkcs-12.asn]] ''ASN.1 Module''

Personal Information Exchange Syntax (pkcs12)

(Public Key Cryptography Standard 12)

This standard describes a transfer syntax for personal identity information, including private keys, certificates, miscellaneous secrets, and extensions. Machines, applications, browsers, Internet kiosks, and so on, that support this standard will allow a user to import, export, and exercise a single set of personal identity information.

This standard supports direct transfer of personal information under several privacy and integrity modes. The most secure of the privacy and integrity modes require the source and destination platforms to have trusted public/private key pairs usable for digital signatures and encryption, respectively. The standard also supports lower security, password-based privacy and integrity modes for those cases where trusted public/private key pairs are not available.

History

PKCS12 was developed by RSA Laboratories in 1999, based upon PKCS8.

Protocol dependencies

There are no protocol dependencies for PKCS12.

Example traffic

XXX - Add example decoded traffic for this protocol here (as plain text or Wireshark screenshot).

Wireshark

The PKCS12 dissector is fully functional though it is not capable of decrypting and displaying the encrypted components.

Preference Settings

There are no preference settings for PKCS12.

Example capture file

Below is a sample PKCS12 file, which is a raw ASN.1 file and not a network capture file.

There are many more samples available within the Certificate Builder and Test Utilities package available at the BAe Systems website.

Display Filter

A complete list of PROTO display filter fields can be found in the display filter reference

  • Show only the PKCS12 based traffic:

     pkcs12 

Capture Filter

There is no specific capture filter for the PKCS12. However, PKCS12 may be dissected by loading .pfx or .p12 files directly into Wireshark. PKCS12 may also be seen in an LDAP capture within a userPKCS12 attribute.

Discussion

Protocols/pkcs12 (last edited 2008-04-12 17:50:20 by localhost)