-
Notifications
You must be signed in to change notification settings - Fork 765
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support different MAC Algorithms to generate PKCS12 wrapper #1061
Comments
I have a fix made locally and will make a PR for your consideration and review. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Background
Currently
openssl
orkeytool
usesSHA256
to generate MAC data forpkcs12
. However,node-forge
usesSHA1
as hereopenssl
also allows specifying the macAlgorithm using parameter below:-macalg val Digest algorithm to use in MAC (default SHA256)
node-forge
currently allows readingpkcs12
files generated by other tool and supports detecting the MAC algorithm used as you can find hereProposal
We should allow passing a new option called
options.macAlgorithm
for functionp12.toPkcs12Asn1
.Here:
macAlgorithm
should be a string similar tooptions.algorithm
oroptions.encAlgorithm
parameter.macAlgorithm
must default tosha1
for backward compatibility.For example, someone should be allowed to generate
pkcs12
usingnode-forge
as below that essentially generates similar toopenssl
:The text was updated successfully, but these errors were encountered: