Topic: [SOLVED] Does Wolf support PCKS12 PFX Format?


we currently start to integrate SSL Certs into our embedded Devices. Therefore we want to use an import of server cert and private key via USB Stick. It would be great if both are integrated into one file, e.g. using pfx format. Is this already supported by WolfSSL or is it planned to integrate this?
Thank you in advance.


Re: [SOLVED] Does Wolf support PCKS12 PFX Format?

Hello Dirk,

We have some support for parsing a PKCS12 file that has a matching private key and certificate stored. This code is in our main github repo and scheduled to be in the next release. Currently only supporting parsing of the file and not creating it. To get the most use out of it wolfSSL should be configured with "./configure --enable-opensslextra --enable-des3 --enable-arc4". We do not currently support RC2, so encryption done with RC2 can not be decrypted by the API.

Command line to create a pkcs12 certificate to use.
$ openssl pkcs12 -des3 -descert -inkey certs/server-key.pem -in certs/server-cert.pem -CAfile certs/server-cert.pem -out pkcs12.p12 -export

Sudo code for reading WC_PKCS12 from WOLFSSL_BIO and parsing it

WC_PKCS12* pkcs
WOLFSSL_X509* cert
STACK_OF(X509) certs

//bio loads in PKCS12 file
wolfSSL_d2i_PKCS12_bio(bio, &pkcs)
ret = wolfSSL_PKCS12_parse(pkcs, “a password”, &pkey, &cert, &certs)
//check ret value

//use cert, pkey, and optional certs stack

Parsing can be done without using WOLFSSL_BIO by calling wc_PKCS12_parse directly with the DER PKCS12 buffer. Sorry we don't have better documentation of it up yet online, these functions were added just recently. If further questions on use come up feel free to contact us through and we can dedicate an engineer to helping out.



Re: [SOLVED] Does Wolf support PCKS12 PFX Format?

Hi Jacob,

I am impressed of the quick response to my post.
Keep up such good work.

Thank you,