Convert an old style .p12 to .pem (unsupported algorithm RC2-40-CBC)

Question

There seem to exist still some tools which generate private keys encrypted with RC2-40-CBC

Although I'm able to export it to a new key store using keytool -importkeystore it seems that I can't get rid of this algorithm.

How to convert them to PEM ?

OpenSSL fails with:

digital envelope routines:inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:349:Global default library context, Algorithm (RC2-40-CBC : 0), Properties ()

score 31 · Answer 1 · answered Jul 04 '22 at 16:27

31

openssl has a key algorithm provider called legacy. Just try with:

openssl pkcs12 -in mycert.p12 -legacy -nodes

answered Jul 04 '22 at 16:27

erny

1,296
1
13
28

this produces invalid key – softcode Aug 28 '23 at 14:27

score 4 · Answer 2 · answered Jan 24 '23 at 21:53

You can change it permamently in OpenSSL configuration. Just modify file /etc/ssl/openssl.cnf

Find the [default_sect] section and change it to:

[default_sect]
activate = 1
[legacy_sect]
activate = 1

Then find the [provider_sect] and use:

[provider_sect]
default = default_sect
legacy = legacy_sect

Save file.

Convert an old style .p12 to .pem (unsupported algorithm RC2-40-CBC)

2 Answers2

Linked