I created the PKCS#12 archive by doing:
openssl genrsa -out private_key.pem 2048
openssl req -new -x509 -key private_key.pem -out certificate.pem -days 365 -subj “/CN=key-app”
openssl pkcs12 -export -inkey private_key.pem -in certificate.pem -out pkcs12.key -name “key-app”
I’ve cloned the MBedTLS project an built the programs. Then i navigated to mbedtls/build/programs/pkey and gave the following command:
./key_app mode=private filename=pkcs12.key password=“…”
This gives me the following output/error:
. Loading the private key … failed
! mbedtls_pk_parse_keyfile returned -0x3d00
! Last error was: PK - Invalid key tag or value
So my question is, is this feature supported by MBedTLS ?
To me it is confusing, there is an pkcs12.h and implementation but from reading the code it is only meant to e.g. decrypt a pkcs8 archive?
Side node, i repeat the above steps with “openssl pkcs8 -in private_key.pem -out pkcs8.key -topk8” then it seems to be able to disect the archive.