Cryptography - PKCS12


PKCS12 is a pkcs version 12.

PKCS12 (ie p12 extension) is intended to store both:

It has the capability of being password protected to provide some protection to the keys.

PFX was the predecessor of PKCS#12.

PKCS#12 files are used by client application such as:



with Openssl pkcs12 1), you can add a chain


A PKCS#12 file can be created by using the -export option


  • a server certificate and the required intermediates in one PEM file
  • and private key
openssl pkcs12 -export -in www-example-com.crt -inkey www-example-com.key -out www-example-com.p12

To Pem

Privacy-Enhanced Mail (PEM) (OpenSsh key format)

The format becomes a base 64 hash of pkcs12.

openssl pkcs12 \
    -in /opt/truststore.pkcs12 \
    -nodes \  # Don't encrypt private keys
    -out /opt/truststore.pem \
    -passin 'pass:YourPassword'

Discover More
Cryptography - JKS (Java Keystore)

In the JDK implementation of JKS, a keystore may contain both: key entries and trusted certificate entries. command line: Gui: Porte-cle: (download)...
Portecle New Keystore
Cryptography - Keystore (KS)

A keystore is a database of key material. ie: key LDAP identity You only need it: if you are a server that want to implements SSL, or if the server requires client authentication. A keystore...
Cryptography - PKCS (Public Key Cryptography Standards)

PKCS #X (Public Key Cryptography Standards) are a group of public-key cryptography standards devised and published by RSA Security Inc, starting in the early 1990s. They defined the file format of key...
Cryptography - Storage of key material

This page lists the datastore / file of cryptographic material such as: key LDAP identity certificat signing request and more. Key and key pair file format is the binary...
400 Default Page No Required Ssl Certificate
How to configure certification based client authentication with Nginx ?

This article shows you how to configure a client authentication via the ownership of a certificat on a Nginx web server. The server should be already configured for HTTPS as client certificate (client...
Porte Cle

portecle is a cryptographic material manager. It's a french term that means key ring where key references to the cryptogrphic key. You can do cryptographic operation in a GUI fashion versus in a command...
Public Key Crypto Pair Key Creation
What is a client certificate authentication ? (SSL/TLS Web)

Client certificate authentication is a certification based authentication mechanism where the client identifies itself to the server by sending a signed certificate. The server just needs to verify the...

Share this page:
Follow us:
Task Runner