NOTE

PKIjs supports many different combinations of PKCS#12. Most clients only support one combination. Clients typically only support a combination where the same password is used for protection and integrity.

PKIjs, also only supports creation of AES-CBC and AES-GCM protected PKCS#12’s which will not be readable by Windows which only supports weak ciphers in PKCS#12 files.

You can parse the Password-Based Privacy Protection variant PKIjs creates using this command:

openssl pkcs12 -in pkijs_pkcs12.p12

PKCS#12 With OpenSSL-like Internal Structure

PKCS#12 With Password-Based Integrity Protection And No Privacy Protection

PKCS#12 With Certificate-Based Integrity Protection And No Privacy Protection
PKCS#12 With No Privacy Protection and Password-Based Integrity Protection

PKCS#12 With Password-Based Privacy And Inegrity Protection

PKCS#12 With Certificate-Based Privacy And Password-Based Integrity Protection

Parse OpenSSL-like PKCS#12 data
NOTE

Unfortunately current versions of Windows and OpenSSL only support using weak cryptographic primitives in PKCS#12. WebCrypto does not support these weaker mechanisms so we can not fully parse files all files created by them.

With that said OpenSSL does support some stronger options, specifically it allows creation of PKCS#12’s using AES-CBC. You can create such a file with this command:

openssl pkcs12 -export -inkey key.pem -in test.cer -out test.p12 -certpbe AES-256-CBC -keypbe AES-256-CBC