Inspect public certificate of .p12 without password

[Madjosz]

Is your feature request related to a problem? Please describe.
I often have to inspect client certificates for expiry dates. To do this with KeyStore Explorer I always have to provide the keystore password just to access the public information which could easily be extracted without password (without integrity verification in that case).

Describe the solution you'd like
It would be nice if I can inspect the public certificates of a .p12 file even when no password is given as the public certificates can be exported without password by keytool or openssl.

Describe alternatives you've considered
Currently if I do not have the password available or are too lazy to search the password manager for it I do the following:

keytool -exportcert -keystore clientcertificate.p12 -alias myalias -file publiccertificate.pem

or similar

openssl pkcs12 -nokeys -nomacver -in clientcertificate.p12 -out publiccertificate.pem

and provide no password when asked in both tools. I then inspect publiccertificate.pem with KeyStore Explorer to achieve my goal.

Additional context
Using KeyStore Explorer 5.4.4 I found no way to open clientcertificate.p12 without password. Leaving the password field empty like in #122 does not work and I will always be prompted if I like to enter the password again.

[kaikramer]

This is rather unusual. Usually the certificates are stored as encrypted data in a PKCS#12 file and then both commands (keytool and openssl) only work when you provide the correct password.

For comparison, I have generated a PKCS#12 file with OpenSSL and then used the command from your comment:

$ openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 3650 -nodes
$ openssl pkcs12 -export -out test_openssl.p12 -inkey key.pem  -in cert.pem
$ openssl pkcs12 -nokeys -nomacver -in test_openssl.p12 -out publiccertificate.pem
Enter Import Password:
Error outputting keys and certificates
140292140569216:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:../crypto/evp/evp_enc.c:583:
140292140569216:error:23077074:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 cipherfinal error:../crypto/pkcs12/p12_decr.c:62:
140292140569216:error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe crypt error:../crypto/pkcs12/p12_decr.c:93:

The PKCS#12 format grants a lot of freedom on how to store data. Therefore it is possible that the certificate in your p12 file is unencrypted. You can verify this with the "-info" parameter:

$ openssl pkcs12 -nokeys -nomacver -in test_openssl.p12 -info
Enter Import Password:
MAC: sha1, Iteration 2048
MAC length: 20, salt length: 8
PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 2048
Certificate bag
Bag Attributes
    localKeyID: 5E D0 D5 73 03 EC 6C 02 D7 4B D4 6E 04 E3 B6 9C 57 41 F2 44
subject=C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = test_openssl_p12

issuer=C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = test_openssl_p12

-----BEGIN CERTIFICATE-----
MIIDoTCCAomgAwIBAgIUJlU1Ig5HqJJwg+JnvqSMEGkdI18wDQYJKoZIhvcNAQEL
BQAwYDELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
...
yv+s4T/HvZpDHEBI01q15QpbhS2t++EfNvQvbRQuBIQ5t7CFVfT6jnjXGtRrKB8u
SzF2mb9IqqIa6saxvqgjDhuUIHxcjl4xPwYFmMKJv+cSlOI8sZwT8H9+t9zlhbPx
diSEYx3uFX4GwVW669qMEggs23sw
-----END CERTIFICATE-----
PKCS7 Data
Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2048

Do you know how this p12 file was generated?

[Madjosz]

Thanks for pointing this out. I looked through the certificates and I am able to open roughly a third of them without providing a password. Unfortunately I can not say how these were created as they were provided by a third party.
For the other p12 files you can still see the aliases of the entries but cannot see that there is a certificate attached to the aliases. This conforms with the error keytool issues when trying to extract the certificate from an encrypted file:

keytool error: java.lang.Exception: Alias <myalias> has no certificate

Still this is super simple to include in KeyStore Explorer, I just added || keyStoreType == KeyStoreType.PKCS12 in https://github.com/kaikramer/keystore-explorer/blob/master/kse/src/org/kse/crypto/keystore/KeyStoreUtil.java#L167 and it worked like a charm.

I only saw one downside: You can create a certificate with an empty password. It will then be opened with null password and you cannot see the certificates. (Tried it with KeyStore Explorer 5.4.4 vs my modified version)

[kaikramer]

Unfortunately none of the p12 files I have here are like this, i.e. I have no test data at all. Presumably you cannot share those PKCS#12 files of yours?

You could help me by posting the output of "openssl pkcs12 ... -info" (of course with localkeyID/subject/issuer/certificate removed). I would like to know the structure of those p12 files.

[Madjosz]

openssl pkcs12 -info provides the following information:

MAC: sha1, Iteration 1
MAC length: 20, salt length: 16
PKCS7 Data
Certificate bag
Bag Attributes
    localKeyID: XXX
subject=C = XX, O = XXX, OU = XXX, OU = XXX, OU = XXX, CN = XXX
issuer=C = XX, O = XXX, CN = XXX
-----BEGIN CERTIFICATE-----
XXX
-----END CERTIFICATE-----
PKCS7 Data
Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 1000
Bag Attributes
    localKeyID: XXX
Key Attributes: <No Attributes>
-----BEGIN ENCRYPTED PRIVATE KEY-----
XXX
-----END ENCRYPTED PRIVATE KEY-----
PKCS7 Data
Certificate bag
Bag Attributes: <No Attributes>
subject=C = XX, O = XXX, CN = XXX
issuer=C = XX, O = XXX, CN = XXX
-----BEGIN CERTIFICATE-----
XXX
-----END CERTIFICATE-----
PKCS7 Data
Certificate bag
Bag Attributes: <No Attributes>
subject=C = XX, O = XXX, CN = XXX
issuer=C = XX, O = XXX, CN = XXX
-----BEGIN CERTIFICATE-----
XXX
-----END CERTIFICATE-----

A certificate from another vendor looks like this:

MAC: sha1, Iteration 1
MAC length: 20, salt length: 20
PKCS7 Data
Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2000
Bag Attributes
    localKeyID: XXX
    Microsoft CSP Name: Microsoft Enhanced Cryptographic Provider v1.0
    friendlyName: E=XXX,CN=XX,O=XX,L=XXX,C=XX
Key Attributes
    X509v3 Key Usage: 10
-----BEGIN ENCRYPTED PRIVATE KEY-----
XXX
-----END ENCRYPTED PRIVATE KEY-----
PKCS7 Data
Certificate bag
Bag Attributes
    localKeyID: XXX
    friendlyName: E=XXX,CN=XXX,O=XXX,L=XXX,C=XX
subject=emailAddress = XXX, CN = XXX, O = XXX, L = XXX, C = XX
issuer=C = XX, L = XXX, O = XXX, CN = XXX, emailAddress = XXX
-----BEGIN CERTIFICATE-----
XXX
-----END CERTIFICATE-----

[kaikramer]

Thanks! I was able to generate such a p12 file with some low-level BC code.

[kaikramer]

Okay, so I have done some testing and to simply add || keyStoreType == KeyStoreType.PKCS12 in line 167 of KeyStoreUtil.java is not the right way to achieve this. This works well for JKS and JCEKS keystores because they generally have no encryption for certificate entries, but things are different for PKCS#12:

• If some (non-empty) password is set for the p12 file, the certificates are encrypted and I enter an empty paswword, the file is opened anyway. No error, it just doesn't show the certificate(s). As a user I would expect an error. I can unlock the private key, but the certificate remains hidden. Also the entry type is displayed as "key entry", which is wrong. This is already pretty bad, but at least if you enter the correct password, everything is fine.
• If the p12 file has an empty password set (this the case that you have mentioned above) things are getting significantly worse: There is no way anymore to open such a file and see the certificate(s). This is clearly a bug.

The proper way to open p12 files without a password would have to be much more complicated. I might implement this feature together with some other p12 related features later this year.

[gstanchev]

Java is moving to passwordless pkcs12 files too...

[kaikramer]

@gstanchev Either you have linked to the wrong web page or you have misunderstood its content. JEP 229 is simply about making PKCS#12 the default keystore type (e.g. when you create a new keystore with keytool and do not explicitly specify the type).

[gstanchev]

Apologies, i was googling something to link to and i might have linked incorrect link. I was referring to this thread which indicates Java 18 is moving towards passwordless PKCS12 as current cacerts format.

[kaikramer]

Ah, that's quite interesting. Thanks!

[sureshg]

JDK 18 has been released with these two features.

Allow Store Password to Be Null When Saving a PKCS12 KeyStore - https://jdk.java.net/18/release-notes#JDK-8231107
Migrate cacerts From JKS to Password-Less PKCS12 - https://jdk.java.net/18/release-notes#JDK-8275252

[kaikramer]

@sureshg Thanks for the update!