Dr S N Henson wrote: > > You can't exclude private keys from a PKCS#12 file using the OpenSSL > command line tool. The -nokeys options is for parsing a PKCS#12 file > only, not for creation. > > Normally PKCS#12 files are used to store certificates and keys so there > isn't any need to exclude keys. > Thanks for the advice. I want to use openssl to create PKCS#12 files for use with PGPnet clients which in turn will connect to a Freeswan VPN using X509 certificates. The plan is to use openssl to create all the keys + certificates. Tests have gone very well so far. The only problem is I don't want to install the Freeswan VPN private key on all the PGPnet clients. I got round this problem by importing both Freeswan VPN keys from the PKCS#12 file, then exporting the public key with PGPkeys. Once this has been done I delete the original key pair and import the public key. Cheers Shaun # > > Shaun McCullagh wrote: > > > > Hi, > > > > Can openssl list what keys are available in a PKCS#12 file? > > > > If so, please could somebody explain how? > > > > I used this command to create a PKCS#12 file so that the private key was > > excluded from the p12 file: > > > > openssl pkcs12 -info -nokeys -clcerts -export -in public.pem -inkey > > private.pem -certfile cacert.pem -out test.p12 > > > > But PGPkeys shows that the private key is still present in the file > > test.p12. > > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
