Hello, I have encountered a problem when trying to use OpenSSL command to decode PKCS12 file, I am using OpenSSL 0.9.8j that was build with FIPS support enabled.
When working in non FIPS mode I perform the following operation successfully: * K:\>openssl OpenSSL> pkcs12 -in k:\server.p12.pfx * When I am in FIPS mode and perform the same operation I get the following error: * Error outputting keys and certificates 7956:error:0607B090:digital envelope routines:EVP_CipherInit_ex:disabled for fips:.\crypto\evp\enc_min.c:306: 7956:error:06074078:digital envelope routines:EVP_PBE_CipherInit:keygen failure:.\crypto\evp\evp_pbe.c:101: 7956:error:23077073:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 algor cipherinit error:.\crypto\pkcs12\p12_decr.c:83: 7956:error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe crypt error:.\crypto\pkcs12\p12_decr.c:123: error in pkcs12 * Can someone shed light on why this does not work in FIPS mode? How does this functionality contradict the FIPS requirements? Is there and alternative that I can use that will work in FIPS mode? Thanks a lot, Lior
