1 1. Preparing data in this directory 2 3 mkdir tmp 4 cd tmp 5 keytool -keystore ks -genkeypair -storepass changeit -alias a -dname CN=A 6 openssl pkcs12 -in ks -nodes -out kandc -passin pass:changeit 7 openssl pkcs12 -export -in kandc -out os2 -name a -passout pass:changeit \ 8 -certpbe NONE -nomac 9 openssl pkcs12 -export -in kandc -out os3 -name a -passout pass:changeit \ 10 -certpbe NONE 11 openssl pkcs12 -export -in kandc -out os4 -name a -passout pass:changeit \ 12 -certpbe PBE-SHA1-RC4-128 -keypbe PBE-SHA1-RC4-128 -macalg SHA224 13 openssl pkcs12 -export -in kandc -out os5 -name a -passout pass:changeit \ 14 -certpbe AES-256-CBC -keypbe AES-256-CBC -macalg SHA512 15 for a in *; do 16 openssl base64 -in $a -out ../$a 17 done 18 cd .. 19 rm -rf tmp 20 21 2. After running the test, we can go to the scratch directory and run the 22 following commands to check keytool -> openssl interoperability. 23 OpenSSL 1.1.0i is used here. Earlier versions might generate different info. 24 25 ( 26 openssl pkcs12 -in ks2 -passin pass:changeit -info -nokeys -nocerts 2> t2 || exit 20 27 grep "MAC:sha1 Iteration 100000" t2 || exit 21 28 grep "Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 50000" t2 || exit 23 29 grep "PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 50000" t2 || exit 24 30 31 openssl pkcs12 -in ks22 -passin pass:changeit -info -nokeys -nocerts 2> t22 || exit 25 32 diff t2 t22 || exit 26 33 34 openssl pkcs12 -in ks3 -passin pass:changeit -info -nokeys -nocerts && exit 30 35 36 openssl pkcs12 -in ks3 -passin pass:changeit -info -nokeys -nocerts -nomacver 2> t3 || exit 31 37 grep "PKCS7 Encrypted data:" t3 && exit 33 38 grep "Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 50000" t3 || exit 34 39 grep "Shrouded Keybag: pbeWithSHA1And128BitRC4, Iteration 50000" t3 || exit 35 40 41 openssl pkcs12 -in ks33 -passin pass:changeit -info -nokeys -nocerts -nomacver 2> t33 || exit 36 42 diff t3 t33 || exit 37 43 44 openssl pkcs12 -in ks4 -passin pass:changeit -info -nokeys -nocerts 2> t4 || exit 40 45 grep "MAC:sha1 Iteration 5555" t4 || exit 41 46 grep "Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 7777" t4 || exit 43 47 grep "Shrouded Keybag: pbeWithSHA1And128BitRC4, Iteration 50000" t4 || exit 44 48 grep "PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 6666" t4 || exit 45 49 50 openssl pkcs12 -in ks44 -passin pass:changeit -info -nokeys -nocerts 2> t44 || exit 46 51 diff t4 t44 || exit 47 52 53 echo Succeed 54 )