PKCS12 to OpenPGP Conversion

Justin Wienckowski Justin.Wienckowski at
Thu Jul 26 19:53:01 CEST 2001

As part of a project at my company, I've developed a program that converts a PKCS#12 certificate produced by Microsoft's CryptoAPI (CPS v1.0) into a format suitable for import into an OpenPGP-compliant program (like gpg, cheer!).

This is an EXTREME ALPHA release for those of you who are masochistic but wanna see how the conversion works.  It was done as a proof of concept.  The code is messy, hacked up, and hard to read.  It may very well not work for your certificates.    As soon as I clean it up and make it work right I'll release a package containing the nice source code, utilities, and sample files to show how to adapt it for your certificate formats.

You can grab the source at 


1) DOES NOT ENCRYPT THE PRIVATE KEY.  I'm lazy and busy so I havn't implemented that yet.  You can use gpg to set a passphrase on the key after you import it.

2) Requires cryptlib to compile.  Also uses a bunch of .h files from the cryptlib source so it can use the low-level SHA-1 and BIGNUM functions.

3) To import the key pair into gpg after you run it, use gpg --allow-secret-key-import --import my_key.pgp

4) Much of the PKCS processing code is directly adapted from Peter Gutmann's breakms.c code - thanks Peter!  He did some great work on the terrible nature of Microsoft's PKCS12 implementation.

I'm happy to answer any questions you may have about the program or PKCS or OpenPGP in general - just send them to me directly and not to the list :)

-Justin Wienckowski
justin.wienckowski at

More information about the Gnupg-devel mailing list