PKCS 12 generation wraps authSafe field in one layer of OCTET STRING instead of two
Over on the IETF LAMPS list, Ryan Sleevi writes that for PKCS12's authSafe objects, there needs to be two layers of OCTET STRING.
But certtool produces a PKCS12 object with only one layer of OCTET STRING in each of these nested locations.
The PKCS12 object produced by certtool is unimportable by at least one PKCS12 implementation: Keychain Access on Mac OS X. I believe this single layer of OCTET STRING is the reason.
Interestingly, it looks like certtool --p12-info can read a PKCS12 object whether it is wrapped in one layer or two layers of OCTET STRING.
My ASN.1 capacity is not strong enough to figure out how to make certtool emit a double-wrapped layer of OCTET STRINGs in the right places. If anyone from GnuTLS can recommend how to do that, i'd be willing to try implementing it, but i'm lost right now.
You can find a certtool-generated PKCS12 object (PEM-encoded) in draft-ietf-lamps-samples-04 that has only a single-layer of OCTET STRING. (i've been testing with the bob.p12 object, converted to DER form)
The same set of keys and certs, laundered through importing into Thunderbird and then re-exporting, yields bob.laundered.p12. Both p12 files have a password that is a three-letter ASCII string bob. Of course the encryption parameters change between the files as well.
Here's a screenshot of Keychain Access failing to import the same PKCS#12 object:
Edited to remove claim that NSS's pk12util fails on this object, i can no longer replicate that failure. I think that maybe i was trying it with the PEM-encoded form instead of the DER-encoded form. sorry for the confusion!