Hi,

just wondering if there are tools available to perform a brute force attack against *.p12 certificate files. I have stressed google severals hours but didn't find something which could perform such tasks (expect a elcomsoft tool for 500 GBP...).

Any hints would be appreciated.

Thanks

Hi,

ok seems to be not that easy ;). Would it be possible to use a small script in order to perform a basic attack e. g. by using the command shell tool openssl?

Regards,
Johannes

You could probably write a shell script to do this. It might not be terribly fast but it'd work.

You could script openssl (http://www.openssl.org/docs/apps/pkcs12.html) and use a plaintext dictionary or a perl script to provide passwords.

Further google comes back with lots of info for search term: PKCS#12 password crack (http://www.google.ca/search?hl=en&q=pkcs%2312+password+crack), a lot are ElcomSoft related (which is probably what you found) but some deal with MS related PKCS#12 weaknesses, etc.