MacOS security framework fails to import RFC 7292 compliant PKCS #12 v1.1 file into keychain using modern cyphers

Number:rdar://FB8988319 Date Originated:2021-02-03
Status:Open Resolved:
Product:Security Framework Product Version:MacOS 10.15.7
Classification:Application Crash Reproducible:
Attempts to import a PKCS 12 archive using SHA256 for the MAC when running 
“security import file.p12 -k ~/Library/Keychains/login.keychain -f pkcs12 -t egg”
errors with:
“Sorry you entered an invalid password”
“security: SecKeychainItemImport: MAC verification failed during PKCS12 import (wrong password?)”

Specifically as per RFC 7292 Appendix A: Message Authentication Codes (MACs)

“The hash function HMAC is based on is identified in the MacData, which holds the MAC; for this version of this standard, the hash function can be one of the following: SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, or SHA-512/256 [10].”

However it seems only SHA1 is supported (I suspect as this was the only cypher listed at the time in the v1.0 spec). Further it seems the security framework cannot parse encrypted data / shrouded keybag / etc, using 

PBES2, PBKDF2, AES-256-CBC, Iteration 2048, PRF hmacWithSHA256
PBES2, PBKDF2, AES-256-CBC, Iteration 2048, PRF hmacWithSHA1

And errors with:
“security: SecKeychainItemImport: Unknown format in import”

Specifically as per RFC 7292 Appendix B: Deriving Keys and IVs from Passwords and Salt:

“Note that this method for password privacy mode is not recommended and is deprecated for new usage. The procedures and algorithms defined in PKCS #5 v2.1 [13] [22] should be used instead. Specifically, PBES2 should be used as encryption scheme, with PBKDF2 as the key derivation function.”

Additionally RFC 8018 PKCS #5 v2.1: Appendix D. Revision History of PKCS #5

“* Introduces AES/CBC as an encryption scheme for PBES2 and HMAC with the hash functions SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, and SHA-512/256 as pseudorandom functions for PBKDF2 and message authentication schemes for PBMAC1.”

It should be noted that OpenSSL 3 will by default move to AES-256-CBC for the encryption by default for the certificate and private key PBE algorithm instead of the legacy RC2-40 or 3DES.

Steps to reproduce:

Using either LibreSSL 2.8.3 or OpenSSL 1.1.1h

# Generate cert and private key
openssl req -x509 -out cert.pem -sha256 -newkey rsa:2048 -keyout key.pem -nodes -subj "/CN=Self Signed Test Cert/"

# Generate pkcs12 archive using sha256 hash algorithm for the MAC
openssl pkcs12 -export  -inkey key.pem -in cert.pem -out file-mac-sha256.p12 -name "My Certificate" -password pass:1234 -macalg sha256 

# Generate pkcs12 archive using aes-256-cbc PBES2 for the certs and private keys
openssl pkcs12 -export  -inkey key.pem -in cert.pem -out file-pbes2-aes256.p12 -name "My Certificate" -password pass:1234 -keypbe aes-256-cbc -certpbe aes-256-cbc

# Import with (using password 1234)
security import file-mac-sha256.p12 -k ~/Library/Keychains/login.keychain -f pkcs12 -t agg
security import file-pbes2-aes256.p12 -k ~/Library/Keychains/login.keychain -f pkcs12 -t agg

Expected Results:
1 identity imported.

Actual results:

Sorry you entered an invalid password
security: SecKeychainItemImport: MAC verification failed during PKCS12 import (wrong password?)

security: SecKeychainItemImport: Unknown format in import.

Note the same error happens when double-clicking on the archives in finder.

Attached are the test PKCS 12 archives as well as info dump from “openssl pkcs12 -info -in …” as formatted by OpenSSL 1.1.1h.


Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!