## Test KeyStore data

This directory contains the same certificate and private key stored in multiple
PKCS#12 KeyStore files, each using a different PKCS#7 encryption scheme for the
private key, for use in `KeyStorePkcs7FormatTest`.

To generate the certificate and private key:

```
openssl req -x509 -nodes -days 36500 -subj "/CN=Test" -newkey rsa:1024 \
    -out certificate.pem -keyout privkey.pem
```

### Tested formats

All KeyStores have the password "password".

#### Openssl version notes

In the following commands `openssl1` refers to version 1.x of the
`openssl` binary and `openssl3` refers to version 3.x.

On most Linux installations openssl1 is still the default and you may need
to build openssl3 from source.


#### RC2 and 3DES

Very old format, but still the default generated by openssl 1.x.

* PKCS12 MAC: SHA-1
* PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 2048
* Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2048

(The "Encrypted data" scheme is for the outer layer encryption for the
whole KeyStore and the "Shrouded Keybag" is the scheme used to encrypt
the private key)

```
openssl1 pkcs12 -export -out pbe-rc2.p12 -in certificate.pem -inkey privkey.pem \
    -passout pass:password
```

Can also be generated using:

```
openssl3 pkcs12 -legacy -export -out pbe-rc2.p12 -in certificate.pem -inkey privkey.pem \
    -passout pass:password
```

which generates identical ASN.1 data.

#### 3DES

* PKCS7 Encrypted data: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2048
* Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2048

Essentially the same as above, but with 3DES encryption for both the certificate
and the private key.  All the pbe-3des-* files use this encryption but with
variations on the MAC algorithm and are generated by the `mkstores.sh` script.

#### PBES2

All the pbes2-* files are generated with the `mkstores.sh` script which uses
openssl3 to generate all supported variations of private key and certificate
encryption (from the AES family) and overall MAC algorithm from the SHA-1 and
SHA-2 family.

#### SHA-3

A file using SHA3-256 as its MAC algorithm.  Used to trigger exceptions
for testing. Created with:

```
openssl3 pkcs12 -export -out sha3.p12 -in certificate.pem -inkey privkey.pem \
    -passout pass:password -macalg SHA3-256
```