Java/Bouncycastle: How to create a P12 keystore with pkcs5PBES2?
10:57 15 Jan 2026

The upcoming openssl release 3.0 will remove support for weak crypto in PKCS#12 files. So .p12 files generated with the Bouncycastle provider that typically have this crypto:

$ openssl pkcs12 -in bc_legacy.p12 -info -noout
...
Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 51200
PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 51200

can then no longer be used with openssl. The obvious workaround in Java is to switch to the SUN provider which produces:

$ openssl pkcs12 -in sun.p12 -info -noout
...
Shrouded Keybag: PBES2, PBKDF2, AES-256-CBC, Iteration 10000, PRF hmacWithSHA256
PKCS7 Encrypted data: PBES2, PBKDF2, AES-256-CBC, Iteration 10000, PRF hmacWithSHA256

But i'm wondering: can BC do this, too? This might be useful, for example when creating keystores were the friendlyName and localKeyID attributes need to be more finely controlled than is possible in the Java Keystore API. So here is what i tried:

ASN1ObjectIdentifier ENC_ALGORITHM = NISTObjectIdentifiers.id_aes256_CBC;
ASN1ObjectIdentifier MAC_ALGORITHM = PKCSObjectIdentifiers.id_PBES2;
int ITERATION_COUNT = 10_000;
OutputEncryptor keyEncryptor = new JcePKCSPBEOutputEncryptorBuilder(ENC_ALGORITHM)
        .setProvider("BC")
        .setIterationCount(ITERATION_COUNT)
        .build(p12Password.toCharArray());

PKCS12SafeBagBuilder keyBagBuilder = new JcaPKCS12SafeBagBuilder((PrivateKey) privKey, keyEncryptor);
keyBagBuilder.addBagAttribute(PKCS12SafeBag.friendlyNameAttribute, new DERBMPString(alias));

PKCS12SafeBagBuilder certBagBuilder = new JcaPKCS12SafeBagBuilder(cert);
certBagBuilder.addBagAttribute(PKCS12SafeBag.friendlyNameAttribute, new DERBMPString(alias));

PKCS12PfxPduBuilder pfxBuilder = new PKCS12PfxPduBuilder();
pfxBuilder.addEncryptedData(
        keyEncryptor,
        new PKCS12SafeBag[]{keyBagBuilder.build(), certBagBuilder.build()}
);
JcePKCS12MacCalculatorBuilder macBuilder = new JcePKCS12MacCalculatorBuilder(MAC_ALGORITHM)
                .setIterationCount(ITERATION_COUNT)
                .setProvider("BC");

PKCS12PfxPdu pfx = pfxBuilder.build(macBuilder, p12Password.toCharArray());

this fails with

org.bouncycastle.pkcs.PKCSException: unable to process data: unable to create MAC calculator: no such algorithm: 1.2.840.113549.1.5.13 for provider BC

Bouncycastle does offer a PKCSObjectIdentifiers.id_hmacWithSHA256 algorithm, but that produces P12 files that can not be read with openssl nor the Java keytool. There is a question about this on the bouncy Github discussion page, but that question was asked almost a year ago and has no answers yet. So i'm asking here: can BC create openssl-3.0 compatible PKCS#12 files?

java bouncycastle pkcs#12