(registered 2015-08-21, last updated 2015-08-21) Type name: application Subtype name: pkcs12 Required parameters: N/A Optional parameters: N/A Encoding considerations: binary Security considerations: PKCS #12 data typically contains one or more private keys encrypted with a password using a key derivation function. Poor password choices, weak algorithms, or improper parameter selections (e.g., insufficient salting rounds) will make the confidential payloads much easier to compromise. Additionally, PFX was subject to criticism for being too obtuse and cumbersome to implement (see Gutmann, P., PFX - How Not to Design a Crypto Protocol/Standard, ). Many of these (editorial) shortcomings have been addressed in the latest publications of PKCS #12. For further considerations, see Section 6 of RFC 7292. Interoperability considerations: PKCS #12 (formerly PFX, Personal Information Exchange) is a widely recognized format for exchange of secret (personal identity) information on all modern cryptographic stacks. The format is primarily used for the exchange of private keys and certificates, but can also be used to exchange symmetric keys, miscellaneous secrets, attributed objects, and extensions. Published specification: PKCS #12 v1.0, June 1999; PKCS #12 v1.1 (RFC 7292), July 2014 Applications that use this media type: Machines, applications, browsers, Internet kiosks, and so on, that support this standard allow a user to import, export, and exercise a single set of personal identity information. Fragment identifier considerations: N/A Additional information: Deprecated alias names for this type: N/A Magic number(s): None. File extension(s): .p12, .pfx Macintosh file type code(s): N/A Person & email address to contact for further information: Sean Leonard Intended usage: COMMON Restrictions on usage: None. Author: RSA, EMC, IETF Change controller: The IETF Provisional registration? (standards tree only): No