Brute-forcing pksc12 passphrases with OpenSSL

For some project I needed to recover the password that was used to encrypt a PKCS12 key.

I found a nice patch for openssl by Aion but that did not compile on any of my machines.

After some trial and error, I was able to compile it under Debian Woody. For your convenience, I have put the openssl binary online. It runs on i386 linux systems.


./openssl pkcs12 -in mycert.p12 -aion /usr/share/dict/words

Remember: it is ancient OpenSSL-0.9.7c so full of security bugs, hence only use it to recover lost passwords.


  1. josemari@jose-laptop:~$ ./openssl pkcs12 -in pepe.p12 -aion /usr/share/dict/words
    pkcs12bf> bruteforce pepe.p12 … pkcs12bf> no valid password found.

    I get the answer in 2 seconds.
    What is wrong?

  2. If you use the patched openssl binary, it’s very fast. Also if you’re using a standard dictionary words file that comes with your distro, it doesn’t contain many entries. So, there’s nothing wrong…the password just doesn’t match any values in your words file. Try other dictionary files, like from Openwall.

    If you buy their wordlist, it contains 40 million entries. You’re more likely to find your password with a larger dictionary file. There are other, free, wordlists on the internet, just search for them.

Leave a comment

Your email address will not be published. Required fields are marked *