From Newsgroup: comp.misc

I have an S/MIME certificate with a private key, exported from Windows 11
that I need to import into Outlook for iOS. I select AES256-SHA256, and
this is how it's encrypted in the PFX file upon export, according to
OpenSSL:

MAC: sha256, Iteration 2000
MAC length: 32, salt length: 20
PKCS7 Data
Shrouded Keybag: PBES2, PBKDF2, AES-256-CBC, Iteration 2000, PRF hmacWithSHA256 PKCS7 Encrypted data: PBES2, PBKDF2, AES-256-CBC, Iteration 2000, PRF hmacWithSHA256

So as per Microsoft's documentation for Outlook for iOS, I emailed the PFX
file to myself. Outlook uses Apple's Keychain functionality, and Keychain
can't decrypt the PFX file. It doesn't even give a proper error message,
just that the password is "incorrect". This occurs on macOS as well.

The only way around this problem is to choose 'TripleDES-SHA1' instead of 'AES256-SHA256' when exporting from Windows:

MAC: sha1, Iteration 2000
MAC length: 20, salt length: 20
PKCS7 Data
Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2000
PKCS7 Encrypted data: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2000

But if I'm not mistaken, Triple DES is deprecated, currently disallowed by NIST, and is considered to be some WEAK ASS SHIT. Also, when encrypting
PKCS-12 files, OpenSSL 3.x.x defaults to AES256 and SHA256.

So what the hell am I supposed to do? Set up my own mail server with TLS to send one lousy file, or send it through my Google account and pray that the
god damn glow-in-the-darks don't vacuum it up?

Maybe Apple should fix this?
--- Synchronet 3.20a-Linux NewsLink 1.114