This is a *very* incomplete version of "pfx". It *may* read netscape certificate
export format (which is *NOT* PKCS-12 whatever the dialog box tells you). This
was compiled under redhat Linux 4.1 and uses Netscape Communicator 4.01, export
version. If it works with anything else at this stage then be grateful.

To use it export a netscape certificate somewhere as e.g. Steve.p12 .

Then to dump the certificate chain try:

pfx -in Steve.p12 -p7chain -out certs.pem

You can then you pkcs7 -print_certs to extract the individual certificates.

To dump the private key and reencrypt with triple DES try:

pfx -in Steve.p12 -privkey -des3 -out stevepriv.pem

I *strongly* advise you use the encryption options with private key extraction.

In each case you will be prompted for a password, this is the password Netscape prompted you for on export.

As mentioned above this code is *very* incomplete. It will be revised
considerably in the future.

Please read the TODO file before commenting on the code.

Please note if you don't understand how to use the program then this version
is not for you. If it doesn't work on your setup then bug reports are welcomed. 

NB If you have a file that breaks this and it is an *official* certificate then
please do not send it to me, if you don't understand why then again you
shouldn't be using this version. Files from test certificates are welcome,
provided you also tell me the password!

My thanks go to Jim Spring of Netscape corp, and (naturally) Eric Young for
SSLeay.

Dr. Stephen Henson. shenson@bigfoot.com

NB The format of the export file is very close to that detailed in PFX 0.020
available on Microsoft's site. However the key generation varies markedly
from that mentioned there and is outlined in a "differences document" which
Jim Spring was kind enough to send me.

