[solved] MAC verification failed during PKCS12 import

daver · May 5, 2023, 9:22am

If you’re using OpenSSL 3.x to export your P12 certificate for iOS, you may encounter this error when compiling, even if you’re 100% sure export password is correct:

UserError: security: SecKeychainItemImport: MAC verification failed during PKCS12 import (wrong password?)
Correct 'iosDevP12Password' or 'iosDistP12Password' in voltbuilder.json.

OpenSSL 3.x changed its default algorithm in pkcs12, which isn’t currently compatible with security frameworks in macOS/iOS

To solve you can:

Downgrade to OpenSSL 1.x
Use -legacy option (make sure you have legacy libraries in your OpenSSL path)

Hope it helps
D.

artlogic · May 5, 2023, 10:32pm

Thanks for the tip!

Issues like these are why we suggest using VoltSigner to generate certificates. We’ve gone to a good deal of trouble to make sure the tool is secure and works with both iOS and Android.

daver · May 10, 2023, 10:12am

I saw VoltSigner, but it generates brand new CSR and private keys.

I want to keep my old private keys.

It could be a cool tool if VoltSigner would create P12 by uploading my private keys and CER, CSR or PEM certificate

D.