Add support to accept pkcs12 format keys

[sumitsum]

No description provided.

[exceptionfactory]

@sumitsum Could you provide some additional details around intended use cases for PKCS12? The format support multiple entries, including both standalone certificates and private keys with certificates. A PKCS12 reader could attempt to load multiple private keys, which could be helpful in some scenarios. It is also possible for the PKCS12 file to have a store password that is different from individual key entry passwords, although this is less common.

@hierynomus Any thoughts on supporting PKCS12 as a potential source for private key material? This could be useful as a convenience feature, although tools such as OpenSSL support extracting private keys to PEM PKCS8 from PKCS12, making them readable in SSHJ.

[hierynomus]

Is there direct support for PKCS12 keys in other tools like OpenSSH? Then it would make more sense to add it so that you can use your keys irrespective of the tool that you're using to connect.

Indeed it feels more like a convenience method, and the first time this has been asked. Not sure how much work would be involved in building it.

[exceptionfactory]

That's a good question about OpenSSH and other services. Certificate-based authentication with OpenSSH does not use the standard X.509 structure for certificates, so even that scenario does not seem like a good fit for supporting PKCS12.

Most articles mentioning PKCS12 and SSH describe the steps necessary for converting between formats. Although it is an extra step, it keeps the supported capabilities in SSHJ more focused on traditional PEM files.