Create unencrypted key file:
openssl pkcs12 -in mykeys.p12 -out unencrypted.key -nodes -nocerts
Extract certificates to file:
openssl pkcs12 -in mykeys.p12 -out mycerts.crt -nokeys
CA and user certificate will be in the same file!
Convert keys to p12:
openssl pkcs12 -export -certfile ca.crt -in user.crt -inkey user.key -out mykeys.p12
Decrypt user key:
openssl rsa -in encrypted.key -out decrypted.key
