As usal, PEM and PKCS12 files can be encrypted using a password, where the latter may contain both private keys and certs (etc.).
Thus of course a password is needed when loading them, even when just reading (public) certs from them.
I do not see the need for explicitly documenting this.
When we supprt writing p12 files (I have code for that), I think the ability to use options like -keypass, in particular which key option is used for which output, would be less obvious.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
As usal, PEM and PKCS12 files can be encrypted using a password, where the latter may contain both private keys and certs (etc.).
Thus of course a password is needed when loading them, even when just reading (public) certs from them.
I do not see the need for explicitly documenting this.
When we supprt writing p12 files (I have code for that), I think the ability to use options like -keypass, in particular which key option is used for which output, would be less obvious.