The internal storage containers, called "SafeBags", may also be encrypted and signed.
It enables buckets of complex objects such as PKCS #8 structures, nested deeply.
[citation needed] PKCS #12 files are usually created using OpenSSL, which only supports a single private key from the command line interface.
[9][10] A simpler, alternative format to PKCS #12 is PEM which just lists the certificates and possibly private keys as Base 64 strings in a text file.
However, beware that for interchangeability with other software, if the sources are in PEM Base64 text, then --outder should also be used.