diff --git a/cmd/quill/cli/commands/p12_attach_chain.go b/cmd/quill/cli/commands/p12_attach_chain.go
index dc0851dc..5dc35b57 100644
--- a/cmd/quill/cli/commands/p12_attach_chain.go
+++ b/cmd/quill/cli/commands/p12_attach_chain.go
@@ -1,7 +1,6 @@
 package commands
 
 import (
-	"crypto/rand"
 	"crypto/x509"
 	"fmt"
 	"os"
@@ -104,7 +103,7 @@ func writeP12WithChain(p12Path, password, keychainPath string, failWithoutFullCh
 	}
 	certs = append(certs, remainingCerts...)
 
-	p12Bytes, err := pkcs12.Encode(rand.Reader, p12Contents.PrivateKey, p12Contents.Certificate, certs, password)
+	p12Bytes, err := pkcs12.Modern2023.Encode(p12Contents.PrivateKey, p12Contents.Certificate, certs, password)
 	if err != nil {
 		return "", fmt.Errorf("unable to encode p12 file: %w", err)
 	}
diff --git a/go.mod b/go.mod
index d4570154..e02abf7c 100644
--- a/go.mod
+++ b/go.mod
@@ -27,7 +27,7 @@ require (
 	github.com/stretchr/testify v1.8.4
 	github.com/wagoodman/go-partybus v0.0.0-20230516145632-8ccac152c651
 	github.com/wagoodman/go-progress v0.0.0-20220614130704-4b1c25a33c7c
-	software.sslmate.com/src/go-pkcs12 v0.2.1
+	software.sslmate.com/src/go-pkcs12 v0.4.0
 )
 
 require (
diff --git a/go.sum b/go.sum
index 307b2eb6..3eda0d4e 100644
--- a/go.sum
+++ b/go.sum
@@ -709,5 +709,5 @@ honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
-software.sslmate.com/src/go-pkcs12 v0.2.1 h1:tbT1jjaeFOF230tzOIRJ6U5S1jNqpsSyNjzDd58H3J8=
-software.sslmate.com/src/go-pkcs12 v0.2.1/go.mod h1:Qiz0EyvDRJjjxGyUQa2cCNZn/wMyzrRJ/qcDXOQazLI=
+software.sslmate.com/src/go-pkcs12 v0.4.0 h1:H2g08FrTvSFKUj+D309j1DPfk5APnIdAQAB8aEykJ5k=
+software.sslmate.com/src/go-pkcs12 v0.4.0/go.mod h1:Qiz0EyvDRJjjxGyUQa2cCNZn/wMyzrRJ/qcDXOQazLI=