Manual Pages for UNIX Operating System command usage for man PKCS12_create

OpenSSL                                   PKCS12_create(3openssl)



NNNNAAAAMMMMEEEE
     PKCS12_create - create a PKCS#12 structure

SSSSYYYYNNNNOOOOPPPPSSSSIIIISSSS
      #include 

      PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, STACK_OF(X509) *ca,
                                     int nid_key, int nid_cert, int iter, int mac_iter, int keytype);


DDDDEEEESSSSCCCCRRRRIIIIPPPPTTTTIIIIOOOONNNN
     PKCS12_create() creates a PKCS#12 structure.

     ppppaaaassssssss is the passphrase to use. nnnnaaaammmmeeee is the ffffrrrriiiieeeennnnddddllllyyyyNNNNaaaammmmeeee to
     use for the supplied certifictate and key. ppppkkkkeeeeyyyy is the
     private key to include in the structure and cccceeeerrrrtttt its
     corresponding certificates. ccccaaaa, if not NNNNUUUULLLLLLLL is an optional
     set of certificates to also include in the structure.

     nnnniiiidddd_kkkkeeeeyyyy and nnnniiiidddd_cccceeeerrrrtttt are the encryption algorithms that
     should be used for the key and certificate respectively.
     iiiitttteeeerrrr is the encryption algorithm iteration count to use and
     mmmmaaaacccc_iiiitttteeeerrrr is the MAC iteration count to use.  kkkkeeeeyyyyttttyyyyppppeeee is the
     type of key.

NNNNOOOOTTTTEEEESSSS
     The parameters nnnniiiidddd_kkkkeeeeyyyy, nnnniiiidddd_cccceeeerrrrtttt, iiiitttteeeerrrr, mmmmaaaacccc_iiiitttteeeerrrr and kkkkeeeeyyyyttttyyyyppppeeee
     can all be set to zero and sensible defaults will be used.

     These defaults are: 40 bit RC2 encryption for certificates,
     triple DES encryption for private keys, a key iteration
     count of PKCS12_DEFAULT_ITER (currently 2048) and a MAC
     iteration count of 1.

     The default MAC iteration count is 1 in order to retain
     compatibility with old software which did not interpret MAC
     iteration counts. If such compatibility is not required then
     mmmmaaaacccc_iiiitttteeeerrrr should be set to PKCS12_DEFAULT_ITER.

     kkkkeeeeyyyyttttyyyyppppeeee adds a flag to the store private key. This is a non
     standard extension that is only currently interpreted by
     MSIE. If set to zero the flag is omitted, if set to KKKKEEEEYYYY_SSSSIIIIGGGG
     the key can be used for signing only, if set to KKKKEEEEYYYY_EEEEXXXX it
     can be used for signing and encryption. This option was
     useful for old export grade software which could use signing
     only keys of arbitrary size but had restrictions on the
     permissible sizes of keys which could be used for
     encryption.

NNNNEEEEWWWW FFFFUUUUNNNNCCCCTTTTIIIIOOOONNNNAAAALLLLIIIITTTTYYYY IIIINNNN OOOOPPPPEEEENNNNSSSSSSSSLLLL 0000....9999....8888
     Some additional functionality was added to PKCS12_create()
     in OpenSSL 0.9.8. These extensions are detailed below.



9/Oct/2002             Last change: 0.9.8o                      1






OpenSSL                                   PKCS12_create(3openssl)



     If a certificate contains an aaaalllliiiiaaaassss or kkkkeeeeyyyyiiiidddd then this will
     be used for the corresponding ffffrrrriiiieeeennnnddddllllyyyyNNNNaaaammmmeeee or llllooooccccaaaallllKKKKeeeeyyyyIIIIDDDD in
     the PKCS12 structure.

     Either ppppkkkkeeeeyyyy, cccceeeerrrrtttt or both can be NNNNUUUULLLLLLLL to indicate that no
     key or certficate is required. In previous versions both had
     to be present or a fatal error is returned.

     nnnniiiidddd_kkkkeeeeyyyy or nnnniiiidddd_cccceeeerrrrtttt can be set to -1 indicating that no
     encryption should be used.

     mmmmaaaacccc_iiiitttteeeerrrr can be set to -1 and the MAC will then be omitted
     entirely.

SSSSEEEEEEEE AAAALLLLSSSSOOOO
     d2i_PKCS12(3)

HHHHIIIISSSSTTTTOOOORRRRYYYY
     PKCS12_create was added in OpenSSL 0.9.3




































9/Oct/2002             Last change: 0.9.8o                      2