From 5fbb02fcb1ef8fc708ea12b41f70d1b6ce5732d8 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 9 Oct 2002 12:06:58 +0000 Subject: [PATCH] PKCS12_create manual page --- doc/crypto/PKCS12_create.pod | 71 ++++++++++++++++++++++++++++++++++++ 1 file changed, 71 insertions(+) create mode 100644 doc/crypto/PKCS12_create.pod diff --git a/doc/crypto/PKCS12_create.pod b/doc/crypto/PKCS12_create.pod new file mode 100644 index 0000000000..495a2b8c40 --- /dev/null +++ b/doc/crypto/PKCS12_create.pod @@ -0,0 +1,71 @@ +=pod + +=head1 NAME + +PKCS12_create - create a PKCS#12 structure + +=head1 SYNOPSIS + + #include + + PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, STACK_OF(X509) *ca, + int nid_key, int nid_cert, int iter, int mac_iter, int keytype); + +=head1 DESCRIPTION + +PKCS12_create() creates a PKCS#12 structure. + +B is the passphrase to use. B is the B to use for +the supplied certifictate and key. B is the private key to include in +the structure and B its corresponding certificates. B, if not B +is an optional set of certificates to also include in the structure. + +B and B are the encryption algorithms that should be used +for the key and certificate respectively. B is the encryption algorithm +iteration count to use and B is the MAC iteration count to use. +B is the type of key. + +=head1 NOTES + +The parameters B, B, B, B and B +can all be set to zero and sensible defaults will be used. + +These defaults are: 40 bit RC2 encryption for certificates, triple DES +encryption for private keys, a key iteration count of PKCS12_DEFAULT_ITER +(currently 2048) and a MAC iteration count of 1. + +The default MAC iteration count is 1 in order to retain compatibility with +old software which did not interpret MAC iteration counts. If such compatibility +is not required then B should be set to PKCS12_DEFAULT_ITER. + +B adds a flag to the store private key. This is a non standard extension +that is only currently interpreted by MSIE. If set to zero the flag is omitted, +if set to B the key can be used for signing only, if set to B +it can be used for signing and encryption. This option was useful for old +export grade software which could use signing only keys of arbitrary size but +had restrictions on the permissible sizes of keys which could be used for +encryption. + +=head1 NEW FUNCTIONALITY IN OPENSSL 0.9.8 + +Some additional functionality was added to PKCS12_create() in OpenSSL +0.9.8. These extensions are detailed below. + +Either B, B or both can be B to indicate that no key or +certficate is required. In previous versions both hasves to be present or +a fatal error is returned. + +B or B can be set to -1 indicating that no encryption +should be used. + +B can be set to -1 and the MAC will then be omitted entirely. + +=head1 SEE ALSO + +L + +=head1 HISTORY + +PKCS12_create was added in OpenSSL 0.9.3 + +=cut -- 2.25.1