PKCS12_add_cert.pod 2.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081
  1. =pod
  2. =head1 NAME
  3. PKCS12_add_cert, PKCS12_add_key, PKCS12_add_key_ex,
  4. PKCS12_add_secret - Add an object to a set of PKCS#12 safeBags
  5. =head1 SYNOPSIS
  6. #include <openssl/pkcs12.h>
  7. PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert);
  8. PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags,
  9. EVP_PKEY *key, int key_usage, int iter,
  10. int key_nid, const char *pass);
  11. PKCS12_SAFEBAG *PKCS12_add_key_ex(STACK_OF(PKCS12_SAFEBAG) **pbags,
  12. EVP_PKEY *key, int key_usage, int iter,
  13. int key_nid, const char *pass,
  14. OSSL_LIB_CTX *ctx, const char *propq);
  15. PKCS12_SAFEBAG *PKCS12_add_secret(STACK_OF(PKCS12_SAFEBAG) **pbags,
  16. int nid_type, const unsigned char *value, int len);
  17. =head1 DESCRIPTION
  18. These functions create a new B<PKCS12_SAFEBAG> and add it to the set of safeBags
  19. in I<pbags>.
  20. PKCS12_add_cert() creates a PKCS#12 certBag containing the supplied
  21. certificate and adds this to the set of PKCS#12 safeBags.
  22. PKCS12_add_key() creates a PKCS#12 keyBag (unencrypted) or a pkcs8shroudedKeyBag
  23. (encrypted) containing the supplied B<EVP_PKEY> and adds this to the set of PKCS#12
  24. safeBags. If I<key_nid> is not -1 then the key is encrypted with the supplied
  25. algorithm, using I<pass> as the passphrase and I<iter> as the iteration count. If
  26. I<iter> is zero then a default value for iteration count of 2048 is used.
  27. PKCS12_add_key_ex() is identical to PKCS12_add_key() but allows for a library
  28. context I<ctx> and property query I<propq> to be used to select algorithm
  29. implementations.
  30. PKCS12_add_secret() creates a PKCS#12 secretBag with an OID corresponding to
  31. the supplied I<nid_type> containing the supplied value as an ASN1 octet string.
  32. This is then added to the set of PKCS#12 safeBags.
  33. =head1 NOTES
  34. If a certificate contains an I<alias> or a I<keyid> then this will be
  35. used for the corresponding B<friendlyName> or B<localKeyID> in the
  36. PKCS12 structure.
  37. PKCS12_add_key() makes assumptions regarding the encoding of the given pass
  38. phrase.
  39. See L<passphrase-encoding(7)> for more information.
  40. =head1 RETURN VALUES
  41. A valid B<PKCS12_SAFEBAG> structure or NULL if an error occurred.
  42. =head1 CONFORMING TO
  43. IETF RFC 7292 (L<https://tools.ietf.org/html/rfc7292>)
  44. =head1 SEE ALSO
  45. L<PKCS12_create(3)>
  46. =head1 HISTORY
  47. PKCS12_add_secret() and PKCS12_add_key_ex() were added in OpenSSL 3.0.
  48. =head1 COPYRIGHT
  49. Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
  50. Licensed under the Apache License 2.0 (the "License"). You may not use
  51. this file except in compliance with the License. You can obtain a copy
  52. in the file LICENSE in the source distribution or at
  53. L<https://www.openssl.org/source/license.html>.
  54. =cut