-*- mode: troff; coding: utf-8 -*-
Automatically generated by Pod::Man 5.01 (Pod::Simple 3.43)
Standard preamble:
========================================================================
..
.... \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>.
. ds C` "" . ds C' "" 'br\} . ds C` . ds C' 'br\}
Escape single quotes in literal strings from groff's Unicode transform.
If the F register is >0, we'll generate index entries on stderr for
titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
entries marked with X<> in POD. Of course, you'll have to process the
output yourself in some meaningful fashion.
Avoid warning from groff about undefined register 'F'.
.. .nr rF 0 . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF ========================================================================
Title "PKCS12_newpass 3"
way too many mistakes in technical documents.
\fBp12 is a pointer to a PKCS12 structure. oldpass is the existing password and newpass is the new password.
Each of oldpass and newpass is independently interpreted as a string in the UTF-8 encoding. If it is not valid UTF-8, it is assumed to be ISO8859-1 instead.
In particular, this means that passwords in the locale character set (or code page on Windows) must potentially be converted to UTF-8 before use. This may include passwords from local text files, or input from the terminal or command line. Refer to the documentation of \fBUI_OpenSSL\|(3), for example.
If the PKCS#12 structure does not have a password, then you must use the empty string "" for oldpass. Using NULL for oldpass will result in a \fBPKCS12_newpass() failure.
If the wrong password is used for oldpass then the function will fail, with a MAC verification error. In rare cases the PKCS12 structure does not contain a MAC: in this case it will usually fail with a decryption padding error.
.Vb 5 #include <stdio.h> #include <stdlib.h> #include <openssl/pem.h> #include <openssl/err.h> #include <openssl/pkcs12.h> \& int main(int argc, char **argv) { FILE *fp; PKCS12 *p12; \& if (argc != 5) { fprintf(stderr, "Usage: pkread p12file password newpass opfile\en"); return 1; } if ((fp = fopen(argv[1], "rb")) == NULL) { fprintf(stderr, "Error opening file %s\en", argv[1]); return 1; } p12 = d2i_PKCS12_fp(fp, NULL); fclose(fp); if (p12 == NULL) { fprintf(stderr, "Error reading PKCS#12 file\en"); ERR_print_errors_fp(stderr); return 1; } if (PKCS12_newpass(p12, argv[2], argv[3]) == 0) { fprintf(stderr, "Error changing password\en"); ERR_print_errors_fp(stderr); PKCS12_free(p12); return 1; } if ((fp = fopen(argv[4], "wb")) == NULL) { fprintf(stderr, "Error opening file %s\en", argv[4]); PKCS12_free(p12); return 1; } i2d_PKCS12_fp(fp, p12); PKCS12_free(p12); fclose(fp); return 0; } .Ve
Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at <https://www.openssl.org/source/license.html>.