1*e71b7053SJung-uk Kim=pod 2*e71b7053SJung-uk Kim 3*e71b7053SJung-uk Kim=head1 NAME 4*e71b7053SJung-uk Kim 5*e71b7053SJung-uk KimPKCS12_parse - parse a PKCS#12 structure 6*e71b7053SJung-uk Kim 7*e71b7053SJung-uk Kim=head1 SYNOPSIS 8*e71b7053SJung-uk Kim 9*e71b7053SJung-uk Kim #include <openssl/pkcs12.h> 10*e71b7053SJung-uk Kim 11*e71b7053SJung-uk Kimint PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca); 12*e71b7053SJung-uk Kim 13*e71b7053SJung-uk Kim=head1 DESCRIPTION 14*e71b7053SJung-uk Kim 15*e71b7053SJung-uk KimPKCS12_parse() parses a PKCS12 structure. 16*e71b7053SJung-uk Kim 17*e71b7053SJung-uk KimB<p12> is the B<PKCS12> structure to parse. B<pass> is the passphrase to use. 18*e71b7053SJung-uk KimIf successful the private key will be written to B<*pkey>, the corresponding 19*e71b7053SJung-uk Kimcertificate to B<*cert> and any additional certificates to B<*ca>. 20*e71b7053SJung-uk Kim 21*e71b7053SJung-uk Kim=head1 NOTES 22*e71b7053SJung-uk Kim 23*e71b7053SJung-uk KimThe parameters B<pkey> and B<cert> cannot be B<NULL>. B<ca> can be <NULL> in 24*e71b7053SJung-uk Kimwhich case additional certificates will be discarded. B<*ca> can also be a 25*e71b7053SJung-uk Kimvalid STACK in which case additional certificates are appended to B<*ca>. If 26*e71b7053SJung-uk KimB<*ca> is B<NULL> a new STACK will be allocated. 27*e71b7053SJung-uk Kim 28*e71b7053SJung-uk KimThe B<friendlyName> and B<localKeyID> attributes (if present) on each 29*e71b7053SJung-uk Kimcertificate will be stored in the B<alias> and B<keyid> attributes of the 30*e71b7053SJung-uk KimB<X509> structure. 31*e71b7053SJung-uk Kim 32*e71b7053SJung-uk KimThe parameter B<pass> is interpreted as a string in the UTF-8 encoding. If it 33*e71b7053SJung-uk Kimis not valid UTF-8, then it is assumed to be ISO8859-1 instead. 34*e71b7053SJung-uk Kim 35*e71b7053SJung-uk KimIn particular, this means that passwords in the locale character set 36*e71b7053SJung-uk Kim(or code page on Windows) must potentially be converted to UTF-8 before 37*e71b7053SJung-uk Kimuse. This may include passwords from local text files, or input from 38*e71b7053SJung-uk Kimthe terminal or command line. Refer to the documentation of 39*e71b7053SJung-uk KimL<UI_OpenSSL(3)>, for example. 40*e71b7053SJung-uk Kim 41*e71b7053SJung-uk Kim=head1 RETURN VALUES 42*e71b7053SJung-uk Kim 43*e71b7053SJung-uk KimPKCS12_parse() returns 1 for success and zero if an error occurred. 44*e71b7053SJung-uk Kim 45*e71b7053SJung-uk KimThe error can be obtained from L<ERR_get_error(3)> 46*e71b7053SJung-uk Kim 47*e71b7053SJung-uk Kim=head1 BUGS 48*e71b7053SJung-uk Kim 49*e71b7053SJung-uk KimOnly a single private key and corresponding certificate is returned by this 50*e71b7053SJung-uk Kimfunction. More complex PKCS#12 files with multiple private keys will only 51*e71b7053SJung-uk Kimreturn the first match. 52*e71b7053SJung-uk Kim 53*e71b7053SJung-uk KimOnly B<friendlyName> and B<localKeyID> attributes are currently stored in 54*e71b7053SJung-uk Kimcertificates. Other attributes are discarded. 55*e71b7053SJung-uk Kim 56*e71b7053SJung-uk KimAttributes currently cannot be stored in the private key B<EVP_PKEY> structure. 57*e71b7053SJung-uk Kim 58*e71b7053SJung-uk Kim=head1 SEE ALSO 59*e71b7053SJung-uk Kim 60*e71b7053SJung-uk KimL<d2i_PKCS12(3)>, 61*e71b7053SJung-uk KimL<passphrase-encoding(7)> 62*e71b7053SJung-uk Kim 63*e71b7053SJung-uk Kim=head1 COPYRIGHT 64*e71b7053SJung-uk Kim 65*e71b7053SJung-uk KimCopyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. 66*e71b7053SJung-uk Kim 67*e71b7053SJung-uk KimLicensed under the OpenSSL license (the "License"). You may not use 68*e71b7053SJung-uk Kimthis file except in compliance with the License. You can obtain a copy 69*e71b7053SJung-uk Kimin the file LICENSE in the source distribution or at 70*e71b7053SJung-uk KimL<https://www.openssl.org/source/license.html>. 71*e71b7053SJung-uk Kim 72*e71b7053SJung-uk Kim=cut 73