1*2175Sjp161948=pod 2*2175Sjp161948 3*2175Sjp161948=head1 NAME 4*2175Sjp161948 5*2175Sjp161948PKCS12_create - create a PKCS#12 structure 6*2175Sjp161948 7*2175Sjp161948=head1 SYNOPSIS 8*2175Sjp161948 9*2175Sjp161948 #include <openssl/pkcs12.h> 10*2175Sjp161948 11*2175Sjp161948 PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, STACK_OF(X509) *ca, 12*2175Sjp161948 int nid_key, int nid_cert, int iter, int mac_iter, int keytype); 13*2175Sjp161948 14*2175Sjp161948=head1 DESCRIPTION 15*2175Sjp161948 16*2175Sjp161948PKCS12_create() creates a PKCS#12 structure. 17*2175Sjp161948 18*2175Sjp161948B<pass> is the passphrase to use. B<name> is the B<friendlyName> to use for 19*2175Sjp161948the supplied certifictate and key. B<pkey> is the private key to include in 20*2175Sjp161948the structure and B<cert> its corresponding certificates. B<ca>, if not B<NULL> 21*2175Sjp161948is an optional set of certificates to also include in the structure. 22*2175Sjp161948 23*2175Sjp161948B<nid_key> and B<nid_cert> are the encryption algorithms that should be used 24*2175Sjp161948for the key and certificate respectively. B<iter> is the encryption algorithm 25*2175Sjp161948iteration count to use and B<mac_iter> is the MAC iteration count to use. 26*2175Sjp161948B<keytype> is the type of key. 27*2175Sjp161948 28*2175Sjp161948=head1 NOTES 29*2175Sjp161948 30*2175Sjp161948The parameters B<nid_key>, B<nid_cert>, B<iter>, B<mac_iter> and B<keytype> 31*2175Sjp161948can all be set to zero and sensible defaults will be used. 32*2175Sjp161948 33*2175Sjp161948These defaults are: 40 bit RC2 encryption for certificates, triple DES 34*2175Sjp161948encryption for private keys, a key iteration count of PKCS12_DEFAULT_ITER 35*2175Sjp161948(currently 2048) and a MAC iteration count of 1. 36*2175Sjp161948 37*2175Sjp161948The default MAC iteration count is 1 in order to retain compatibility with 38*2175Sjp161948old software which did not interpret MAC iteration counts. If such compatibility 39*2175Sjp161948is not required then B<mac_iter> should be set to PKCS12_DEFAULT_ITER. 40*2175Sjp161948 41*2175Sjp161948B<keytype> adds a flag to the store private key. This is a non standard extension 42*2175Sjp161948that is only currently interpreted by MSIE. If set to zero the flag is omitted, 43*2175Sjp161948if set to B<KEY_SIG> the key can be used for signing only, if set to B<KEY_EX> 44*2175Sjp161948it can be used for signing and encryption. This option was useful for old 45*2175Sjp161948export grade software which could use signing only keys of arbitrary size but 46*2175Sjp161948had restrictions on the permissible sizes of keys which could be used for 47*2175Sjp161948encryption. 48*2175Sjp161948 49*2175Sjp161948=head1 NEW FUNCTIONALITY IN OPENSSL 0.9.8 50*2175Sjp161948 51*2175Sjp161948Some additional functionality was added to PKCS12_create() in OpenSSL 52*2175Sjp1619480.9.8. These extensions are detailed below. 53*2175Sjp161948 54*2175Sjp161948If a certificate contains an B<alias> or B<keyid> then this will be 55*2175Sjp161948used for the corresponding B<friendlyName> or B<localKeyID> in the 56*2175Sjp161948PKCS12 structure. 57*2175Sjp161948 58*2175Sjp161948Either B<pkey>, B<cert> or both can be B<NULL> to indicate that no key or 59*2175Sjp161948certficate is required. In previous versions both had to be present or 60*2175Sjp161948a fatal error is returned. 61*2175Sjp161948 62*2175Sjp161948B<nid_key> or B<nid_cert> can be set to -1 indicating that no encryption 63*2175Sjp161948should be used. 64*2175Sjp161948 65*2175Sjp161948B<mac_iter> can be set to -1 and the MAC will then be omitted entirely. 66*2175Sjp161948 67*2175Sjp161948=head1 SEE ALSO 68*2175Sjp161948 69*2175Sjp161948L<d2i_PKCS12(3)|d2i_PKCS12(3)> 70*2175Sjp161948 71*2175Sjp161948=head1 HISTORY 72*2175Sjp161948 73*2175Sjp161948PKCS12_create was added in OpenSSL 0.9.3 74*2175Sjp161948 75*2175Sjp161948=cut 76