PKCS12_add_key_ex(3ossl)

1PKCS12_ADD_CERT(3ossl)              OpenSSL             PKCS12_ADD_CERT(3ossl)
2
3
4

NAME

6       PKCS12_add_cert, PKCS12_add_key, PKCS12_add_key_ex, PKCS12_add_secret -
7       Add an object to a set of PKCS#12 safeBags
8

SYNOPSIS

10        #include <openssl/pkcs12.h>
11
12        PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert);
13        PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags,
14                                      EVP_PKEY *key, int key_usage, int iter,
15                                      int key_nid, const char *pass);
16        PKCS12_SAFEBAG *PKCS12_add_key_ex(STACK_OF(PKCS12_SAFEBAG) **pbags,
17                                          EVP_PKEY *key, int key_usage, int iter,
18                                          int key_nid, const char *pass,
19                                          OSSL_LIB_CTX *ctx, const char *propq);
20
21        PKCS12_SAFEBAG *PKCS12_add_secret(STACK_OF(PKCS12_SAFEBAG) **pbags,
22                                         int nid_type, const unsigned char *value, int len);
23

DESCRIPTION

25       These functions create a new PKCS12_SAFEBAG and add it to the set of
26       safeBags in pbags.
27
28       PKCS12_add_cert() creates a PKCS#12 certBag containing the supplied
29       certificate and adds this to the set of PKCS#12 safeBags.
30
31       PKCS12_add_key() creates a PKCS#12 keyBag (unencrypted) or a
32       pkcs8shroudedKeyBag (encrypted) containing the supplied EVP_PKEY and
33       adds this to the set of PKCS#12 safeBags. If key_nid is not -1 then the
34       key is encrypted with the supplied algorithm, using pass as the
35       passphrase and iter as the iteration count. If iter is zero then a
36       default value for iteration count of 2048 is used.
37
38       PKCS12_add_key_ex() is identical to PKCS12_add_key() but allows for a
39       library context ctx and property query propq to be used to select
40       algorithm implementations.
41
42       PKCS12_add_secret() creates a PKCS#12 secretBag with an OID
43       corresponding to the supplied nid_type containing the supplied value as
44       an ASN1 octet string.  This is then added to the set of PKCS#12
45       safeBags.
46

NOTES

48       If a certificate contains an alias or a keyid then this will be used
49       for the corresponding friendlyName or localKeyID in the PKCS12
50       structure.
51
52       PKCS12_add_key() makes assumptions regarding the encoding of the given
53       pass phrase.  See passphrase-encoding(7) for more information.
54

RETURN VALUES

56       A valid PKCS12_SAFEBAG structure or NULL if an error occurred.
57

CONFORMING TO

59       IETF RFC 7292 (<https://tools.ietf.org/html/rfc7292>)
60

HISTORY

65       PKCS12_add_secret() and PKCS12_add_key_ex() were added in OpenSSL 3.0.
66

COPYRIGHT

68       Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
69
70       Licensed under the Apache License 2.0 (the "License").  You may not use
71       this file except in compliance with the License.  You can obtain a copy
72       in the file LICENSE in the source distribution or at
73       <https://www.openssl.org/source/license.html>.
74
75
76
773.1.1                             2023-08-31            PKCS12_ADD_CERT(3ossl)