1*b077aed3SPierre Pronchery=pod 2*b077aed3SPierre Pronchery 3*b077aed3SPierre Pronchery=head1 NAME 4*b077aed3SPierre Pronchery 5*b077aed3SPierre ProncheryPKCS12_add_cert, PKCS12_add_key, PKCS12_add_key_ex, 6*b077aed3SPierre ProncheryPKCS12_add_secret - Add an object to a set of PKCS#12 safeBags 7*b077aed3SPierre Pronchery 8*b077aed3SPierre Pronchery=head1 SYNOPSIS 9*b077aed3SPierre Pronchery 10*b077aed3SPierre Pronchery #include <openssl/pkcs12.h> 11*b077aed3SPierre Pronchery 12*b077aed3SPierre Pronchery PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert); 13*b077aed3SPierre Pronchery PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, 14*b077aed3SPierre Pronchery EVP_PKEY *key, int key_usage, int iter, 15*b077aed3SPierre Pronchery int key_nid, const char *pass); 16*b077aed3SPierre Pronchery PKCS12_SAFEBAG *PKCS12_add_key_ex(STACK_OF(PKCS12_SAFEBAG) **pbags, 17*b077aed3SPierre Pronchery EVP_PKEY *key, int key_usage, int iter, 18*b077aed3SPierre Pronchery int key_nid, const char *pass, 19*b077aed3SPierre Pronchery OSSL_LIB_CTX *ctx, const char *propq); 20*b077aed3SPierre Pronchery 21*b077aed3SPierre Pronchery PKCS12_SAFEBAG *PKCS12_add_secret(STACK_OF(PKCS12_SAFEBAG) **pbags, 22*b077aed3SPierre Pronchery int nid_type, const unsigned char *value, int len); 23*b077aed3SPierre Pronchery 24*b077aed3SPierre Pronchery=head1 DESCRIPTION 25*b077aed3SPierre Pronchery 26*b077aed3SPierre ProncheryThese functions create a new B<PKCS12_SAFEBAG> and add it to the set of safeBags 27*b077aed3SPierre Proncheryin I<pbags>. 28*b077aed3SPierre Pronchery 29*b077aed3SPierre ProncheryPKCS12_add_cert() creates a PKCS#12 certBag containing the supplied 30*b077aed3SPierre Proncherycertificate and adds this to the set of PKCS#12 safeBags. 31*b077aed3SPierre Pronchery 32*b077aed3SPierre ProncheryPKCS12_add_key() creates a PKCS#12 keyBag (unencrypted) or a pkcs8shroudedKeyBag 33*b077aed3SPierre Pronchery(encrypted) containing the supplied B<EVP_PKEY> and adds this to the set of PKCS#12 34*b077aed3SPierre ProncherysafeBags. If I<key_nid> is not -1 then the key is encrypted with the supplied 35*b077aed3SPierre Proncheryalgorithm, using I<pass> as the passphrase and I<iter> as the iteration count. If 36*b077aed3SPierre ProncheryI<iter> is zero then a default value for iteration count of 2048 is used. 37*b077aed3SPierre Pronchery 38*b077aed3SPierre ProncheryPKCS12_add_key_ex() is identical to PKCS12_add_key() but allows for a library 39*b077aed3SPierre Proncherycontext I<ctx> and property query I<propq> to be used to select algorithm 40*b077aed3SPierre Proncheryimplementations. 41*b077aed3SPierre Pronchery 42*b077aed3SPierre ProncheryPKCS12_add_secret() creates a PKCS#12 secretBag with an OID corresponding to 43*b077aed3SPierre Proncherythe supplied I<nid_type> containing the supplied value as an ASN1 octet string. 44*b077aed3SPierre ProncheryThis is then added to the set of PKCS#12 safeBags. 45*b077aed3SPierre Pronchery 46*b077aed3SPierre Pronchery=head1 NOTES 47*b077aed3SPierre Pronchery 48*b077aed3SPierre ProncheryIf a certificate contains an I<alias> or a I<keyid> then this will be 49*b077aed3SPierre Proncheryused for the corresponding B<friendlyName> or B<localKeyID> in the 50*b077aed3SPierre ProncheryPKCS12 structure. 51*b077aed3SPierre Pronchery 52*b077aed3SPierre ProncheryPKCS12_add_key() makes assumptions regarding the encoding of the given pass 53*b077aed3SPierre Proncheryphrase. 54*b077aed3SPierre ProncherySee L<passphrase-encoding(7)> for more information. 55*b077aed3SPierre Pronchery 56*b077aed3SPierre Pronchery=head1 RETURN VALUES 57*b077aed3SPierre Pronchery 58*b077aed3SPierre ProncheryA valid B<PKCS12_SAFEBAG> structure or NULL if an error occurred. 59*b077aed3SPierre Pronchery 60*b077aed3SPierre Pronchery=head1 CONFORMING TO 61*b077aed3SPierre Pronchery 62*b077aed3SPierre ProncheryIETF RFC 7292 (L<https://tools.ietf.org/html/rfc7292>) 63*b077aed3SPierre Pronchery 64*b077aed3SPierre Pronchery=head1 SEE ALSO 65*b077aed3SPierre Pronchery 66*b077aed3SPierre ProncheryL<PKCS12_create(3)> 67*b077aed3SPierre Pronchery 68*b077aed3SPierre Pronchery=head1 HISTORY 69*b077aed3SPierre Pronchery 70*b077aed3SPierre ProncheryPKCS12_add_secret() and PKCS12_add_key_ex() were added in OpenSSL 3.0. 71*b077aed3SPierre Pronchery 72*b077aed3SPierre Pronchery=head1 COPYRIGHT 73*b077aed3SPierre Pronchery 74*b077aed3SPierre ProncheryCopyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. 75*b077aed3SPierre Pronchery 76*b077aed3SPierre ProncheryLicensed under the Apache License 2.0 (the "License"). You may not use 77*b077aed3SPierre Proncherythis file except in compliance with the License. You can obtain a copy 78*b077aed3SPierre Proncheryin the file LICENSE in the source distribution or at 79*b077aed3SPierre ProncheryL<https://www.openssl.org/source/license.html>. 80*b077aed3SPierre Pronchery 81*b077aed3SPierre Pronchery=cut 82