1*b077aed3SPierre Pronchery=pod 2*b077aed3SPierre Pronchery 3*b077aed3SPierre Pronchery=head1 NAME 4*b077aed3SPierre Pronchery 5*b077aed3SPierre ProncheryPKCS12_add_safe, PKCS12_add_safe_ex, 6*b077aed3SPierre ProncheryPKCS12_add_safes, PKCS12_add_safes_ex - Create and add objects to a PKCS#12 structure 7*b077aed3SPierre Pronchery 8*b077aed3SPierre Pronchery=head1 SYNOPSIS 9*b077aed3SPierre Pronchery 10*b077aed3SPierre Pronchery #include <openssl/pkcs12.h> 11*b077aed3SPierre Pronchery 12*b077aed3SPierre Pronchery int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags, 13*b077aed3SPierre Pronchery int safe_nid, int iter, const char *pass); 14*b077aed3SPierre Pronchery int PKCS12_add_safe_ex(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags, 15*b077aed3SPierre Pronchery int safe_nid, int iter, const char *pass, 16*b077aed3SPierre Pronchery OSSL_LIB_CTX *ctx, const char *propq); 17*b077aed3SPierre Pronchery 18*b077aed3SPierre Pronchery PKCS12 *PKCS12_add_safes(STACK_OF(PKCS7) *safes, int p7_nid); 19*b077aed3SPierre Pronchery PKCS12 *PKCS12_add_safes_ex(STACK_OF(PKCS7) *safes, int p7_nid, 20*b077aed3SPierre Pronchery OSSL_LIB_CTX *ctx, const char *propq); 21*b077aed3SPierre Pronchery 22*b077aed3SPierre Pronchery=head1 DESCRIPTION 23*b077aed3SPierre Pronchery 24*b077aed3SPierre ProncheryPKCS12_add_safe() creates a new PKCS7 contentInfo containing the supplied 25*b077aed3SPierre ProncheryB<PKCS12_SAFEBAG>s and adds this to a set of PKCS7 contentInfos. Its type 26*b077aed3SPierre Proncherydepends on the value of B<safe_nid>: 27*b077aed3SPierre Pronchery 28*b077aed3SPierre Pronchery=over 4 29*b077aed3SPierre Pronchery 30*b077aed3SPierre Pronchery=item * If I<safe_nid> is -1, a plain PKCS7 I<data> contentInfo is created. 31*b077aed3SPierre Pronchery 32*b077aed3SPierre Pronchery=item * If I<safe_nid> is a valid PBE algorithm NID, a PKCS7 B<encryptedData> 33*b077aed3SPierre ProncherycontentInfo is created. The algorithm uses I<pass> as the passphrase and I<iter> 34*b077aed3SPierre Proncheryas the iteration count. If I<iter> is zero then a default value for iteration 35*b077aed3SPierre Proncherycount of 2048 is used. 36*b077aed3SPierre Pronchery 37*b077aed3SPierre Pronchery=item * If I<safe_nid> is 0, a PKCS7 B<encryptedData> contentInfo is created using 38*b077aed3SPierre Proncherya default encryption algorithm, currently B<NID_pbe_WithSHA1And3_Key_TripleDES_CBC>. 39*b077aed3SPierre Pronchery 40*b077aed3SPierre Pronchery=back 41*b077aed3SPierre Pronchery 42*b077aed3SPierre ProncheryPKCS12_add_safe_ex() is identical to PKCS12_add_safe() but allows for a library 43*b077aed3SPierre Proncherycontext I<ctx> and property query I<propq> to be used to select algorithm 44*b077aed3SPierre Proncheryimplementations. 45*b077aed3SPierre Pronchery 46*b077aed3SPierre ProncheryPKCS12_add_safes() creates a B<PKCS12> structure containing the supplied set of 47*b077aed3SPierre ProncheryPKCS7 contentInfos. The I<safes> are enclosed first within a PKCS7 contentInfo 48*b077aed3SPierre Proncheryof type I<p7_nid>. Currently the only supported type is B<NID_pkcs7_data>. 49*b077aed3SPierre Pronchery 50*b077aed3SPierre ProncheryPKCS12_add_safes_ex() is identical to PKCS12_add_safes() but allows for a 51*b077aed3SPierre Proncherylibrary context I<ctx> and property query I<propq> to be used to select 52*b077aed3SPierre Proncheryalgorithm implementations. 53*b077aed3SPierre Pronchery 54*b077aed3SPierre Pronchery=head1 NOTES 55*b077aed3SPierre Pronchery 56*b077aed3SPierre ProncheryPKCS12_add_safe() makes assumptions regarding the encoding of the given pass 57*b077aed3SPierre Proncheryphrase. 58*b077aed3SPierre ProncherySee L<passphrase-encoding(7)> for more information. 59*b077aed3SPierre Pronchery 60*b077aed3SPierre Pronchery=head1 RETURN VALUES 61*b077aed3SPierre Pronchery 62*b077aed3SPierre ProncheryPKCS12_add_safe() returns a value of 1 indicating success or 0 for failure. 63*b077aed3SPierre Pronchery 64*b077aed3SPierre ProncheryPKCS12_add_safes() returns a valid B<PKCS12> structure or NULL if an error occurred. 65*b077aed3SPierre Pronchery 66*b077aed3SPierre Pronchery=head1 CONFORMING TO 67*b077aed3SPierre Pronchery 68*b077aed3SPierre ProncheryIETF RFC 7292 (L<https://tools.ietf.org/html/rfc7292>) 69*b077aed3SPierre Pronchery 70*b077aed3SPierre Pronchery=head1 SEE ALSO 71*b077aed3SPierre Pronchery 72*b077aed3SPierre ProncheryL<PKCS12_create(3)> 73*b077aed3SPierre Pronchery 74*b077aed3SPierre Pronchery=head1 HISTORY 75*b077aed3SPierre Pronchery 76*b077aed3SPierre ProncheryPKCS12_add_safe_ex() and PKCS12_add_safes_ex() were added in OpenSSL 3.0. 77*b077aed3SPierre Pronchery 78*b077aed3SPierre Pronchery=head1 COPYRIGHT 79*b077aed3SPierre Pronchery 80*b077aed3SPierre ProncheryCopyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. 81*b077aed3SPierre Pronchery 82*b077aed3SPierre ProncheryLicensed under the Apache License 2.0 (the "License"). You may not use 83*b077aed3SPierre Proncherythis file except in compliance with the License. You can obtain a copy 84*b077aed3SPierre Proncheryin the file LICENSE in the source distribution or at 85*b077aed3SPierre ProncheryL<https://www.openssl.org/source/license.html>. 86*b077aed3SPierre Pronchery 87*b077aed3SPierre Pronchery=cut 88