OpenSSL › OpenSSL - User

PKCS12 creation

_‹ Previous Topic Next Topic _›

Classic

List

Threaded

2 messages Options

Norbert Lakatos

PKCS12 creation

Hi all!

I need to create a PKCS#12 file, and what ever I try I can't seem to be able
to sign it.
I want to create a x509 file and sign it with CA key, and pack it as PKCS12
file.

What I have tried to do is the following:

EVP_PKEY* pPK = NULL;

RSA* pRSA = RSA_generate_key(1024, RSA_F4, NULL, NULL);
EVP_PKEY_assign_RSA(pPK, pRSA);

FILE* pf = fopen(strCAKey.c_str(), "r");
RSA* pCA = PEM_read_RSAPrivateKey(pf, NULL, NULL, (void*)strPass.c_str());

pX509 = X509_new();
X509_set_version(pX509, 2);
X509_set_pubkey(pX509, pPK);

pName = X509_get_subject_name(pX509);

--> Add entries for "O", "OU", "CN", "E"

X509_sign(pX509, pCA, EVP_sha1());

PKCS12* p12 = PKCS12_create((char*)strPassword.c_str(),
(char*)strUserName.c_str(), pPK, pX509, NULL, 0, 0, 0, 0, 0);

I have no idea what am I doing wrong :-(

Any help appreciated! And BTW, I don't know almost anything about
encryption...

TIA,
Norbert

______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [hidden email]
Automated List Manager [hidden email]

Dr. Stephen Henson

Re: PKCS12 creation

On Mon, Feb 20, 2006, Norbert Lakatos wrote:

> Hi all!
>
> I need to create a PKCS#12 file, and what ever I try I can't seem to be able
> to sign it.
> I want to create a x509 file and sign it with CA key, and pack it as PKCS12
> file.
>
> What I have tried to do is the following:
>
> EVP_PKEY* pPK = NULL;
>
> RSA* pRSA = RSA_generate_key(1024, RSA_F4, NULL, NULL);
> EVP_PKEY_assign_RSA(pPK, pRSA);
>
> FILE* pf = fopen(strCAKey.c_str(), "r");
> RSA* pCA = PEM_read_RSAPrivateKey(pf, NULL, NULL, (void*)strPass.c_str());
>
> pX509 = X509_new();
> X509_set_version(pX509, 2);
> X509_set_pubkey(pX509, pPK);
>
> pName = X509_get_subject_name(pX509);
>
> --> Add entries for "O", "OU", "CN", "E"
>
> X509_sign(pX509, pCA, EVP_sha1());
>
> PKCS12* p12 = PKCS12_create((char*)strPassword.c_str(),
> (char*)strUserName.c_str(), pPK, pX509, NULL, 0, 0, 0, 0, 0);
>
>
> I have no idea what am I doing wrong :-(
>
> Any help appreciated! And BTW, I don't know almost anything about
> encryption...
>

Try the FAQ. That will tell you how to get meaningful error information and
maybe how to fix this...

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [hidden email]
Automated List Manager [hidden email]