PKCS12 creation

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

PKCS12 creation

Norbert Lakatos
Hi all!

I need to create a PKCS#12 file, and what ever I try I can't seem to be able
to sign it.
I want to create a x509 file and sign it with CA key, and pack it as PKCS12
file.

What I have tried to do is the following:

  EVP_PKEY* pPK = NULL;

  RSA* pRSA = RSA_generate_key(1024, RSA_F4, NULL, NULL);
  EVP_PKEY_assign_RSA(pPK, pRSA);

  FILE* pf = fopen(strCAKey.c_str(), "r");
  RSA* pCA = PEM_read_RSAPrivateKey(pf, NULL, NULL, (void*)strPass.c_str());

  pX509 = X509_new();
  X509_set_version(pX509, 2);
  X509_set_pubkey(pX509, pPK);

  pName = X509_get_subject_name(pX509);

  --> Add entries for "O", "OU", "CN", "E"

  X509_sign(pX509, pCA, EVP_sha1());

  PKCS12* p12 = PKCS12_create((char*)strPassword.c_str(),
(char*)strUserName.c_str(), pPK, pX509, NULL, 0, 0, 0, 0, 0);


I have no idea what am I doing wrong :-(

Any help appreciated! And BTW, I don't know almost anything about
encryption...

TIA,
Norbert

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: PKCS12 creation

Dr. Stephen Henson
On Mon, Feb 20, 2006, Norbert Lakatos wrote:

> Hi all!
>
> I need to create a PKCS#12 file, and what ever I try I can't seem to be able
> to sign it.
> I want to create a x509 file and sign it with CA key, and pack it as PKCS12
> file.
>
> What I have tried to do is the following:
>
>   EVP_PKEY* pPK = NULL;
>
>   RSA* pRSA = RSA_generate_key(1024, RSA_F4, NULL, NULL);
>   EVP_PKEY_assign_RSA(pPK, pRSA);
>
>   FILE* pf = fopen(strCAKey.c_str(), "r");
>   RSA* pCA = PEM_read_RSAPrivateKey(pf, NULL, NULL, (void*)strPass.c_str());
>
>   pX509 = X509_new();
>   X509_set_version(pX509, 2);
>   X509_set_pubkey(pX509, pPK);
>
>   pName = X509_get_subject_name(pX509);
>
>   --> Add entries for "O", "OU", "CN", "E"
>
>   X509_sign(pX509, pCA, EVP_sha1());
>
>   PKCS12* p12 = PKCS12_create((char*)strPassword.c_str(),
> (char*)strUserName.c_str(), pPK, pX509, NULL, 0, 0, 0, 0, 0);
>
>
> I have no idea what am I doing wrong :-(
>
> Any help appreciated! And BTW, I don't know almost anything about
> encryption...
>

Try the FAQ. That will tell you how to get meaningful error information and
maybe how to fix this...

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]