Update build for OpenSSL-0.9.8j upgrade.
[dragonfly.git] / secure / lib / libcrypto / man / PKCS12_create.3
CommitLineData
e257b235 1.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05)
8b0cefbb
JR
2.\"
3.\" Standard preamble:
4.\" ========================================================================
5.de Sh \" Subsection heading
984263bc
MD
6.br
7.if t .Sp
8.ne 5
9.PP
10\fB\\$1\fR
11.PP
12..
8b0cefbb 13.de Sp \" Vertical space (when we can't use .PP)
984263bc
MD
14.if t .sp .5v
15.if n .sp
16..
8b0cefbb 17.de Vb \" Begin verbatim text
984263bc
MD
18.ft CW
19.nf
20.ne \\$1
21..
8b0cefbb 22.de Ve \" End verbatim text
984263bc 23.ft R
984263bc
MD
24.fi
25..
8b0cefbb
JR
26.\" Set up some character translations and predefined strings. \*(-- will
27.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
e257b235
PA
28.\" double quote, and \*(R" will give a right double quote. \*(C+ will
29.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
30.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
31.\" nothing in troff, for use with C<>.
32.tr \(*W-
8b0cefbb 33.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
984263bc 34.ie n \{\
8b0cefbb
JR
35. ds -- \(*W-
36. ds PI pi
37. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
38. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
39. ds L" ""
40. ds R" ""
41. ds C` ""
42. ds C' ""
984263bc
MD
43'br\}
44.el\{\
8b0cefbb
JR
45. ds -- \|\(em\|
46. ds PI \(*p
47. ds L" ``
48. ds R" ''
984263bc 49'br\}
8b0cefbb 50.\"
e257b235
PA
51.\" Escape single quotes in literal strings from groff's Unicode transform.
52.ie \n(.g .ds Aq \(aq
53.el .ds Aq '
54.\"
8b0cefbb
JR
55.\" If the F register is turned on, we'll generate index entries on stderr for
56.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index
57.\" entries marked with X<> in POD. Of course, you'll have to process the
58.\" output yourself in some meaningful fashion.
e257b235 59.ie \nF \{\
8b0cefbb
JR
60. de IX
61. tm Index:\\$1\t\\n%\t"\\$2"
984263bc 62..
8b0cefbb
JR
63. nr % 0
64. rr F
984263bc 65.\}
e257b235
PA
66.el \{\
67. de IX
68..
69.\}
aac4ff6f 70.\"
8b0cefbb
JR
71.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
72.\" Fear. Run. Save yourself. No user-serviceable parts.
73. \" fudge factors for nroff and troff
984263bc 74.if n \{\
8b0cefbb
JR
75. ds #H 0
76. ds #V .8m
77. ds #F .3m
78. ds #[ \f1
79. ds #] \fP
984263bc
MD
80.\}
81.if t \{\
8b0cefbb
JR
82. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
83. ds #V .6m
84. ds #F 0
85. ds #[ \&
86. ds #] \&
984263bc 87.\}
8b0cefbb 88. \" simple accents for nroff and troff
984263bc 89.if n \{\
8b0cefbb
JR
90. ds ' \&
91. ds ` \&
92. ds ^ \&
93. ds , \&
94. ds ~ ~
95. ds /
984263bc
MD
96.\}
97.if t \{\
8b0cefbb
JR
98. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
99. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
100. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
101. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
102. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
103. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
984263bc 104.\}
8b0cefbb 105. \" troff and (daisy-wheel) nroff accents
984263bc
MD
106.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
107.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
108.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
109.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
110.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
111.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
112.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
113.ds ae a\h'-(\w'a'u*4/10)'e
114.ds Ae A\h'-(\w'A'u*4/10)'E
8b0cefbb 115. \" corrections for vroff
984263bc
MD
116.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
117.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
8b0cefbb 118. \" for low resolution devices (crt and lpr)
984263bc
MD
119.if \n(.H>23 .if \n(.V>19 \
120\{\
8b0cefbb
JR
121. ds : e
122. ds 8 ss
123. ds o a
124. ds d- d\h'-1'\(ga
125. ds D- D\h'-1'\(hy
126. ds th \o'bp'
127. ds Th \o'LP'
128. ds ae ae
129. ds Ae AE
984263bc
MD
130.\}
131.rm #[ #] #H #V #F C
8b0cefbb
JR
132.\" ========================================================================
133.\"
134.IX Title "PKCS12_create 3"
e257b235
PA
135.TH PKCS12_create 3 "2009-01-11" "0.9.8j" "OpenSSL"
136.\" For nroff, turn off justification. Always turn off hyphenation; it makes
137.\" way too many mistakes in technical documents.
138.if n .ad l
139.nh
984263bc
MD
140.SH "NAME"
141PKCS12_create \- create a PKCS#12 structure
142.SH "SYNOPSIS"
8b0cefbb 143.IX Header "SYNOPSIS"
984263bc
MD
144.Vb 1
145\& #include <openssl/pkcs12.h>
e257b235 146\&
984263bc
MD
147\& PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, STACK_OF(X509) *ca,
148\& int nid_key, int nid_cert, int iter, int mac_iter, int keytype);
149.Ve
150.SH "DESCRIPTION"
8b0cefbb
JR
151.IX Header "DESCRIPTION"
152\&\fIPKCS12_create()\fR creates a PKCS#12 structure.
984263bc 153.PP
8b0cefbb 154\&\fBpass\fR is the passphrase to use. \fBname\fR is the \fBfriendlyName\fR to use for
984263bc 155the supplied certifictate and key. \fBpkey\fR is the private key to include in
8b0cefbb 156the structure and \fBcert\fR its corresponding certificates. \fBca\fR, if not \fB\s-1NULL\s0\fR
984263bc
MD
157is an optional set of certificates to also include in the structure.
158.PP
8b0cefbb 159\&\fBnid_key\fR and \fBnid_cert\fR are the encryption algorithms that should be used
984263bc 160for the key and certificate respectively. \fBiter\fR is the encryption algorithm
8b0cefbb
JR
161iteration count to use and \fBmac_iter\fR is the \s-1MAC\s0 iteration count to use.
162\&\fBkeytype\fR is the type of key.
984263bc 163.SH "NOTES"
8b0cefbb 164.IX Header "NOTES"
984263bc
MD
165The parameters \fBnid_key\fR, \fBnid_cert\fR, \fBiter\fR, \fBmac_iter\fR and \fBkeytype\fR
166can all be set to zero and sensible defaults will be used.
167.PP
8b0cefbb
JR
168These defaults are: 40 bit \s-1RC2\s0 encryption for certificates, triple \s-1DES\s0
169encryption for private keys, a key iteration count of \s-1PKCS12_DEFAULT_ITER\s0
170(currently 2048) and a \s-1MAC\s0 iteration count of 1.
984263bc 171.PP
8b0cefbb
JR
172The default \s-1MAC\s0 iteration count is 1 in order to retain compatibility with
173old software which did not interpret \s-1MAC\s0 iteration counts. If such compatibility
174is not required then \fBmac_iter\fR should be set to \s-1PKCS12_DEFAULT_ITER\s0.
984263bc 175.PP
8b0cefbb
JR
176\&\fBkeytype\fR adds a flag to the store private key. This is a non standard extension
177that is only currently interpreted by \s-1MSIE\s0. If set to zero the flag is omitted,
178if set to \fB\s-1KEY_SIG\s0\fR the key can be used for signing only, if set to \fB\s-1KEY_EX\s0\fR
984263bc
MD
179it can be used for signing and encryption. This option was useful for old
180export grade software which could use signing only keys of arbitrary size but
181had restrictions on the permissible sizes of keys which could be used for
182encryption.
a561f9ff
SS
183.SH "NEW FUNCTIONALITY IN OPENSSL 0.9.8"
184.IX Header "NEW FUNCTIONALITY IN OPENSSL 0.9.8"
185Some additional functionality was added to \fIPKCS12_create()\fR in OpenSSL
1860.9.8. These extensions are detailed below.
187.PP
188If a certificate contains an \fBalias\fR or \fBkeyid\fR then this will be
189used for the corresponding \fBfriendlyName\fR or \fBlocalKeyID\fR in the
190\&\s-1PKCS12\s0 structure.
191.PP
192Either \fBpkey\fR, \fBcert\fR or both can be \fB\s-1NULL\s0\fR to indicate that no key or
193certficate is required. In previous versions both had to be present or
194a fatal error is returned.
195.PP
196\&\fBnid_key\fR or \fBnid_cert\fR can be set to \-1 indicating that no encryption
e257b235 197should be used.
a561f9ff
SS
198.PP
199\&\fBmac_iter\fR can be set to \-1 and the \s-1MAC\s0 will then be omitted entirely.
984263bc 200.SH "SEE ALSO"
74dab6c2 201.IX Header "SEE ALSO"
8b0cefbb
JR
202\&\fId2i_PKCS12\fR\|(3)
203.SH "HISTORY"
74dab6c2 204.IX Header "HISTORY"
8b0cefbb 205PKCS12_create was added in OpenSSL 0.9.3