Update files for OpenSSL-1.0.0f import.
[dragonfly.git] / secure / lib / libcrypto / man / PKCS12_create.3
CommitLineData
e3261593 1.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.19)
8b0cefbb
JR
2.\"
3.\" Standard preamble:
4.\" ========================================================================
8b0cefbb 5.de Sp \" Vertical space (when we can't use .PP)
984263bc
MD
6.if t .sp .5v
7.if n .sp
8..
8b0cefbb 9.de Vb \" Begin verbatim text
984263bc
MD
10.ft CW
11.nf
12.ne \\$1
13..
8b0cefbb 14.de Ve \" End verbatim text
984263bc 15.ft R
984263bc
MD
16.fi
17..
8b0cefbb
JR
18.\" Set up some character translations and predefined strings. \*(-- will
19.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
e257b235
PA
20.\" double quote, and \*(R" will give a right double quote. \*(C+ will
21.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
22.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
23.\" nothing in troff, for use with C<>.
24.tr \(*W-
8b0cefbb 25.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
984263bc 26.ie n \{\
8b0cefbb
JR
27. ds -- \(*W-
28. ds PI pi
29. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
30. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
31. ds L" ""
32. ds R" ""
33. ds C` ""
34. ds C' ""
984263bc
MD
35'br\}
36.el\{\
8b0cefbb
JR
37. ds -- \|\(em\|
38. ds PI \(*p
39. ds L" ``
40. ds R" ''
984263bc 41'br\}
8b0cefbb 42.\"
e257b235
PA
43.\" Escape single quotes in literal strings from groff's Unicode transform.
44.ie \n(.g .ds Aq \(aq
45.el .ds Aq '
46.\"
8b0cefbb 47.\" If the F register is turned on, we'll generate index entries on stderr for
01185282 48.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
8b0cefbb
JR
49.\" entries marked with X<> in POD. Of course, you'll have to process the
50.\" output yourself in some meaningful fashion.
e257b235 51.ie \nF \{\
8b0cefbb
JR
52. de IX
53. tm Index:\\$1\t\\n%\t"\\$2"
984263bc 54..
8b0cefbb
JR
55. nr % 0
56. rr F
984263bc 57.\}
e257b235
PA
58.el \{\
59. de IX
60..
61.\}
aac4ff6f 62.\"
8b0cefbb
JR
63.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
64.\" Fear. Run. Save yourself. No user-serviceable parts.
65. \" fudge factors for nroff and troff
984263bc 66.if n \{\
8b0cefbb
JR
67. ds #H 0
68. ds #V .8m
69. ds #F .3m
70. ds #[ \f1
71. ds #] \fP
984263bc
MD
72.\}
73.if t \{\
8b0cefbb
JR
74. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
75. ds #V .6m
76. ds #F 0
77. ds #[ \&
78. ds #] \&
984263bc 79.\}
8b0cefbb 80. \" simple accents for nroff and troff
984263bc 81.if n \{\
8b0cefbb
JR
82. ds ' \&
83. ds ` \&
84. ds ^ \&
85. ds , \&
86. ds ~ ~
87. ds /
984263bc
MD
88.\}
89.if t \{\
8b0cefbb
JR
90. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
91. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
92. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
93. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
94. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
95. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
984263bc 96.\}
8b0cefbb 97. \" troff and (daisy-wheel) nroff accents
984263bc
MD
98.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
99.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
100.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
101.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
102.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
103.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
104.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
105.ds ae a\h'-(\w'a'u*4/10)'e
106.ds Ae A\h'-(\w'A'u*4/10)'E
8b0cefbb 107. \" corrections for vroff
984263bc
MD
108.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
109.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
8b0cefbb 110. \" for low resolution devices (crt and lpr)
984263bc
MD
111.if \n(.H>23 .if \n(.V>19 \
112\{\
8b0cefbb
JR
113. ds : e
114. ds 8 ss
115. ds o a
116. ds d- d\h'-1'\(ga
117. ds D- D\h'-1'\(hy
118. ds th \o'bp'
119. ds Th \o'LP'
120. ds ae ae
121. ds Ae AE
984263bc
MD
122.\}
123.rm #[ #] #H #V #F C
8b0cefbb
JR
124.\" ========================================================================
125.\"
126.IX Title "PKCS12_create 3"
e3261593 127.TH PKCS12_create 3 "2012-01-04" "1.0.0f" "OpenSSL"
e257b235
PA
128.\" For nroff, turn off justification. Always turn off hyphenation; it makes
129.\" way too many mistakes in technical documents.
130.if n .ad l
131.nh
984263bc
MD
132.SH "NAME"
133PKCS12_create \- create a PKCS#12 structure
134.SH "SYNOPSIS"
8b0cefbb 135.IX Header "SYNOPSIS"
984263bc
MD
136.Vb 1
137\& #include <openssl/pkcs12.h>
e257b235 138\&
984263bc
MD
139\& PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, STACK_OF(X509) *ca,
140\& int nid_key, int nid_cert, int iter, int mac_iter, int keytype);
141.Ve
142.SH "DESCRIPTION"
8b0cefbb
JR
143.IX Header "DESCRIPTION"
144\&\fIPKCS12_create()\fR creates a PKCS#12 structure.
984263bc 145.PP
8b0cefbb 146\&\fBpass\fR is the passphrase to use. \fBname\fR is the \fBfriendlyName\fR to use for
984263bc 147the supplied certifictate and key. \fBpkey\fR is the private key to include in
8b0cefbb 148the structure and \fBcert\fR its corresponding certificates. \fBca\fR, if not \fB\s-1NULL\s0\fR
984263bc
MD
149is an optional set of certificates to also include in the structure.
150.PP
8b0cefbb 151\&\fBnid_key\fR and \fBnid_cert\fR are the encryption algorithms that should be used
984263bc 152for the key and certificate respectively. \fBiter\fR is the encryption algorithm
8b0cefbb
JR
153iteration count to use and \fBmac_iter\fR is the \s-1MAC\s0 iteration count to use.
154\&\fBkeytype\fR is the type of key.
984263bc 155.SH "NOTES"
8b0cefbb 156.IX Header "NOTES"
984263bc
MD
157The parameters \fBnid_key\fR, \fBnid_cert\fR, \fBiter\fR, \fBmac_iter\fR and \fBkeytype\fR
158can all be set to zero and sensible defaults will be used.
159.PP
8b0cefbb
JR
160These defaults are: 40 bit \s-1RC2\s0 encryption for certificates, triple \s-1DES\s0
161encryption for private keys, a key iteration count of \s-1PKCS12_DEFAULT_ITER\s0
162(currently 2048) and a \s-1MAC\s0 iteration count of 1.
984263bc 163.PP
8b0cefbb
JR
164The default \s-1MAC\s0 iteration count is 1 in order to retain compatibility with
165old software which did not interpret \s-1MAC\s0 iteration counts. If such compatibility
166is not required then \fBmac_iter\fR should be set to \s-1PKCS12_DEFAULT_ITER\s0.
984263bc 167.PP
8b0cefbb
JR
168\&\fBkeytype\fR adds a flag to the store private key. This is a non standard extension
169that is only currently interpreted by \s-1MSIE\s0. If set to zero the flag is omitted,
170if set to \fB\s-1KEY_SIG\s0\fR the key can be used for signing only, if set to \fB\s-1KEY_EX\s0\fR
984263bc
MD
171it can be used for signing and encryption. This option was useful for old
172export grade software which could use signing only keys of arbitrary size but
173had restrictions on the permissible sizes of keys which could be used for
174encryption.
a561f9ff
SS
175.SH "NEW FUNCTIONALITY IN OPENSSL 0.9.8"
176.IX Header "NEW FUNCTIONALITY IN OPENSSL 0.9.8"
177Some additional functionality was added to \fIPKCS12_create()\fR in OpenSSL
1780.9.8. These extensions are detailed below.
179.PP
180If a certificate contains an \fBalias\fR or \fBkeyid\fR then this will be
181used for the corresponding \fBfriendlyName\fR or \fBlocalKeyID\fR in the
182\&\s-1PKCS12\s0 structure.
183.PP
184Either \fBpkey\fR, \fBcert\fR or both can be \fB\s-1NULL\s0\fR to indicate that no key or
185certficate is required. In previous versions both had to be present or
186a fatal error is returned.
187.PP
188\&\fBnid_key\fR or \fBnid_cert\fR can be set to \-1 indicating that no encryption
e257b235 189should be used.
a561f9ff
SS
190.PP
191\&\fBmac_iter\fR can be set to \-1 and the \s-1MAC\s0 will then be omitted entirely.
984263bc 192.SH "SEE ALSO"
74dab6c2 193.IX Header "SEE ALSO"
8b0cefbb
JR
194\&\fId2i_PKCS12\fR\|(3)
195.SH "HISTORY"
74dab6c2 196.IX Header "HISTORY"
8b0cefbb 197PKCS12_create was added in OpenSSL 0.9.3