diff options
Diffstat (limited to 'manual/html_node/PKCS12-structure-generation-example.html')
| -rw-r--r-- | manual/html_node/PKCS12-structure-generation-example.html | 314 |
1 files changed, 314 insertions, 0 deletions
diff --git a/manual/html_node/PKCS12-structure-generation-example.html b/manual/html_node/PKCS12-structure-generation-example.html new file mode 100644 index 0000000000..da6cd0d205 --- /dev/null +++ b/manual/html_node/PKCS12-structure-generation-example.html @@ -0,0 +1,314 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> +<!-- This manual is last updated 24 April 2013 for version +3.2.0 of GnuTLS. + +Copyright (C) 2001-2013 Free Software Foundation, Inc.\\ +Copyright (C) 2001-2013 Nikos Mavrogiannopoulos + +Permission is granted to copy, distribute and/or modify this document +under the terms of the GNU Free Documentation License, Version 1.3 or +any later version published by the Free Software Foundation; with no +Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A +copy of the license is included in the section entitled "GNU Free +Documentation License". --> +<!-- Created by GNU Texinfo 5.1, http://www.gnu.org/software/texinfo/ --> +<head> +<title>GnuTLS 3.2.0: PKCS12 structure generation example</title> + +<meta name="description" content="GnuTLS 3.2.0: PKCS12 structure generation example"> +<meta name="keywords" content="GnuTLS 3.2.0: PKCS12 structure generation example"> +<meta name="resource-type" content="document"> +<meta name="distribution" content="global"> +<meta name="Generator" content="makeinfo"> +<meta http-equiv="Content-Type" content="text/html; charset=utf-8"> +<link href="index.html#Top" rel="start" title="Top"> +<link href="Function-and-Data-Index.html#Function-and-Data-Index" rel="index" title="Function and Data Index"> +<link href="index.html#SEC_Contents" rel="contents" title="Table of Contents"> +<link href="Miscellaneous-examples.html#Miscellaneous-examples" rel="up" title="Miscellaneous examples"> +<link href="XSSL-examples.html#XSSL-examples" rel="next" title="XSSL examples"> +<link href="Listing-the-ciphersuites-in-a-priority-string.html#Listing-the-ciphersuites-in-a-priority-string" rel="previous" title="Listing the ciphersuites in a priority string"> +<style type="text/css"> +<!-- +a.summary-letter {text-decoration: none} +blockquote.smallquotation {font-size: smaller} +div.display {margin-left: 3.2em} +div.example {margin-left: 3.2em} +div.indentedblock {margin-left: 3.2em} +div.lisp {margin-left: 3.2em} +div.smalldisplay {margin-left: 3.2em} +div.smallexample {margin-left: 3.2em} +div.smallindentedblock {margin-left: 3.2em; font-size: smaller} +div.smalllisp {margin-left: 3.2em} +kbd {font-style:oblique} +pre.display {font-family: inherit} +pre.format {font-family: inherit} +pre.menu-comment {font-family: serif} +pre.menu-preformatted {font-family: serif} +pre.smalldisplay {font-family: inherit; font-size: smaller} +pre.smallexample {font-size: smaller} +pre.smallformat {font-family: inherit; font-size: smaller} +pre.smalllisp {font-size: smaller} +span.nocodebreak {white-space:nowrap} +span.nolinebreak {white-space:nowrap} +span.roman {font-family:serif; font-weight:normal} +span.sansserif {font-family:sans-serif; font-weight:normal} +ul.no-bullet {list-style: none} +body { + margin: 2%; + padding: 0 5%; + background: #ffffff; +} +h1,h2,h3,h4,h5 { + font-weight: bold; + padding: 5px 5px 5px 5px; + background-color: #c2e0ff; + color: #336699; +} +h1 { + padding: 2em 2em 2em 5%; + color: white; + background: #336699; + text-align: center; + letter-spacing: 3px; +} +h2 { text-decoration: underline; } +pre { + margin: 0 5%; + padding: 0.5em; +} +pre.example,pre.verbatim { + padding-bottom: 1em; + + border: solid #c2e0ff; + background: #f0faff; + border-width: 1px 1px 1px 5px; + margin: 1em auto; + width: 90%; +} + +div.node { + margin: 0 -5% 0 -2%; + padding: 0.5em 0.5em; + margin-top: 0.5em; + margin-bottom: 0.5em; + font-weight: bold; +} +dd, li { + padding-top: 0.1em; + padding-bottom: 0.1em; +} +div.float { + + margin-bottom: 0.5em; + text-align: center; +} + +table { + text-align: left; + margin-left:auto; + margin-right:auto; + width: 50%; +} + +th { + padding: 0; + color: #336699; + background-color: #c2e0ff; + border: solid #000000; + border-width: 0px; + margin: 1em auto; + text-align: center; + margin-left:auto; + margin-right:auto; +} + +td { + padding: 0; + border: solid #000000; + background-color: #f0faff; + border-width: 0px; + margin: 1em auto; + text-align: left; + margin-left:auto; + margin-right:auto; + padding-left: 1em; +} + +dl { + text-align: left; + margin-left:auto; + margin-right:auto; + width: 50%; + + padding-left: 1em; + border: solid #c2e0ff; + background: #f0faff; + border-width: 5px 1px 1px 1px; + margin: 1em auto; +} + +--> +</style> + + +</head> + +<body lang="en" bgcolor="#FFFFFF" text="#000000" link="#0000FF" vlink="#800080" alink="#FF0000"> +<a name="PKCS12-structure-generation-example"></a> +<div class="header"> +<p> +Previous: <a href="Listing-the-ciphersuites-in-a-priority-string.html#Listing-the-ciphersuites-in-a-priority-string" accesskey="p" rel="previous">Listing the ciphersuites in a priority string</a>, Up: <a href="Miscellaneous-examples.html#Miscellaneous-examples" accesskey="u" rel="up">Miscellaneous examples</a> [<a href="index.html#SEC_Contents" title="Table of contents" rel="contents">Contents</a>][<a href="Function-and-Data-Index.html#Function-and-Data-Index" title="Index" rel="index">Index</a>]</p> +</div> +<hr> +<a name="PKCS-_002312-structure-generation-example"></a> +<h4 class="subsection">7.4.4 PKCS #12 structure generation example</h4> + +<p>This small program demonstrates the usage of the PKCS #12 API, by generating +such a structure. +</p> +<pre class="verbatim">/* This example code is placed in the public domain. */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif + +#include <stdio.h> +#include <stdlib.h> +#include <gnutls/gnutls.h> +#include <gnutls/pkcs12.h> + +#include "examples.h" + +#define OUTFILE "out.p12" + +/* This function will write a pkcs12 structure into a file. + * cert: is a DER encoded certificate + * pkcs8_key: is a PKCS #8 encrypted key (note that this must be + * encrypted using a PKCS #12 cipher, or some browsers will crash) + * password: is the password used to encrypt the PKCS #12 packet. + */ +int +write_pkcs12 (const gnutls_datum_t * cert, + const gnutls_datum_t * pkcs8_key, const char *password) +{ + gnutls_pkcs12_t pkcs12; + int ret, bag_index; + gnutls_pkcs12_bag_t bag, key_bag; + char pkcs12_struct[10 * 1024]; + size_t pkcs12_struct_size; + FILE *fd; + + /* A good idea might be to use gnutls_x509_privkey_get_key_id() + * to obtain a unique ID. + */ + gnutls_datum_t key_id = { (void *) "\x00\x00\x07", 3 }; + + gnutls_global_init (); + + /* Firstly we create two helper bags, which hold the certificate, + * and the (encrypted) key. + */ + + gnutls_pkcs12_bag_init (&bag); + gnutls_pkcs12_bag_init (&key_bag); + + ret = gnutls_pkcs12_bag_set_data (bag, GNUTLS_BAG_CERTIFICATE, cert); + if (ret < 0) + { + fprintf (stderr, "ret: %s\n", gnutls_strerror (ret)); + return 1; + } + + /* ret now holds the bag's index. + */ + bag_index = ret; + + /* Associate a friendly name with the given certificate. Used + * by browsers. + */ + gnutls_pkcs12_bag_set_friendly_name (bag, bag_index, "My name"); + + /* Associate the certificate with the key using a unique key + * ID. + */ + gnutls_pkcs12_bag_set_key_id (bag, bag_index, &key_id); + + /* use weak encryption for the certificate. + */ + gnutls_pkcs12_bag_encrypt (bag, password, GNUTLS_PKCS_USE_PKCS12_RC2_40); + + /* Now the key. + */ + + ret = gnutls_pkcs12_bag_set_data (key_bag, + GNUTLS_BAG_PKCS8_ENCRYPTED_KEY, + pkcs8_key); + if (ret < 0) + { + fprintf (stderr, "ret: %s\n", gnutls_strerror (ret)); + return 1; + } + + /* Note that since the PKCS #8 key is already encrypted we don't + * bother encrypting that bag. + */ + bag_index = ret; + + gnutls_pkcs12_bag_set_friendly_name (key_bag, bag_index, "My name"); + + gnutls_pkcs12_bag_set_key_id (key_bag, bag_index, &key_id); + + + /* The bags were filled. Now create the PKCS #12 structure. + */ + gnutls_pkcs12_init (&pkcs12); + + /* Insert the two bags in the PKCS #12 structure. + */ + + gnutls_pkcs12_set_bag (pkcs12, bag); + gnutls_pkcs12_set_bag (pkcs12, key_bag); + + + /* Generate a message authentication code for the PKCS #12 + * structure. + */ + gnutls_pkcs12_generate_mac (pkcs12, password); + + pkcs12_struct_size = sizeof (pkcs12_struct); + ret = + gnutls_pkcs12_export (pkcs12, GNUTLS_X509_FMT_DER, pkcs12_struct, + &pkcs12_struct_size); + if (ret < 0) + { + fprintf (stderr, "ret: %s\n", gnutls_strerror (ret)); + return 1; + } + + fd = fopen (OUTFILE, "w"); + if (fd == NULL) + { + fprintf (stderr, "cannot open file\n"); + return 1; + } + fwrite (pkcs12_struct, 1, pkcs12_struct_size, fd); + fclose (fd); + + gnutls_pkcs12_bag_deinit (bag); + gnutls_pkcs12_bag_deinit (key_bag); + gnutls_pkcs12_deinit (pkcs12); + + return 0; +} +</pre> +<hr> +<div class="header"> +<p> +Previous: <a href="Listing-the-ciphersuites-in-a-priority-string.html#Listing-the-ciphersuites-in-a-priority-string" accesskey="p" rel="previous">Listing the ciphersuites in a priority string</a>, Up: <a href="Miscellaneous-examples.html#Miscellaneous-examples" accesskey="u" rel="up">Miscellaneous examples</a> [<a href="index.html#SEC_Contents" title="Table of contents" rel="contents">Contents</a>][<a href="Function-and-Data-Index.html#Function-and-Data-Index" title="Index" rel="index">Index</a>]</p> +</div> + + + +</body> +</html> |