On Mon, Jun 23, 2003, Claude CONVERT wrote:
> Hi all
> I try to create a pkcs#12 with several secret bags.
> I haven't found any sample which indicates how to do this and especially how
> to create a secret bag.
> I try the following code, but it doesn't work :
>
> PKCS12_SAFEBAG *safebag;
> ASN1_OCTET_STRING *os;
> ASN1_TYPE *at;
> char pData[]="secret data";
> int dataLen=sizeof(pData);
> int mySecretNid;
>
> os=ASN1_OCTET_STRING_new();
> ASN1_OCTET_STRING_set(os, pData, dataLen);
> at=ASN1_TYPE_new();
> ASN1_TYPE_set(at,os->type,(char *)os);
> mySecretNid=OBJ_create("1.2.3.4","OID_MY_SECRET_DATA","My secret data
> OID");
> safebag=PKCS12_item_pack_safebag(at, ASN1_ITEM_rptr(ASN1_OCTET_STRING),
> mySecretNid, NID_secretBag);
>
>
> I think that the problem is due to the ASN1_ITEM_rptr(ASN1_OCTET_STRING)
> parameter, but i don't know what to pass else ?
> ASN1_ITEM_rptr(ASN1_TYPE) is not implemented.
>
Well I've never actually seen anyone use a secretBag or any kind of published
standard for it. The PKCS#12 spec just leaves this type open with no OID
definitions at all.
With the caveat that this is totally untested... I'd say what you are doing is
largely correct apart from the ASN1_TYPE stuff you mention. The itemt for
ASN1_TYPE isn't names ASN1_TYPE but ASN1_ANY because its effectively the ASN1
"ANY" type. I suggest you try that.
Steve.
--
Dr Stephen N. Henson.
Core developer of the OpenSSL project: http://www.openssl.org/
Freelance consultant see: http://www.drh-consultancy.demon.co.uk/
Email: [EMAIL PROTECTED], PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
