Marco Donati wrote:
>
> >PKCS#12 files under OpenSSL are intended to have a key and a matching
> > certificate. AFAIK the same is true of Windows and Netscape
> > import/export routines.
>
> yes, but what if you stil have to request it to a CA...
>
> > What do you want a private key alone in PKCS#12 format for?
>
> I generate the key, then use it to sign a certificate request (PKCS#10).
> The PKCS#10 is sent to a CA.
> When the certificate is issued by the CA it is downloaded (via LDAP) and
> stored into the original P12 with its key
>
Well the PKCS#12 file would need to be rebuilt, you can't just add
things. As such it wouldn't matter what form the private key was in as
long as it was added to a PKCS#12 file when the CA returned the
certificate.
> > If you want to save an encrypted private key separately I suggest you
> > try something like PKCS#8.
>
> I need it in PKCS12 for compatibility with onother application.
>
So your other application specifically needs a PKCS#12 file with a
private key and no certificate?
Hmmm. I think the only way to do this is via the low level routines, say
modifying the PKCS12_create() function as has been suggested. You may
not be able to use PKCS12_parse() on the resulting file but the 'pkcs12'
application should work.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]