Marco Donati wrote:
>
> I've solved my problem and I'd like to thank everybody who wrote me.
>
> I modified my low level sequence (the code I posted) to build a pkcs12
> bundle with one bag, keeping "shrouded" private key, so i used
> PKCS12_MAKE_SHKEYBAG/PKCS12_pack_p7data INSTEAD of
> PKCS12_MAKE_KEYBAG/PKCS12_pack_p7encdata.
>
> Maybe I didn't explain the problem clearly, sorry.
>
> It seems to work.
>
> Thanks to Qun-Ying, but I prefer not to modify the Open-SSL original code
> so that i will be able to upgrade in the future with minor changes.
>
I hope to extend the PKCS12_create() and PKCS12_parse() routines in
future so they can generate PKCS#12 files with multiple keys and
certificates and which don't necessarily have matching keys and
certificates. Netscape PSM is starting to use such things and it would
be nice if OpenSSL had a simple API that could handle them.
So in future this should be much easier.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
