Re: Get a private key from a pkcs12 file

Tue, 07 Nov 2000 04:52:24 -0800 

Peter Sylvester wrote:
> 
> maybe you can get some inspiration from the following code.
> The code is not memory leak free.
> 
> typedef struct TIAX_st {
>         PKCS12 * p12 ;
>         EVP_PKEY * pkey ;
> ...
> 
> } TIAX ;
> 
> int TIAX_login(TIAX * a,char * pass, int passlen)
> {
>         STACK *asafes, *bags;
>         int bagnid;
>         PKCS7 *p7;
>         PKCS12_SAFEBAG * bag;
>         PKCS8_PRIV_KEY_INFO *p8;
>        int ret ;
>  /* verify MAC of PKC12 structure */
>        if (!(ret = PKCS12_verify_mac (a->p12, pass, -1))) return 1 ;
> 
> /* there should be two authenticated safes */
> 
>        if (!( asafes = M_PKCS12_unpack_authsafes (a->p12))) return 1;
>        if (sk_num (asafes) != 2) return 1;
> 
> /* first is an encrypted one for two certificates */
>        p7 = (PKCS7 *) sk_value (asafes, 0);
>        bagnid = OBJ_obj2nid (p7->type);
>        if (bagnid != NID_pkcs7_encrypted) return 1;
>           if (!(bags = M_PKCS12_unpack_p7encdata (p7, pass, passlen))) return 1;
>        if (sk_num (bags) != 2) return 1;
> 
> ...
> 
> /* second safe contains a private key as data.  */
> 
>        p7 = (PKCS7 *) sk_value (asafes, 1);
>        bagnid = OBJ_obj2nid (p7->type);
>         if (bagnid != NID_pkcs7_data) return 1;
>         if (!(bags = M_PKCS12_unpack_p7data (p7))) return 1;
> 
> /* There is one bag in pkcs8ShroudedKeyBag format */
>         if (sk_num (bags) != 1) return 1;
>        bag = (PKCS12_SAFEBAG *)sk_value (bags, 0);
>         if (M_PKCS12_bag_type(bag) != NID_pkcs8ShroudedKeyBag) return 1;
>                 if (!(p8 = M_PKCS12_decrypt_skey (bag, pass, passlen)))
>                                 return 1;
>                 if (!(a->pkey = EVP_PKCS82PKEY (p8))) return 1;
> ...
> 
>         return 0 ;
> 
> 
> }

Use of those macros is now strongly discouraged. You can replace the lot
with a single call to PKCS12_parse() which generally "does the right
thing".

Steve.
-- 
Dr Stephen N. Henson.   http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED] 
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the   OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to