On Tue, Dec 05, 2006, Reimer Karlsen-Masur, DFN-CERT wrote: > Hi, > > is there a way to set bag attributes in PKCS#12 files using the openssl > pkcs12 or any other openssl command? I searched the mailinglist archives > and the openssl documentation but to no avail. It seems there once was a > patch for openssl to get OID 1.3.6.1.4.1.311.17.2 into the bag attributes > but that was not complete since it's value could not be set to be empty - or > so I understood. Did this patch make it into the current stable openssl > release? > > I'd like to set bag attributes like > > 1.3.6.1.4.1.311.17.2: <No Values> > localKeyID: 01 00 00 00 > Microsoft CSP Name: Microsoft RSA SChannel Cryptographic Provider > friendlyName: 5866... > Key Attributes > X509v3 Key Usage: 10 > > for the private key and bag attributes like > > localKeyID: 01 00 00 00 > friendlyName: Test-Server > > for the certificate. > > I am aware of the -name and -caname options of the pkcs12 command setting > these friendly names. > > I understand that a PKCS#12 file needs the bag attribute with OID > 1.3.6.1.4.1.311.17.2 to trigger a direct import of the key and certificate > into the LOCAL_MACHINE sub-tree of Microsofts Certificate Manager MMC snap-in. > > Any hints are appreciated. >
There is no command line option to do that at present. You can probably hack up PKCS12_create() to do that. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
