How to store Multiple Certificates in PKCS12 File.

Mon, 28 Jan 2008 23:10:43 -0800 

Hi all,
Please apologize me if this is a dumb question.
I am currently involved in project which I need to create key store which
has functions like Java Key Store in C. My requirements is to store several
X509 certificates with owner's certificate and private key in a pkcs12 file.
And my programming interface must be capable of retrieving any of the
certificate store in that key store file.
I tried following command[1] to store my certificate, my private key,
another x509 certificate and CA certificate and command worked well.

[1] openssl pkcs12 -export -in ksb_cert.pem -inkey ksb_priv_key.pem -CAfile
ca_cert.pem -certfile sup_cert.pem -name "test" -out final_3.p12

But when I used following command[2] to view the content of that pkcs12
file, it only display the ksb_cert.pem, sup_cert.pem and provate key only.
It didn't display the CA file. I tried several other options like removing
-CAfile optiona and use -certfile option for storing ca cert. But every time
the info command only output two certifcate and private key only.

[2] openssl pkcs12 -info -in final_3.p12

Please can anyone help me in this issue. I want to store multiple
certificates(say 5 extra certificates) in pkcs12 file. And why the -info
command doesn't display CA cert file.

Also I tried to programatically read the pkcs12 file without using "int
PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
STACK_OF(X509) **ca)" and writing my own method using implementation details
of the PKCS12_parse function.
Here is my code copied from pkcs12_kiss.c just to try it:

if(!pass || !*pass) {
        if(PKCS12_verify_mac(store->pkcs12_in, NULL, 0)) pass = NULL;
        else if(PKCS12_verify_mac(store->pkcs12_in, "", 0)) pass = "";
        else {
            PKCS12err(PKCS12_F_PKCS12_PARSE, PKCS12_R_MAC_VERIFY_FAILURE);
            return -1;
        }

    }else if (!PKCS12_verify_mac(store->pkcs12_in, pass,-1)) {
        PKCS12err(PKCS12_F_PKCS12_PARSE, PKCS12_R_MAC_VERIFY_FAILURE);
        return -1;
    }

But this PKCS12_verify_mac(store->pkcs12_in, pass,-1) function calls return
0 always even though I give the correct password. I use my own structure to
store the PKCS12 structure.

Can anyone please help me to solve this issue.

Thanks in advance
Milinda Lakmal

-- 
http://wsaxc.blogspot.com "Web Services With Axis2/C"

Reply via email to