------=_Part_10945_11505271.1201590610616
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Hi all,
Please apologize me if this is a dumb question.
I am currently involved in project which I need to create key store which
has functions like Java Key Store in C. My requirements is to store several
X509 certificates with owner's certificate and private key in a pkcs12 file.
And my programming interface must be capable of retrieving any of the
certificate store in that key store file.
I tried following command[1] to store my certificate, my private key,
another x509 certificate and CA certificate and command worked well.

[1] openssl pkcs12 -export -in ksb_cert.pem -inkey ksb_priv_key.pem -CAfile
ca_cert.pem -certfile sup_cert.pem -name "test" -out final_3.p12

But when I used following command[2] to view the content of that pkcs12
file, it only display the ksb_cert.pem, sup_cert.pem and provate key only.
It didn't display the CA file. I tried several other options like removing
-CAfile optiona and use -certfile option for storing ca cert. But every time
the info command only output two certifcate and private key only.

[2] openssl pkcs12 -info -in final_3.p12

Please can anyone help me in this issue. I want to store multiple
certificates(say 5 extra certificates) in pkcs12 file. And why the -info
command doesn't display CA cert file.

Also I tried to programatically read the pkcs12 file without using "int
PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
STACK_OF(X509) **ca)" and writing my own method using implementation details
of the PKCS12_parse function.
Here is my code copied from pkcs12_kiss.c just to try it:

if(!pass || !*pass) {
if(PKCS12_verify_mac(store->pkcs12_in, NULL, 0)) pass = NULL;
else if(PKCS12_verify_mac(store->pkcs12_in, "", 0)) pass = "";
else {
PKCS12err(PKCS12_F_PKCS12_PARSE, PKCS12_R_MAC_VERIFY_FAILURE);
return -1;
}

}else if (!PKCS12_verify_mac(store->pkcs12_in, pass,-1)) {
PKCS12err(PKCS12_F_PKCS12_PARSE, PKCS12_R_MAC_VERIFY_FAILURE);
return -1;
}

But this PKCS12_verify_mac(store->pkcs12_in, pass,-1) function calls return
0 always even though I give the correct password. I use my own structure to
store the PKCS12 structure.

Can anyone please help me to solve this issue.

Thanks in advance
Milinda Lakmal

--
http://wsaxc.blogspot.com "Web Services With Axis2/C"

------=_Part_10945_11505271.1201590610616
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Hi all,
Please apologize me if this is a dumb question.
I am currently involved in project which I need to create key store which has functions like Java Key Store in C. My requirements is to store several X509 certificates with owner's certificate and private key in a pkcs12 file. And my programming interface must be capable of retrieving any of the certificate store in that key store file.

I tried following command[1] to store my certificate, my private key, another x509 certificate and CA certificate and command worked well.

[1] openssl pkcs12 -export -in ksb_cert.pem -inkey ksb_priv_key.pem -CAfile ca_cert.pem -certfile sup_cert.pem -name "test" -out final_3.p12


But when I used following command[2] to view the content of that pkcs12 file, it only display the ksb_cert.pem, sup_cert.pem and provate key only. It didn't display the CA file. I tried several other options like removing -CAfile optiona and use -certfile option for storing ca cert. But every time the info command only output two certifcate and private key only.


[2] openssl pkcs12 -info -in final_3.p12

Please can anyone help me in this issue. I want to store multiple certificates(say 5 extra certificates) in pkcs12 file. And why the -info command doesn't display CA cert file.


Also I tried to programatically read the pkcs12 file without using "int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca)" and writing my own method using implementation details of the PKCS12_parse function.

Here is my code copied from pkcs12_kiss.c just to try it:

if(!pass || !*pass) {
        if(PKCS12_verify_mac(store->pkcs12_in, NULL, 0)) pass = NULL;
        else if(PKCS12_verify_mac(store->pkcs12_in, "", 0)) pass = "";

        else {
            PKCS12err(PKCS12_F_PKCS12_PARSE, PKCS12_R_MAC_VERIFY_FAILURE);
            return -1;
        }

    }else if (!PKCS12_verify_mac(store->pkcs12_in, pass,-1)) {
        PKCS12err(PKCS12_F_PKCS12_PARSE, PKCS12_R_MAC_VERIFY_FAILURE);

        return -1;
    }

But this PKCS12_verify_mac(store->pkcs12_in, pass,-1) function calls return 0 always even though I give the correct password. I use my own structure to store the PKCS12 structure.


Can anyone please help me to solve this issue.

Thanks in advance
Milinda Lakmal

--
http://wsaxc.blogspot.com "Web Services With Axis2/C"

------=_Part_10945_11505271.1201590610616--
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org