RSA Security logo

RSA BSAFE Cert-C
API Reference

pkcs12.h

Go to the documentation of this file.
00001 /*
00002 * Copyright (c) RSA Security Inc., 1999-2003.  All rights reserved.
00003 * This work contains proprietary, confidential, and trade secret
00004 * information of RSA Security Inc.  Use, disclosure or reproduction
00005 * without the express written authorization of RSA Security Inc. is
00006 * prohibited.
00007 */
00008 
00009 
00010 #ifndef HEADER_BSAFE_CERTC_PKCS12
00011 #define HEADER_BSAFE_CERTC_PKCS12 1
00012 
00019 #include "certapi.h"
00020 #include "service.h"
00021 #include "certio.h"
00022 
00023 #ifdef __cplusplus
00024 extern "C" {
00025 #endif
00026 
00027 /*
00028 A PKCS12 bag in PKCS12_CONTENTS has one of the following types.
00029 */
00030 #define PKCS12_KEY_BAG_TYPE     1
00031 #define PKCS12_CERT_BAG_TYPE    2
00032 #define PKCS12_CRL_BAG_TYPE     3
00033 #define PKCS12_SECRET_BAG_TYPE  4
00034 
00035 #define PKCS12_ENCRYPTION_ALGORITHM_COUNT  6
00036 #define PKCS12_DIGEST_ALGORITHM_COUNT      1
00037 #define PKCS12_EXPORT_FORMAT_OPTION_COUNT  2
00038 #define PKCS12_DEFAULT_ITERATIONS          1
00039 
00040 #define RC4_128BIT            1
00041 #define RC4_40BIT             2
00042 #define TRIPLE_DES_CBC_3KEY   3
00043 #define TRIPLE_DES_CBC_2KEY   4
00044 #define RC2_CBC_128BIT        5
00045 #define RC2_CBC_40BIT         6
00046 
00047 extern const int PKCS12_POSSIBLE_ENCRYPTION_ALGORITHMS
00048   [PKCS12_ENCRYPTION_ALGORITHM_COUNT];
00049 extern const int PKCS12_POSSIBLE_DIGEST_ALGORITHMS
00050   [PKCS12_DIGEST_ALGORITHM_COUNT];
00051 extern const int PKCS12_POSSIBLE_EXPORT_FORMAT_OPTIONS
00052   [PKCS12_EXPORT_FORMAT_OPTION_COUNT];
00053 
00077 typedef struct KEY_CONTENT {
00078   B_KEY_OBJ key;
00079   CERT_OBJ  cert;
00080 } KEY_CONTENT;
00081 
00086 typedef CERT_OBJ CERT_CONTENT;
00087 
00092 typedef CRL_OBJ CRL_CONTENT;
00093 
00105 typedef struct SECRET_CONTENT {
00106   ITEM type;
00107   ITEM value;
00108 } SECRET_CONTENT;
00109 
00175 typedef struct PKCS12_BAG {
00176   int type;
00177   union  {
00178     KEY_CONTENT    keyContent;
00179     CERT_CONTENT   certContent;
00180     CRL_CONTENT    crlContent;
00181     SECRET_CONTENT secretContent;
00182   } content;
00183   ITEM friendlyName;
00184 } PKCS12_BAG;
00185 
00194 extern LIST_OBJ_ENTRY_HANDLER PKCS12BagEntryHandler;
00195 
00196 /*
00197   Various flag values that control importing/exporting a PKCS12 file/
00198 */
00199 
00205 #define PKCS12_NO_MAC_VERIFICATION      0x00000001
00206 
00212 #define PKCS12_MS_EXPLORER              0x00000002
00213 
00221 #define PKCS12_NS_NAVIGATOR             0x00000004
00222 
00229 #define PKCS12_USE_TWO_PASSWORDS        0x00000008
00230 
00231 /* When this flag is set, DSA private keys will be encoded in the PKCS #12
00232    message using the format corresponding to KI_DSAPrivateX957BER, as opposed
00233    to KI_DSAPrivateBER. */
00234 #define PKCS12_DSA_PRIVATE_X957         0x00000010
00235 
00275 int C_ImportPKCS12 (
00276   CERTC_CTX  ctx,             /* Cert-C context */
00277   char      *pkcs12fileName,  /* pkcs12 file name */
00278   ITEM      *macPassword,     /* pkcs12 MAC and possibly encryption password */
00279   SERVICE    db,              /* database service */
00280   int        flags,           /* option flags */
00281   ...);
00282 
00307 int C_ReadFromPKCS12 (
00308   CERTC_CTX  ctx,               /* Cert-C context */
00309   STREAM     pkcs12Stream,      /* pkcs12 stream */
00310   ITEM      *macPassword,       /* pkcs12 password */
00311   int        flags,             /* option flags */
00312   LIST_OBJ   pkcs12Contents,    /* (out)contents of pkcs12 */
00313   ...);
00314 
00359 int C_ExportPKCS12 (
00360   CERTC_CTX      ctx,             /* Cert-C context */
00361   NAME_OBJ       subjectName,     /* identifies cert(s) */
00362   CERT_PATH_CTX *pathCtx,         /* to build cert chains */
00363   int            encType,         /* e.g. RC2_CBC_128BIT */
00364   int            digestType,      /* e.g. DAI_SHA1 */
00365   int            iterations,      /* MAC iterations */
00366   int            option,          /* option flags */
00367   char          *pkcs12fileName,  /* pkcs12 file name */
00368   ITEM          *macPassword,     /* pkcs12 password */
00369   ...);
00370 
00408 int C_WriteToPKCS12 (
00409   CERTC_CTX  ctx,             /* Cert-C context */
00410   LIST_OBJ   pkcs12Contents,  /* contents of pkcs12 file */
00411   int        encType,         /* e.g. RC2_CBC_128BIT */
00412   int        digestType,      /* e.g. DAI_SHA1 */
00413   int        iterations,      /* MAC iterations */
00414   int        option,          /* option flags */
00415   ITEM      *macPassword,     /* pkcs12 password */
00416   STREAM     pkcs12Stream,    /* (out) pkcs12 stream */
00417   ...);
00418 
00419 #ifdef __cplusplus
00420 }
00421 #endif
00422 
00423 #endif /* HEADER_BSAFE_CERTC_PKCS12 */


RSA BSAFE® Cert-C 2.7 API Reference