Hi,
I am working on a PKCS#11 module for Netscape (Communicator 4.x).
To export a certificate in a PKCS#12 file, Netscape call the C_wrapKey
fonction of my PKCS#11 module and ask for the RSA private key, wrapped
with the mechanism CKM_DES3_CBC_PAD .
I use openssl to create a PKCS#8 from the RSA private key ( using
EVP_PKEY_set1_RSA ).
Then I encrypt the private key, but I am not sure how I should wrap the
key. I use the function PKCS8_encrypt with the pbe algorithm
NID_pbe_WithSHA1And3_Key_TripleDES_CBC .
Netscape is able to create a PKCS#12 file, but it is not a valid
PKCS#12 file. Probably I don't use the right way to wrap the key for
Netscape.
Does anyone know what is the problem ?
Thanks,
Etienne Loupias
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
