Marco Donati wrote:
>
> I've solved my problem and I'd like to thank everybody who wrote me.
>
> I modified my low level sequence (the code I posted) to build a pkcs12
> bundle with one bag, keeping "shrouded" private key, so i used
> PKCS12_MAKE_SHKEYBAG/PKCS12_pack_p7data INSTEAD of
> PKCS12_M
I've solved my problem and I'd like to thank everybody who wrote me.
I modified my low level sequence (the code I posted) to build a pkcs12
bundle with one bag, keeping "shrouded" private key, so i used
PKCS12_MAKE_SHKEYBAG/PKCS12_pack_p7data INSTEAD of
PKCS12_MAKE_KEYBAG/PKCS12_pack_p7encdata.
Marco Donati wrote:
>
> >PKCS#12 files under OpenSSL are intended to have a key and a matching
> > certificate. AFAIK the same is true of Windows and Netscape
> > import/export routines.
>
> yes, but what if you stil have to request it to a CA...
>
> > What do you want a private key alone in PK
Marco Donati wrote:
>
>
> I generate the key, then use it to sign a certificate request (PKCS#10).
> The PKCS#10 is sent to a CA.
> When the certificate is issued by the CA it is downloaded (via LDAP) and
> stored into the original P12 with its key
>
> I need it in PKCS12 for compatibility w
>PKCS#12 files under OpenSSL are intended to have a key and a matching
> certificate. AFAIK the same is true of Windows and Netscape
> import/export routines.
yes, but what if you stil have to request it to a CA...
> What do you want a private key alone in PKCS#12 format for?
I generate the key
