From eb8dd9dca1228af0cd132f515509051ecfabf6f6 Mon Sep 17 00:00:00 2001 From: cvs2svn Date: Mon, 14 Apr 2025 17:32:06 +0000 Subject: This commit was manufactured by cvs2git to create tag 'tb_20250414'. --- src/lib/libcrypto/man/PKCS12_create.3 | 188 ---------------------------------- 1 file changed, 188 deletions(-) delete mode 100644 src/lib/libcrypto/man/PKCS12_create.3 (limited to 'src/lib/libcrypto/man/PKCS12_create.3') diff --git a/src/lib/libcrypto/man/PKCS12_create.3 b/src/lib/libcrypto/man/PKCS12_create.3 deleted file mode 100644 index 904166da73..0000000000 --- a/src/lib/libcrypto/man/PKCS12_create.3 +++ /dev/null @@ -1,188 +0,0 @@ -.\" $OpenBSD: PKCS12_create.3,v 1.13 2024/08/22 12:26:01 tb Exp $ -.\" full merge up to: OpenSSL 05ea606a May 20 20:52:46 2016 -0400 -.\" selective merge up to: OpenSSL 61f805c1 Jan 16 01:01:46 2018 +0800 -.\" -.\" This file was written by Dr. Stephen Henson . -.\" Copyright (c) 2002, 2015 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: August 22 2024 $ -.Dt PKCS12_CREATE 3 -.Os -.Sh NAME -.Nm PKCS12_create -.Nd create a PKCS#12 structure -.Sh SYNOPSIS -.In openssl/pkcs12.h -.Ft PKCS12 * -.Fo PKCS12_create -.Fa "const char *pass" -.Fa "const char *name" -.Fa "EVP_PKEY *pkey" -.Fa "X509 *cert" -.Fa "STACK_OF(X509) *ca" -.Fa "int nid_key" -.Fa "int nid_cert" -.Fa "int iter" -.Fa "int mac_iter" -.Fa "int keytype" -.Fc -.Sh DESCRIPTION -.Fn PKCS12_create -creates a PKCS#12 structure. -.Pp -.Fa pass -is the passphrase to use. -.Fa name -is the -.Sy friendlyName -to use for the supplied certificate and key. -.Fa pkey -is the private key to include in the structure and -.Fa cert -its corresponding certificates. -.Fa ca -is an optional set of certificates to also include in the structure. -.Fa pkey , -.Fa cert , -or both can be -.Dv NULL -to indicate that no key or certificate is required. -.Pp -.Fa nid_key -and -.Fa nid_cert -are the encryption algorithms that should be used for the key and -certificate, respectively. -If either -.Fa nid_key -or -.Fa nid_cert -is set to -1, no encryption will be used. -.Pp -.Fa iter -is the encryption algorithm iteration count to use and -.Fa mac_iter -is the MAC iteration count to use. -If -.Fa mac_iter -is set to -1, the MAC will be omitted entirely. -.Pp -.Fa keytype -is the type of key. -.Pp -The parameters -.Fa nid_key , -.Fa nid_cert , -.Fa iter , -.Fa mac_iter , -and -.Fa keytype -can all be set to zero and sensible defaults will be used. -.Pp -These defaults are: 40-bit RC2 encryption for certificates, triple DES -encryption for private keys, a key iteration count of -PKCS12_DEFAULT_ITER (currently 2048) and a MAC iteration count of 1. -.Pp -The default MAC iteration count is 1 in order to retain compatibility -with old software which did not interpret MAC iteration counts. -If such compatibility is not required then -.Fa mac_iter -should be set to PKCS12_DEFAULT_ITER. -.Pp -.Fa keytype -adds a flag to the store private key. -This is a non-standard extension that is only currently interpreted by -MSIE. -If set to zero, the flag is omitted; if set to -.Dv KEY_SIG , -the key can be used for signing only; and if set to -.Dv KEY_EX , -it can be used for signing and encryption. -This option was useful for old export grade software which could use -signing only keys of arbitrary size but had restrictions on the -permissible sizes of keys which could be used for encryption. -.Pp -If a certificate contains an -.Sy alias -or -.Sy keyid -then this will be used for the corresponding -.Sy friendlyName -or -.Sy localKeyID -in the PKCS12 structure. -.Sh RETURN VALUES -.Fn PKCS12_create -returns a valid -.Vt PKCS12 -structure or -.Dv NULL -if an error occurred. -.Sh SEE ALSO -.Xr crypto 3 , -.Xr d2i_PKCS12 3 , -.Xr PKCS12_new 3 , -.Xr PKCS12_newpass 3 , -.Xr PKCS12_parse 3 , -.Xr PKCS12_SAFEBAG_new 3 , -.Xr X509_keyid_set1 3 -.Sh HISTORY -.Fn PKCS12_create -first appeared in OpenSSL 0.9.3 and has been available since -.Ox 2.6 . -.Pp -Before OpenSSL 0.9.8, neither -.Fa pkey -nor -.Fa cert -were allowed to be -.Dv NULL , -and a value of -1 was not allowed for -.Fa nid_key , -.Fa nid_cert , -and -.Fa mac_iter . -- cgit v1.2.3-55-g6feb