问题
Can anybody tell me how to use
PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12);
int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca);
any documenatation reference will also work.
回答1:
Without error-checking:
FILE *p12_file;
PKCS12 *p12_cert = NULL;
EVP_PKEY *pkey;
X509 *x509_cert;
STACK_OF(X509) *additional_certs = NULL;
p12_file = fopen("foo.p12", "rb");
d2i_PKCS12_fp(p12_file, &p12_cert);
fclose(p12_file);
PKCS12_parse(p12_cert, "password", &pkey, &x509_cert, &additional_certs);
The private key is now in pkey, the certificate in x509_cert and any additional certificates in additional_certs.
回答2:
- Here is openssl's page for parse: PKCS12_parse.html
- Here is Apple's link to using openssl libs: see PKCS#12, Section 2: I/O
From Apple's site, here are the descriptions:
int PKCS12_parse(PKCS12 *p12, char *pass, EVP_PKEY **pkey, X509 **cert,
STACK **ca);
This function takes a PKCS12 structure and a password (ASCII, null terminated) and returns the private key, the corresponding certificate and any CA certificates. If any of these is not required it can be passed as a NULL. The 'ca' parameter should be either NULL, a pointer to NULL or a valid STACK structure. Typically to read in a PKCS#12 file you might do:
p12 = d2i_PKCS12_fp(fp, NULL);
PKCS12_parse(p12, password, &pkey, &cert, NULL); /* CAs not wanted */
PKCS12_free(p12);
来源:https://stackoverflow.com/questions/3549459/extracting-client-certificate-private-key-from-p12-file