PKCS12_parse manual page.

ec8ad2bb · Dr. Stephen Henson · 5fbb02fc · ec8ad2bb · ec8ad2bb
隐藏空白更改
内联并排

Showing with 55 addition and 0 deletion

doc/crypto/PKCS12_parse.pod doc/crypto/PKCS12_parse.pod +50 -0

doc/crypto/PKCS7_encrypt.pod doc/crypto/PKCS7_encrypt.pod +5 -0

未找到文件。
--- a/doc/crypto/PKCS12_parse.pod
+++ b/doc/crypto/PKCS12_parse.pod
+=pod
+
+=head1 NAME
+
+PKCS12_parse - parse a PKCS#12 structure
+
+=head1 SYNOPSIS
+
+ #include <openssl/pkcs12.h>
+
+int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca);
+
+=head1 DESCRIPTION
+
+PKCS12_parse() parses a PKCS12 structure.
+
+B<p12> is the B<PKCS12> structure to parse. B<pass> is the passphrase to use.
+If successful the private key will be written to B<*pkey>, the corresponding
+certificate to B<*cert> and any additional certificates to B<*ca>.
+
+=head1 NOTES
+
+The parameters B<pkey> and B<cert> cannot be B<NULL>. B<ca> can be <NULL>
+in which case additional certificates will be discarded. B<*ca> can also
+be a valid STACK in which case additional certificates are appended to
+B<*ca>. If B<*ca> is B<NULL> a new STACK will be allocated.
+
+The B<friendlyName> and B<localKeyID> attributes (if present) on each certificate
+will be stored in the B<alias> and B<keyid> attributes of the B<X509> structure.
+
+=head1 BUGS
+
+Only a single private key and corresponding certificate is returned by this function.
+More complex PKCS#12 files with multiple private keys will only return the first
+match.
+
+Only B<friendlyName> and B<localKeyID> attributes are currently stored in certificates.
+Other attributes are discarded.
+
+Attributes currently cannot be store in the private key B<EVP_PKEY> structure.
+
+=head1 SEE ALSO
+
+L<d2i_PKCS12(3)|d2i_PKCS12(3)>
+
+=head1 HISTORY
+
+PKCS12_parse was added in OpenSSL 0.9.3
+
+=cut
--- a/doc/crypto/PKCS7_encrypt.pod
+++ b/doc/crypto/PKCS7_encrypt.pod
@@ -29,6 +29,11 @@ RC2. These can be used by passing EVP_rc2_40_cbc() and EVP_rc2_64_cbc() respecti
 The algorithm passed in the B<cipher> parameter must support ASN1 encoding of its
 parameters. 

+Many browsers implement a "sign and encrypt" option which is simply an S/MIME 
+envelopedData containing an S/MIME signed message. This can be readily produced
+by storing the S/MIME signed message in a memory BIO and passing it to
+PKCS7_encrypt().
+
 The following flags can be passed in the B<flags> parameter.

 If the B<PKCS7_TEXT> flag is set MIME headers for type B<text/plain> are prepended