Extract client certificate and private key from .p12 file

Can anyone tell me how to use

PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12); int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca); 

any documentation link will also work.

+4
source share
2 answers

Without error checking:

 FILE *p12_file; PKCS12 *p12_cert = NULL; EVP_PKEY *pkey; X509 *x509_cert; STACK_OF(X509) *additional_certs = NULL; p12_file = fopen("foo.p12", "rb"); d2i_PKCS12_fp(p12_file, &p12_cert); fclose(p12_file); PKCS12_parse(p12_cert, "password", &pkey, &x509_cert, &additional_certs); 

The private key is now in pkey , certificate in x509_cert and any additional certificates in additional_certs .

+6
source

From the Apple website, here are descriptions:

 int PKCS12_parse(PKCS12 *p12, char *pass, EVP_PKEY **pkey, X509 **cert, STACK **ca); 

This function takes a PKCS12 structure and password (ASCII, null termination) and returns the private key, the corresponding certificate, and any CA certificates. If any of them is not required, it can be passed as NULL. The "ca" parameter must be either NULL, or a pointer to NULL, or a valid STACK composition. Typically, for reading in a PKCS # 12 file, you can:

 p12 = d2i_PKCS12_fp(fp, NULL); PKCS12_parse(p12, password, &pkey, &cert, NULL); /* CAs not wanted */ PKCS12_free(p12); 
+2
source

All Articles